port OCI module back from python_gardenlinux_cli

yeoldegrove · yeoldegrove · commit 6a7f814c64ce · 2025-05-21T09:17:03.000+02:00
diff --git a/poetry.lock b/poetry.lock
diff --git a/src/gardenlinux/features/__main__.py b/src/gardenlinux/features/__main__.py
@@ -212,5 +212,29 @@ def sort_subset(input_set, order_list):
     return [item for item in order_list if item in input_set]
 
 
+def get_flavor_from_cname(cname: str, get_arch: bool = True) -> str:
+    """
+    Extracts the flavor from a canonical name.
+
+    :param str cname: Canonical name of an image
+    :param bool get_arch: Whether to include the architecture in the flavor
+    :return: Flavor string
+    """
+
+    # cname:
+    # azure-gardener_prod_tpm2_trustedboot-amd64-1312.2-80ffcc87
+    # transform to flavor:
+    # azure-gardener_prod_tpm2_trustedboot-amd64
+
+    platform = cname.split("-")[0]
+    features = cname.split("-")[1:-1]
+    arch = cname.split("-")[-1]
+
+    if get_arch:
+        return f"{platform}-{features}-{arch}"
+    else:
+        return f"{platform}-{features}"
+
+
 if __name__ == "__main__":
     main()
diff --git a/src/gardenlinux/oci/crypto.py b/src/gardenlinux/oci/crypto.py
@@ -0,0 +1,16 @@
+import hashlib
+
+
+def verify_sha256(checksum: str, data: bytes):
+    data_checksum = f"sha256:{hashlib.sha256(data).hexdigest()}"
+    if checksum != data_checksum:
+        raise ValueError(f"Invalid checksum. {checksum} != {data_checksum}")
+
+
+def calculate_sha256(file_path: str) -> str:
+    """Calculate the SHA256 checksum of a file."""
+    sha256_hash = hashlib.sha256()
+    with open(file_path, "rb") as f:
+        for byte_block in iter(lambda: f.read(4096), b""):
+            sha256_hash.update(byte_block)
+    return sha256_hash.hexdigest()
diff --git a/src/gardenlinux/oci/defaults.py b/src/gardenlinux/oci/defaults.py
@@ -0,0 +1,2 @@
+annotation_signature_key = "io.gardenlinux.oci.signature"
+annotation_signed_string_key = "io.gardenlinux.oci.signed-string"
diff --git a/src/gardenlinux/oci/helper.py b/src/gardenlinux/oci/helper.py
@@ -0,0 +1,24 @@
+import json
+import os
+import re
+
+
+def write_dict_to_json_file(input, output_path):
+    if os.path.exists(output_path):
+        raise ValueError(f"{output_path} already exists")
+    with open(output_path, "w") as fp:
+        json.dump(input, fp)
+
+
+def get_uri_for_digest(uri, digest):
+    """
+    Given a URI for an image, return a URI for the related digest.
+
+    URI may be in any of the following forms:
+
+        ghcr.io/homebrew/core/hello
+        ghcr.io/homebrew/core/hello:2.10
+        ghcr.io/homebrew/core/hello@sha256:ff81...47a
+    """
+    base_uri = re.split(r"[@:]", uri, maxsplit=1)[0]
+    return f"{base_uri}@{digest}"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+annotation_signature_key = "io.gardenlinux.oci.signature"`
	`2`	`+annotation_signed_string_key = "io.gardenlinux.oci.signed-string"`