234 lines
8.1 KiB
TypeScript
234 lines
8.1 KiB
TypeScript
import { createHash } from 'crypto';
|
|
import { mkdir, mkdtemp, rm, writeFile } from 'fs/promises';
|
|
import os from 'os';
|
|
import path from 'path';
|
|
import { gzipSync } from 'zlib';
|
|
import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
|
|
|
|
const execCliMock = vi.hoisted(() => vi.fn());
|
|
|
|
vi.mock('@main/utils/childProcess', () => ({
|
|
execCli: execCliMock,
|
|
}));
|
|
|
|
import {
|
|
extractOpenCodeRuntimeBinaryFromTarball,
|
|
getOpenCodeRuntimePlatformCandidates,
|
|
resolveAppManagedOpenCodeRuntimeBinaryPath,
|
|
resolveVerifiedAppManagedOpenCodeRuntimeBinaryPath,
|
|
verifyOpenCodeRuntimePackageIntegrity,
|
|
} from '@main/services/infrastructure/OpenCodeRuntimeInstallerService';
|
|
import { setAppDataBasePath } from '@main/utils/pathDecoder';
|
|
|
|
let tempRoot: string | null = null;
|
|
|
|
function writeOctal(header: Buffer, offset: number, length: number, value: number): void {
|
|
const encoded = value
|
|
.toString(8)
|
|
.padStart(length - 1, '0')
|
|
.slice(-(length - 1));
|
|
header.write(`${encoded}\0`, offset, length, 'ascii');
|
|
}
|
|
|
|
function createTarEntry(name: string, data: Buffer): Buffer {
|
|
const header = Buffer.alloc(512);
|
|
header.write(name, 0, Math.min(Buffer.byteLength(name), 100), 'utf8');
|
|
writeOctal(header, 100, 8, 0o755);
|
|
writeOctal(header, 108, 8, 0);
|
|
writeOctal(header, 116, 8, 0);
|
|
writeOctal(header, 124, 12, data.length);
|
|
writeOctal(header, 136, 12, 0);
|
|
header.fill(' ', 148, 156);
|
|
header.write('0', 156, 1, 'ascii');
|
|
header.write('ustar\0', 257, 6, 'ascii');
|
|
header.write('00', 263, 2, 'ascii');
|
|
const checksum = header.reduce((sum, byte) => sum + byte, 0);
|
|
const checksumText = checksum.toString(8).padStart(6, '0');
|
|
header.write(`${checksumText}\0 `, 148, 8, 'ascii');
|
|
|
|
const padding = Buffer.alloc((512 - (data.length % 512)) % 512);
|
|
return Buffer.concat([header, data, padding]);
|
|
}
|
|
|
|
function createTarball(entries: { name: string; data: string }[]): Buffer {
|
|
return gzipSync(
|
|
Buffer.concat([
|
|
...entries.map((entry) => createTarEntry(entry.name, Buffer.from(entry.data))),
|
|
Buffer.alloc(1024),
|
|
])
|
|
);
|
|
}
|
|
|
|
describe('OpenCodeRuntimeInstallerService resolver', () => {
|
|
beforeEach(async () => {
|
|
tempRoot = await mkdtemp(path.join(os.tmpdir(), 'opencode-runtime-resolver-'));
|
|
setAppDataBasePath(tempRoot);
|
|
execCliMock.mockReset();
|
|
execCliMock.mockResolvedValue({ stdout: 'opencode 1.0.0\n', stderr: '' });
|
|
});
|
|
|
|
afterEach(async () => {
|
|
setAppDataBasePath(null);
|
|
if (tempRoot) {
|
|
await rm(tempRoot, { recursive: true, force: true });
|
|
tempRoot = null;
|
|
}
|
|
});
|
|
|
|
it('returns the current app-managed OpenCode binary path only when manifest and binary exist', async () => {
|
|
const binaryPath = path.join(
|
|
tempRoot!,
|
|
'data',
|
|
'runtimes',
|
|
'opencode',
|
|
'versions',
|
|
'1.0.0',
|
|
'opencode-test',
|
|
'opencode'
|
|
);
|
|
const manifestPath = path.join(tempRoot!, 'data', 'runtimes', 'opencode', 'current.json');
|
|
await mkdir(path.dirname(binaryPath), { recursive: true });
|
|
await mkdir(path.dirname(manifestPath), { recursive: true });
|
|
await writeFile(binaryPath, 'binary', { mode: 0o755 });
|
|
await writeFile(
|
|
manifestPath,
|
|
`${JSON.stringify({
|
|
schemaVersion: 1,
|
|
version: '1.0.0',
|
|
platformPackage: 'opencode-test',
|
|
binaryPath,
|
|
integrity: 'sha512-test',
|
|
installedAt: '2026-05-12T00:00:00.000Z',
|
|
})}\n`,
|
|
'utf8'
|
|
);
|
|
|
|
expect(resolveAppManagedOpenCodeRuntimeBinaryPath()).toBe(binaryPath);
|
|
});
|
|
|
|
it('ignores a manifest whose binary path is missing', async () => {
|
|
const manifestPath = path.join(tempRoot!, 'data', 'runtimes', 'opencode', 'current.json');
|
|
await mkdir(path.dirname(manifestPath), { recursive: true });
|
|
await writeFile(
|
|
manifestPath,
|
|
`${JSON.stringify({
|
|
schemaVersion: 1,
|
|
version: '1.0.0',
|
|
platformPackage: 'opencode-test',
|
|
binaryPath: path.join(tempRoot!, 'missing-opencode'),
|
|
integrity: 'sha512-test',
|
|
installedAt: '2026-05-12T00:00:00.000Z',
|
|
})}\n`,
|
|
'utf8'
|
|
);
|
|
|
|
expect(resolveAppManagedOpenCodeRuntimeBinaryPath()).toBeNull();
|
|
});
|
|
|
|
it('returns the verified app-managed binary path only when --version succeeds', async () => {
|
|
const binaryPath = path.join(
|
|
tempRoot!,
|
|
'data',
|
|
'runtimes',
|
|
'opencode',
|
|
'versions',
|
|
'1.0.0',
|
|
'opencode-test',
|
|
'opencode'
|
|
);
|
|
const manifestPath = path.join(tempRoot!, 'data', 'runtimes', 'opencode', 'current.json');
|
|
await mkdir(path.dirname(binaryPath), { recursive: true });
|
|
await mkdir(path.dirname(manifestPath), { recursive: true });
|
|
await writeFile(binaryPath, 'binary', { mode: 0o755 });
|
|
await writeFile(
|
|
manifestPath,
|
|
`${JSON.stringify({
|
|
schemaVersion: 1,
|
|
version: '1.0.0',
|
|
platformPackage: 'opencode-test',
|
|
binaryPath,
|
|
integrity: 'sha512-test',
|
|
installedAt: '2026-05-12T00:00:00.000Z',
|
|
})}\n`,
|
|
'utf8'
|
|
);
|
|
|
|
await expect(resolveVerifiedAppManagedOpenCodeRuntimeBinaryPath()).resolves.toBe(binaryPath);
|
|
expect(execCliMock).toHaveBeenCalledWith(binaryPath, ['--version'], {
|
|
timeout: 10_000,
|
|
windowsHide: true,
|
|
});
|
|
|
|
execCliMock.mockRejectedValueOnce(new Error('broken binary'));
|
|
|
|
await expect(resolveVerifiedAppManagedOpenCodeRuntimeBinaryPath()).resolves.toBeNull();
|
|
});
|
|
});
|
|
|
|
describe('OpenCodeRuntimeInstallerService package safety helpers', () => {
|
|
it('selects expected platform packages with Linux musl and baseline fallbacks', () => {
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('darwin', 'arm64', false).map((item) => item.packageName)
|
|
).toEqual(['opencode-darwin-arm64']);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('darwin', 'x64', false).map((item) => item.packageName)
|
|
).toEqual(['opencode-darwin-x64', 'opencode-darwin-x64-baseline']);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('linux', 'x64', false).map((item) => item.packageName)
|
|
).toEqual(['opencode-linux-x64', 'opencode-linux-x64-baseline', 'opencode-linux-x64-musl']);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('linux', 'x64', true).map((item) => item.packageName)
|
|
).toEqual([
|
|
'opencode-linux-x64-musl',
|
|
'opencode-linux-x64-baseline-musl',
|
|
'opencode-linux-x64',
|
|
]);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('linux', 'arm64', false).map((item) => item.packageName)
|
|
).toEqual(['opencode-linux-arm64', 'opencode-linux-arm64-musl']);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('linux', 'arm64', true).map((item) => item.packageName)
|
|
).toEqual(['opencode-linux-arm64-musl', 'opencode-linux-arm64']);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('win32', 'x64', false).map((item) => item.packageName)
|
|
).toEqual(['opencode-windows-x64', 'opencode-windows-x64-baseline']);
|
|
expect(
|
|
getOpenCodeRuntimePlatformCandidates('win32', 'arm64', false).map((item) => item.packageName)
|
|
).toEqual(['opencode-windows-arm64']);
|
|
});
|
|
|
|
it('fails npm integrity mismatches', () => {
|
|
const payload = Buffer.from('actual package');
|
|
const wrongHash = createHash('sha512').update('different package').digest('base64');
|
|
|
|
expect(() => verifyOpenCodeRuntimePackageIntegrity(payload, `sha512-${wrongHash}`)).toThrow(
|
|
'integrity check failed'
|
|
);
|
|
});
|
|
|
|
it('extracts only the expected OpenCode binary from the package tarball', () => {
|
|
const tarball = createTarball([
|
|
{ name: 'package/bin/not-opencode', data: 'wrong' },
|
|
{
|
|
name: process.platform === 'win32' ? 'package/bin/opencode.exe' : 'package/bin/opencode',
|
|
data: 'right',
|
|
},
|
|
]);
|
|
|
|
expect(extractOpenCodeRuntimeBinaryFromTarball(tarball).toString()).toBe('right');
|
|
});
|
|
|
|
it('rejects tar path traversal before extraction', () => {
|
|
const tarball = createTarball([
|
|
{ name: '../opencode', data: 'unsafe' },
|
|
{
|
|
name: process.platform === 'win32' ? 'package/bin/opencode.exe' : 'package/bin/opencode',
|
|
data: 'right',
|
|
},
|
|
]);
|
|
|
|
expect(() => extractOpenCodeRuntimeBinaryFromTarball(tarball)).toThrow(
|
|
'Unsafe OpenCode package tar entry'
|
|
);
|
|
});
|
|
});
|