From 6fc832919eb89f86ac381dfb02196b8cbb3de58c Mon Sep 17 00:00:00 2001 From: Gregory Szorc Date: Sat, 3 Jun 2023 21:05:01 -0700 Subject: [PATCH] apple-codesign: finish migrating off clap builder API And we're done. Finally. It looks like clap automatically trims periods when pulling strings from comments. So I just deleted the periods as part of the refactor. --- apple-codesign/CHANGELOG.md | 4 ++ apple-codesign/src/cli.rs | 38 ++++++++----------- .../tests/cmd/analyze-certificate.trycmd | 2 +- .../tests/cmd/compute-code-hashes.trycmd | 2 +- .../tests/cmd/diff-signatures.trycmd | 2 +- .../encode-app-store-connect-api-key.trycmd | 2 +- apple-codesign/tests/cmd/extract.trycmd | 2 +- apple-codesign/tests/cmd/generate-csr.trycmd | 2 +- .../cmd/generate-self-signed-cert.trycmd | 2 +- apple-codesign/tests/cmd/help.trycmd | 12 +++--- .../keychain-export-certificate-chain.trycmd | 2 +- .../cmd/keychain-print-certificates.trycmd | 2 +- apple-codesign/tests/cmd/notary-log.trycmd | 2 +- apple-codesign/tests/cmd/notary-submit.trycmd | 2 +- apple-codesign/tests/cmd/notary-wait.trycmd | 2 +- .../cmd/parse-code-signing-requirement.trycmd | 2 +- .../tests/cmd/print-signature-info.trycmd | 2 +- apple-codesign/tests/cmd/remote-sign.trycmd | 2 +- apple-codesign/tests/cmd/sign.trycmd | 2 +- .../tests/cmd/smartcard-generate-key.trycmd | 2 +- .../tests/cmd/smartcard-import.trycmd | 2 +- .../tests/cmd/smartcard-scan.trycmd | 2 +- apple-codesign/tests/cmd/staple.trycmd | 2 +- apple-codesign/tests/cmd/verify.trycmd | 2 +- 24 files changed, 46 insertions(+), 50 deletions(-) diff --git a/apple-codesign/CHANGELOG.md b/apple-codesign/CHANGELOG.md index dcabd70b9..bb03d004d 100644 --- a/apple-codesign/CHANGELOG.md +++ b/apple-codesign/CHANGELOG.md @@ -9,6 +9,10 @@ Released on ReleaseDate. * Notarization features are now optional and can be controlled via the enabled-by-default `notarize` crate feature. (#78) * Minimum supported Rust version changed from 1.62.1 to 1.65.0. +* CLI argument parsing has been rewritten to use clap's derive mode + instead of the builder mode. The intent was to mostly preserve existing + CLI behavior. However, some minor changes - possibly bugs - may have + occurred as a result of this refactor. * cryptographic-message-syntax 0.19 -> 0.23. * once_cell 1.16 -> 1.17. * p256 0.11 -> 0.13. diff --git a/apple-codesign/src/cli.rs b/apple-codesign/src/cli.rs index dbcc48a97..0f5e54347 100644 --- a/apple-codesign/src/cli.rs +++ b/apple-codesign/src/cli.rs @@ -25,7 +25,7 @@ use { signing_settings::{SettingsScope, SigningSettings}, }, base64::{engine::general_purpose::STANDARD as STANDARD_ENGINE, Engine}, - clap::{Arg, ArgAction, Args, Command, FromArgMatches, Parser, Subcommand}, + clap::{ArgAction, Args, Parser}, cryptographic_message_syntax::SignedData, difference::{Changeset, Difference}, log::{error, warn, LevelFilter}, @@ -2689,27 +2689,23 @@ enum Subcommands { X509Oids, } -pub fn main_impl() -> Result<(), AppleCodesignError> { - let app = Command::new("Cross platform Apple code signing in pure Rust") - .version(env!("CARGO_PKG_VERSION")) - .author("Gregory Szorc ") - .about("Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs.") - .arg_required_else_help(true) - .arg( - Arg::new("verbose") - .long("verbose") - .short('v') - .global(true) - .action(ArgAction::Count) - .help("Increase logging verbosity. Can be specified multiple times."), - ); +/// Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs +#[derive(Parser)] +#[command(author, version, arg_required_else_help = true)] +struct Cli { + /// Increase logging verbosity. Can be specified multiple times + #[arg(short = 'v', long, global = true, action = ArgAction::Count)] + verbose: u8, - let app = Subcommands::augment_subcommands(app); + #[command(subcommand)] + command: Subcommands, +} - let matches = app.get_matches(); +pub fn main_impl() -> Result<(), AppleCodesignError> { + let cli = Cli::parse(); // TODO make default log level warn once we audit logging sites. - let log_level = match matches.get_count("verbose") { + let log_level = match cli.verbose { 0 => LevelFilter::Info, 1 => LevelFilter::Debug, _ => LevelFilter::Trace, @@ -2734,11 +2730,7 @@ pub fn main_impl() -> Result<(), AppleCodesignError> { builder.init(); - let subcommands = Subcommands::from_arg_matches(&matches).map_err(|e| { - AppleCodesignError::CliGeneralError(format!("error parsing arguments: {}", e)) - })?; - - match &subcommands { + match &cli.command { Subcommands::AnalyzeCertificate(args) => command_analyze_certificate(args), Subcommands::ComputeCodeHashes(args) => command_compute_code_hashes(args), Subcommands::DiffSignatures(args) => command_diff_signatures(args), diff --git a/apple-codesign/tests/cmd/analyze-certificate.trycmd b/apple-codesign/tests/cmd/analyze-certificate.trycmd index 8379e36e5..611628589 100644 --- a/apple-codesign/tests/cmd/analyze-certificate.trycmd +++ b/apple-codesign/tests/cmd/analyze-certificate.trycmd @@ -13,7 +13,7 @@ Options: Smartcard slot number of signing certificate to use (9c is common) -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --smartcard-pin-env Environment variable holding the smartcard PIN diff --git a/apple-codesign/tests/cmd/compute-code-hashes.trycmd b/apple-codesign/tests/cmd/compute-code-hashes.trycmd index 24a94f88a..f441eeb78 100644 --- a/apple-codesign/tests/cmd/compute-code-hashes.trycmd +++ b/apple-codesign/tests/cmd/compute-code-hashes.trycmd @@ -11,7 +11,7 @@ Options: --hash Hashing algorithm to use [default: sha256] [possible values: none, sha1, sha256, sha256-truncated, sha384, sha512] -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --page-size Chunk size to digest over [default: 4096] --universal-index diff --git a/apple-codesign/tests/cmd/diff-signatures.trycmd b/apple-codesign/tests/cmd/diff-signatures.trycmd index 0bc2a22c5..ccd918f9c 100644 --- a/apple-codesign/tests/cmd/diff-signatures.trycmd +++ b/apple-codesign/tests/cmd/diff-signatures.trycmd @@ -9,7 +9,7 @@ Arguments: The second path to compare Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help ``` diff --git a/apple-codesign/tests/cmd/encode-app-store-connect-api-key.trycmd b/apple-codesign/tests/cmd/encode-app-store-connect-api-key.trycmd index cfe6a03bc..ff8bd4746 100644 --- a/apple-codesign/tests/cmd/encode-app-store-connect-api-key.trycmd +++ b/apple-codesign/tests/cmd/encode-app-store-connect-api-key.trycmd @@ -49,7 +49,7 @@ Options: Path to a JSON file to create the output to -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times -h, --help Print help (see a summary with '-h') diff --git a/apple-codesign/tests/cmd/extract.trycmd b/apple-codesign/tests/cmd/extract.trycmd index e101eea18..9526aa70c 100644 --- a/apple-codesign/tests/cmd/extract.trycmd +++ b/apple-codesign/tests/cmd/extract.trycmd @@ -73,7 +73,7 @@ Options: [possible values: blobs, cms-info, cms-pem, cms-raw, cms, code-directory-raw, code-directory-serialized-raw, code-directory-serialized, code-directory, linkedit-info, linkedit-segment-raw, macho-load-commands, macho-segments, macho-target, requirements-raw, requirements-rust, requirements-serialized-raw, requirements-serialized, requirements, signature-raw, superblob] -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --universal-index Index of Mach-O binary to operate on within a universal/fat binary diff --git a/apple-codesign/tests/cmd/generate-csr.trycmd b/apple-codesign/tests/cmd/generate-csr.trycmd index f96d8bb71..c503f1f10 100644 --- a/apple-codesign/tests/cmd/generate-csr.trycmd +++ b/apple-codesign/tests/cmd/generate-csr.trycmd @@ -8,7 +8,7 @@ Options: --csr-pem-path Path to file to write PEM encoded CSR to -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --smartcard-slot Smartcard slot number of signing certificate to use (9c is common) --smartcard-pin-env diff --git a/apple-codesign/tests/cmd/generate-self-signed-cert.trycmd b/apple-codesign/tests/cmd/generate-self-signed-cert.trycmd index 378e44fcf..c4cad3fc9 100644 --- a/apple-codesign/tests/cmd/generate-self-signed-cert.trycmd +++ b/apple-codesign/tests/cmd/generate-self-signed-cert.trycmd @@ -33,7 +33,7 @@ Options: [possible values: ecdsa, ed25519] -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --profile [default: apple-development] diff --git a/apple-codesign/tests/cmd/help.trycmd b/apple-codesign/tests/cmd/help.trycmd index b96d31a3f..43772ed5a 100644 --- a/apple-codesign/tests/cmd/help.trycmd +++ b/apple-codesign/tests/cmd/help.trycmd @@ -1,9 +1,9 @@ ``` $ rcodesign ? 2 -Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs. +Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs -Usage: rcodesign[EXE] [OPTIONS] [COMMAND] +Usage: rcodesign[EXE] [OPTIONS] Commands: analyze-certificate Analyze an X.509 certificate for Apple code signing properties @@ -31,7 +31,7 @@ Commands: help Print this message or the help of the given subcommand(s) Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help -V, --version Print version @@ -39,9 +39,9 @@ Options: ``` $ rcodesign help -Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs. +Sign and notarize Apple programs. See https://gregoryszorc.com/docs/apple-codesign/main/ for more docs -Usage: rcodesign[EXE] [OPTIONS] [COMMAND] +Usage: rcodesign[EXE] [OPTIONS] Commands: analyze-certificate Analyze an X.509 certificate for Apple code signing properties @@ -69,7 +69,7 @@ Commands: help Print this message or the help of the given subcommand(s) Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help -V, --version Print version diff --git a/apple-codesign/tests/cmd/keychain-export-certificate-chain.trycmd b/apple-codesign/tests/cmd/keychain-export-certificate-chain.trycmd index e06f66a25..2550c5387 100644 --- a/apple-codesign/tests/cmd/keychain-export-certificate-chain.trycmd +++ b/apple-codesign/tests/cmd/keychain-export-certificate-chain.trycmd @@ -6,7 +6,7 @@ Usage: rcodesign[EXE] keychain-export-certificate-chain [OPTIONS] --user-id Keychain domain to operate on [default: user] [possible values: user, system, common, dynamic] - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times --password Password to unlock the Keychain --password-file File containing password to use to unlock the Keychain --no-print-self Print only the issuing certificate chain, not the subject certificate diff --git a/apple-codesign/tests/cmd/keychain-print-certificates.trycmd b/apple-codesign/tests/cmd/keychain-print-certificates.trycmd index 236cc27ae..f5f00fc59 100644 --- a/apple-codesign/tests/cmd/keychain-print-certificates.trycmd +++ b/apple-codesign/tests/cmd/keychain-print-certificates.trycmd @@ -6,7 +6,7 @@ Usage: rcodesign[EXE] keychain-print-certificates [OPTIONS] Options: --domain Keychain domain to operate on [default: user] [possible values: user, system, common, dynamic] - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help ``` diff --git a/apple-codesign/tests/cmd/notary-log.trycmd b/apple-codesign/tests/cmd/notary-log.trycmd index 8d041d125..e98d42b37 100644 --- a/apple-codesign/tests/cmd/notary-log.trycmd +++ b/apple-codesign/tests/cmd/notary-log.trycmd @@ -9,7 +9,7 @@ Arguments: Options: --api-key-path Path to a JSON file containing the API Key - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times --api-issuer App Store Connect Issuer ID (likely a UUID) --api-key App Store Connect API Key ID -h, --help Print help diff --git a/apple-codesign/tests/cmd/notary-submit.trycmd b/apple-codesign/tests/cmd/notary-submit.trycmd index f6137dd15..091da48bf 100644 --- a/apple-codesign/tests/cmd/notary-submit.trycmd +++ b/apple-codesign/tests/cmd/notary-submit.trycmd @@ -56,7 +56,7 @@ Arguments: Options: -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --wait Whether to wait for upload processing to complete diff --git a/apple-codesign/tests/cmd/notary-wait.trycmd b/apple-codesign/tests/cmd/notary-wait.trycmd index 195067055..813530225 100644 --- a/apple-codesign/tests/cmd/notary-wait.trycmd +++ b/apple-codesign/tests/cmd/notary-wait.trycmd @@ -11,7 +11,7 @@ Options: --max-wait-seconds Maximum time in seconds to wait for the upload result [default: 600] -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --api-key-path Path to a JSON file containing the API Key --api-issuer diff --git a/apple-codesign/tests/cmd/parse-code-signing-requirement.trycmd b/apple-codesign/tests/cmd/parse-code-signing-requirement.trycmd index c0fc5f0bf..846a431f4 100644 --- a/apple-codesign/tests/cmd/parse-code-signing-requirement.trycmd +++ b/apple-codesign/tests/cmd/parse-code-signing-requirement.trycmd @@ -33,7 +33,7 @@ Options: [possible values: csrl, expression-tree] -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times -h, --help Print help (see a summary with '-h') diff --git a/apple-codesign/tests/cmd/print-signature-info.trycmd b/apple-codesign/tests/cmd/print-signature-info.trycmd index 8cf8f2a60..f6b50a469 100644 --- a/apple-codesign/tests/cmd/print-signature-info.trycmd +++ b/apple-codesign/tests/cmd/print-signature-info.trycmd @@ -8,7 +8,7 @@ Arguments: Filesystem path to entity whose info to print Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help ``` diff --git a/apple-codesign/tests/cmd/remote-sign.trycmd b/apple-codesign/tests/cmd/remote-sign.trycmd index 867db255a..60441bb0d 100644 --- a/apple-codesign/tests/cmd/remote-sign.trycmd +++ b/apple-codesign/tests/cmd/remote-sign.trycmd @@ -11,7 +11,7 @@ Options: --editor Open an editor to input the session join string -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --sjs-path Path to file containing session join string --smartcard-slot diff --git a/apple-codesign/tests/cmd/sign.trycmd b/apple-codesign/tests/cmd/sign.trycmd index 9901552c3..421847b83 100644 --- a/apple-codesign/tests/cmd/sign.trycmd +++ b/apple-codesign/tests/cmd/sign.trycmd @@ -221,7 +221,7 @@ Options: Identifier string for binary. The value normally used by CFBundleIdentifier -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --code-requirements-path Path to a file containing binary code requirements data to be used as designated requirements diff --git a/apple-codesign/tests/cmd/smartcard-generate-key.trycmd b/apple-codesign/tests/cmd/smartcard-generate-key.trycmd index fae00df54..100ecd2de 100644 --- a/apple-codesign/tests/cmd/smartcard-generate-key.trycmd +++ b/apple-codesign/tests/cmd/smartcard-generate-key.trycmd @@ -8,7 +8,7 @@ Options: --smartcard-slot Smartcard slot number to store key in (9c is common) -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --touch-policy Smartcard touch policy to protect key access [default: default] [possible values: default, always, never, cached] --pin-policy diff --git a/apple-codesign/tests/cmd/smartcard-import.trycmd b/apple-codesign/tests/cmd/smartcard-import.trycmd index 38fdeee0b..b4849c036 100644 --- a/apple-codesign/tests/cmd/smartcard-import.trycmd +++ b/apple-codesign/tests/cmd/smartcard-import.trycmd @@ -8,7 +8,7 @@ Options: --existing-key Re-use the existing private key in the smartcard slot -v, --verbose... - Increase logging verbosity. Can be specified multiple times. + Increase logging verbosity. Can be specified multiple times --dry-run Don't actually perform the import --smartcard-slot diff --git a/apple-codesign/tests/cmd/smartcard-scan.trycmd b/apple-codesign/tests/cmd/smartcard-scan.trycmd index b7e54a471..5e139d729 100644 --- a/apple-codesign/tests/cmd/smartcard-scan.trycmd +++ b/apple-codesign/tests/cmd/smartcard-scan.trycmd @@ -5,7 +5,7 @@ Show information about available smartcard (SC) devices Usage: rcodesign[EXE] smartcard-scan [OPTIONS] Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help ``` diff --git a/apple-codesign/tests/cmd/staple.trycmd b/apple-codesign/tests/cmd/staple.trycmd index c539b8246..b74fa98cd 100644 --- a/apple-codesign/tests/cmd/staple.trycmd +++ b/apple-codesign/tests/cmd/staple.trycmd @@ -8,7 +8,7 @@ Arguments: Path to entity to attempt to staple Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help ``` diff --git a/apple-codesign/tests/cmd/verify.trycmd b/apple-codesign/tests/cmd/verify.trycmd index 27596053a..ba84ba0a5 100644 --- a/apple-codesign/tests/cmd/verify.trycmd +++ b/apple-codesign/tests/cmd/verify.trycmd @@ -8,7 +8,7 @@ Arguments: Path of Mach-O binary to examine Options: - -v, --verbose... Increase logging verbosity. Can be specified multiple times. + -v, --verbose... Increase logging verbosity. Can be specified multiple times -h, --help Print help ```