diff --git a/.github/workflows/beta-preflight.yml b/.github/workflows/beta-preflight.yml index 6f68c5142..3f17eb6d0 100644 --- a/.github/workflows/beta-preflight.yml +++ b/.github/workflows/beta-preflight.yml @@ -114,9 +114,8 @@ jobs: # doc tests. - name: Run doc tests (COVERAGE DISABLED) - run: - cargo test --workspace --all-features --doc - + run: cargo test --workspace --all-features --doc + # - name: Generate code coverage # env: # RUST_BACKTRACE: "1" @@ -216,7 +215,7 @@ jobs: run: cargo binstall -y wasm-bindgen-cli --version 0.2.105 - name: Run Wasm tests - run: cargo test -p c2pa --no-default-features --features rust_native_crypto,fetch_remote_manifests --target wasm32-unknown-unknown + run: cargo test -p c2pa --no-default-features --features rust_native_crypto, --target wasm32-unknown-unknown env: CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner WASM_BINDGEN_TEST_TIMEOUT: 60 diff --git a/.github/workflows/tier-1a.yml b/.github/workflows/tier-1a.yml index 483ecfb44..156d78ee5 100644 --- a/.github/workflows/tier-1a.yml +++ b/.github/workflows/tier-1a.yml @@ -331,7 +331,7 @@ jobs: run: cargo binstall -y wasm-bindgen-cli --version 0.2.105 - name: Run Wasm tests - run: cargo test -p c2pa --no-default-features --features rust_native_crypto,fetch_remote_manifests,http_reqwest --target wasm32-unknown-unknown + run: cargo test -p c2pa --no-default-features --features rust_native_crypto,http_reqwest --target wasm32-unknown-unknown env: CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_RUNNER: wasm-bindgen-test-runner WASM_BINDGEN_TEST_TIMEOUT: 60 diff --git a/Makefile b/Makefile index f3a650146..5bb6da2ac 100644 --- a/Makefile +++ b/Makefile @@ -23,20 +23,20 @@ clippy: cargo clippy --features="file_io" --all-targets -- -D warnings test-local: - cargo test --features="file_io, fetch_remote_manifests, add_thumbnails" --all-targets + cargo test --features="file_io, add_thumbnails" --all-targets test-wasm: - cd sdk && wasm-pack test --node -- --no-default-features --features="rust_native_crypto, fetch_remote_manifests, http_reqwest" + cd sdk && wasm-pack test --node -- --no-default-features --features="rust_native_crypto, http_reqwest" test-wasm-web: - cd sdk && wasm-pack test --chrome --headless -- --no-default-features --features="rust_native_crypto, fetch_remote_manifests, http_reqwest" + cd sdk && wasm-pack test --chrome --headless -- --no-default-features --features="rust_native_crypto, http_reqwest" # WASI testing requires upstream llvm clang (not XCode), wasmtime, and the target wasm32-wasip2 on the nightly toolchain test-wasi: ifeq ($(PLATFORM),mac) $(eval CC := /opt/homebrew/opt/llvm/bin/clang) endif - CC=$(CC) CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S cli -S http --dir ." cargo +nightly test --target wasm32-wasip2 -p c2pa --no-default-features --features="rust_native_crypto, file_io, fetch_remote_manifests, add_thumbnails, http_wasi, http_wstd" + CC=$(CC) CARGO_TARGET_WASM32_WASIP2_RUNNER="wasmtime -S cli -S http --dir ." cargo +nightly test --target wasm32-wasip2 -p c2pa --no-default-features --features="rust_native_crypto, file_io, add_thumbnails, http_wasi, http_wstd" rm -r sdk/Users # Full local validation, build and test all features including wasm diff --git a/c2pa_c_ffi/Cargo.toml b/c2pa_c_ffi/Cargo.toml index 6e8a3e779..fbdfa2778 100644 --- a/c2pa_c_ffi/Cargo.toml +++ b/c2pa_c_ffi/Cargo.toml @@ -25,7 +25,6 @@ pdf = ["c2pa/pdf"] [dependencies] c2pa = { path = "../sdk", version = "0.72.0", default-features = false, features = [ "add_thumbnails", - "fetch_remote_manifests", "file_io", "pdf", "default_http", diff --git a/c2pa_c_ffi/src/c_api.rs b/c2pa_c_ffi/src/c_api.rs index c43effb24..0df67c7e3 100644 --- a/c2pa_c_ffi/src/c_api.rs +++ b/c2pa_c_ffi/src/c_api.rs @@ -2134,6 +2134,19 @@ mod tests { #[test] fn test_c2pa_reader_remote_url() { + let settings = serde_json::json!( { + "verify": { + "remote_manifest_fetch": true + } + }); + let result = unsafe { + c2pa_load_settings( + CString::new(settings.to_string()).unwrap().as_ptr(), + c"json".as_ptr(), + ) + }; + assert_eq!(result, 0); + let mut stream = TestC2paStream::new(include_bytes!(fixture_path!("cloud.jpg")).to_vec()) .into_c_stream(); diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 5cf436ecd..085796aee 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -29,7 +29,6 @@ networking = [ anyhow = "1.0" atree = "0.5.2" c2pa = { path = "../sdk", version = "0.72.0", features = [ - "fetch_remote_manifests", "file_io", "add_thumbnails", "pdf", diff --git a/cli/src/main.rs b/cli/src/main.rs index b21572c7a..4facd6f64 100644 --- a/cli/src/main.rs +++ b/cli/src/main.rs @@ -389,6 +389,15 @@ fn blocking_get(url: &str) -> Result { } fn configure_sdk(args: &CliArgs) -> Result<()> { + // Enable remote manifest fetching for backwards compatibility. + Settings::from_toml( + &toml::toml! { + [verify] + remote_manifest_fetch = true + } + .to_string(), + )?; + if args.settings.exists() { let settings = fs::read_to_string(&args.settings)?; Settings::from_toml(&settings)? diff --git a/docs/support-tiers.md b/docs/support-tiers.md index 41bf1dc02..5547d1f93 100644 --- a/docs/support-tiers.md +++ b/docs/support-tiers.md @@ -35,7 +35,7 @@ These requirements are enforced in the [Tier 1A workflow](/.github/workflows/tie ### Tier 1A for c2pa-rs * **Ubuntu:** `x86_64-unknown-linux-gnu`, Rust `stable`, `all` features, `openssl` | `rust_native_crypto`, `glibc` -* **Wasm:** `wasm32-unknown-unknown`, Rust `stable`, `fetch_remote_manifests` feature, `rust_native_crypto` +* **Wasm:** `wasm32-unknown-unknown`, Rust `stable`, feature, `rust_native_crypto` * **WASI:** `wasm32-wasip2`, Rust `nightly-2025-08-25`, `all` features ### Tier 1A for c2pa-c-ffi diff --git a/docs/usage.md b/docs/usage.md index b189b9ba6..2ad3c1b79 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -38,7 +38,6 @@ You can enable any of the following features: - **openssl** *(enabled by default)*: Use the vendored `openssl` implementation for cryptography. - **rust_native_crypto**: Use Rust native cryptography. - **add_thumbnails**: Adds the [`image`](https://github.com/image-rs/image) crate to enable auto-generated thumbnails, if possible and enabled in settings. -- **fetch_remote_manifests**: Fetches remote manifests over the network when no embedded manifest is present and that option is enabled in settings. - **file_io**: Enables APIs that use filesystem I/O. - **json_schema**: Adds the [`schemars`](https://github.com/GREsau/schemars) crate to derive JSON schemas for JSON-compatible structs. - **pdf**: Enables basic PDF read support. diff --git a/make_test_images/Cargo.toml b/make_test_images/Cargo.toml index febbdc784..091421233 100644 --- a/make_test_images/Cargo.toml +++ b/make_test_images/Cargo.toml @@ -13,7 +13,6 @@ unexpected_cfgs = { level = "warn", check-cfg = ['cfg(test)'] } [dependencies] anyhow = "1.0.40" c2pa = { path = "../sdk", version = "0.72.0", features = [ - "fetch_remote_manifests", "file_io", "add_thumbnails", "pdf", diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index 6e8e119ef..8b120e5c8 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -31,7 +31,6 @@ rustdoc-args = ["--cfg", "docsrs"] default = ["openssl", "default_http"] add_thumbnails = ["image"] file_io = [] -fetch_remote_manifests = ["dep:wasi"] json_schema = ["dep:schemars"] openssl = [ "dep:openssl", diff --git a/sdk/src/builder.rs b/sdk/src/builder.rs index c2b0b1718..61974eef8 100644 --- a/sdk/src/builder.rs +++ b/sdk/src/builder.rs @@ -3186,7 +3186,6 @@ mod tests { /// example of creating a builder directly with a [`ManifestDefinition`] #[c2pa_test_async] /// test if the sdk can add a cloud ingredient retrieved from a stream and a cloud manifest - // This works with or without the fetch_remote_manifests feature async fn test_add_cloud_ingredient() { crate::settings::set_settings_value("verify.remote_manifest_fetch", false).unwrap(); diff --git a/sdk/src/ingredient.rs b/sdk/src/ingredient.rs index 6f1aa71aa..aac3f31ae 100644 --- a/sdk/src/ingredient.rs +++ b/sdk/src/ingredient.rs @@ -1839,7 +1839,6 @@ mod tests { ); } - #[cfg(feature = "fetch_remote_manifests")] #[c2pa_test_async] async fn test_jpg_cloud_from_memory() { crate::settings::set_settings_value("verify.verify_trust", false).unwrap(); @@ -1861,11 +1860,10 @@ mod tests { assert_eq!(ingredient.validation_status(), None); } - #[cfg(not(any(feature = "fetch_remote_manifests", feature = "file_io")))] #[c2pa_test_async] - async fn test_jpg_cloud_from_memory_no_file_io() { + async fn test_jpg_cloud_from_memory_no_remote_fetch() { crate::settings::set_settings_value("verify.verify_trust", false).unwrap(); - crate::settings::set_settings_value("verify.remote_manifest_fetch", true).unwrap(); + crate::settings::set_settings_value("verify.remote_manifest_fetch", false).unwrap(); let image_bytes = include_bytes!("../tests/fixtures/cloud.jpg"); let format = "image/jpeg"; @@ -2111,7 +2109,6 @@ mod tests_file_io { } #[test] - #[cfg(feature = "fetch_remote_manifests")] fn test_jpg_cloud_failure() { let ap = fixture_path("cloudx.jpg"); let ingredient = Ingredient::from_file(ap).expect("from_file"); diff --git a/sdk/src/lib.rs b/sdk/src/lib.rs index ca9752126..20f66f3f8 100644 --- a/sdk/src/lib.rs +++ b/sdk/src/lib.rs @@ -98,7 +98,6 @@ //! - **openssl** *(enabled by default)*: Use the vendored `openssl` implementation for cryptography. //! - **rust_native_crypto**: Use Rust native cryptography. //! - **add_thumbnails**: Adds the [`image`](https://github.com/image-rs/image) crate to enable auto-generated thumbnails, if possible and enabled in settings. -//! - **fetch_remote_manifests**: Fetches remote manifests over the network when no embedded manifest is present and that option is enabled in settings. //! - **file_io**: Enables APIs that use filesystem I/O. //! - **json_schema**: Adds the [`schemars`](https://github.com/GREsau/schemars) crate to derive JSON schemas for JSON-compatible structs. //! - **pdf**: Enables basic PDF read support. diff --git a/sdk/src/reader.rs b/sdk/src/reader.rs index 0eff6e704..c5daca53b 100644 --- a/sdk/src/reader.rs +++ b/sdk/src/reader.rs @@ -222,7 +222,7 @@ impl Reader { #[cfg(feature = "file_io")] /// Create a manifest store [`Reader`] from a file. - /// If the `fetch_remote_manifests` feature is enabled, and the asset refers to a remote manifest, the function fetches a remote manifest. + /// If the `verify.remote_manifest_fetch` setting is enabled, and the asset refers to a remote manifest, the function fetches a remote manifest. /// /// NOTE: If the file does not have a manifest store, the function will check for a sidecar manifest with the same base file name and a .c2pa extension. /// @@ -1215,8 +1215,15 @@ pub mod tests { } #[test] - #[cfg(feature = "fetch_remote_manifests")] fn test_reader_remote_url() -> Result<()> { + Settings::from_toml( + &toml::toml! { + [verify] + remote_manifest_fetch = true + } + .to_string(), + )?; + let reader = Reader::from_stream("image/jpeg", Cursor::new(IMAGE_WITH_REMOTE_MANIFEST))?; let remote_url = reader.remote_url(); assert_eq!(remote_url, Some("https://cai-manifests.adobe.com/manifests/adobe-urn-uuid-5f37e182-3687-462e-a7fb-573462780391")); diff --git a/sdk/src/settings/mod.rs b/sdk/src/settings/mod.rs index f271a062c..7ff2bc557 100644 --- a/sdk/src/settings/mod.rs +++ b/sdk/src/settings/mod.rs @@ -295,11 +295,7 @@ pub struct Verify { /// - Constructing an [`Ingredient`] /// - Adding an [`Ingredient`] to the [`Builder`] /// - /// The default value is true. - /// - ///
- /// This setting is only applicable if the crate is compiled with the `fetch_remote_manifests` feature. - ///
+ /// The default value is false. /// /// [`Reader`]: crate::Reader /// [`Ingredient`]: crate::Ingredient @@ -328,7 +324,7 @@ impl Default for Verify { verify_trust: true, verify_timestamp_trust: !cfg!(test), // verify timestamp trust unless in test mode ocsp_fetch: false, - remote_manifest_fetch: true, + remote_manifest_fetch: false, skip_ingredient_conflict_resolution: false, strict_v1_validation: false, } @@ -679,7 +675,7 @@ pub mod tests { // test updating values Settings::set_value("core.merkle_tree_chunk_size_in_kb", 10).unwrap(); - Settings::set_value("verify.remote_manifest_fetch", false).unwrap(); + Settings::set_value("verify.remote_manifest_fetch", true).unwrap(); Settings::set_value("builder.thumbnail.enabled", false).unwrap(); Settings::set_value( "trust.user_anchors", @@ -691,7 +687,7 @@ pub mod tests { get_settings_value::("core.merkle_tree_chunk_size_in_kb").unwrap(), 10 ); - assert!(!get_settings_value::("verify.remote_manifest_fetch").unwrap()); + assert!(get_settings_value::("verify.remote_manifest_fetch").unwrap()); assert!(!get_settings_value::("builder.thumbnail.enabled").unwrap()); assert_eq!( get_settings_value::>("trust.user_anchors").unwrap(), diff --git a/sdk/src/store.rs b/sdk/src/store.rs index c1cd24a5e..0f10fa688 100644 --- a/sdk/src/store.rs +++ b/sdk/src/store.rs @@ -3409,7 +3409,6 @@ impl Store { } // fetch remote manifest if possible - #[cfg(feature = "fetch_remote_manifests")] #[async_generic(async_signature( url: &str, http_resolver: &impl AsyncHttpResolver @@ -3472,22 +3471,16 @@ impl Store { ) -> Result> { // verify provenance path is remote url if Store::is_valid_remote_url(ext_ref) { - #[cfg(feature = "fetch_remote_manifests")] - { - // Everything except browser wasm if fetch_remote_manifests is enabled - if settings.verify.remote_manifest_fetch { - if _sync { - Store::fetch_remote_manifest(ext_ref, http_resolver) - } else { - Store::fetch_remote_manifest_async(ext_ref, http_resolver).await - } + // Everything except browser wasm if fetch_remote_manifests is enabled + if settings.verify.remote_manifest_fetch { + if _sync { + Store::fetch_remote_manifest(ext_ref, http_resolver) } else { - Err(Error::RemoteManifestUrl(ext_ref.to_owned())) + Store::fetch_remote_manifest_async(ext_ref, http_resolver).await } + } else { + Err(Error::RemoteManifestUrl(ext_ref.to_owned())) } - - #[cfg(not(feature = "fetch_remote_manifests"))] - Err(Error::RemoteManifestUrl(ext_ref.to_owned())) } else { Err(Error::JumbfNotFound) } diff --git a/sdk/tests/test_reader.rs b/sdk/tests/test_reader.rs index 122904a16..8dc51349b 100644 --- a/sdk/tests/test_reader.rs +++ b/sdk/tests/test_reader.rs @@ -70,9 +70,16 @@ fn test_reader_xca_jpg() -> Result<()> { compare_to_known_good(&reader, "XCA.json") } -#[cfg(feature = "fetch_remote_manifests")] #[c2pa_test_async] async fn test_reader_remote_url_async() -> Result<()> { + Settings::from_toml( + &toml::toml! { + [verify] + remote_manifest_fetch = true + } + .to_string(), + )?; + let reader = Reader::from_stream_async( "image/jpeg", std::io::Cursor::new(include_bytes!("./fixtures/cloud.jpg")),