Update CHANGELOG for v1.17.0.

certlib and other updates
add bcuz
2025-11-21 16:58:02 -08:00 · 2025-11-21 16:56:39 -08:00 · 2025-11-21 16:45:01 -08:00
7 changed files with 179 additions and 5 deletions
--- a/8
+++ b/8
@@ -1,5 +1,13 @@
 CHANGELOG

+v1.17.0 - 2025-11-21
+
+Added:
+- cmd/bcuz: unzips bandcamp archives.
+
+Changed:
+- certlib: ergonomic improvements.
+
 v1.16.3 - 2025-11-21

 Changed:
--- a/certlib/certgen/config.go
+++ b/certlib/certgen/config.go
@@ -19,13 +19,21 @@ type KeySpec struct {
 	Size      int    `yaml:"size"`
 }

+func (ks KeySpec) String() string {
+	if strings.ToLower(ks.Algorithm) == nameEd25519 {
+		return nameEd25519
+	}
+
+	return fmt.Sprintf("%s-%d", ks.Algorithm, ks.Size)
+}
+
 func (ks KeySpec) Generate() (crypto.PublicKey, crypto.PrivateKey, error) {
 	switch strings.ToLower(ks.Algorithm) {
 	case "rsa":
 		return GenerateKey(x509.RSA, ks.Size)
 	case "ecdsa":
 		return GenerateKey(x509.ECDSA, ks.Size)
-	case "ed25519":
+	case nameEd25519:
 		return GenerateKey(x509.Ed25519, 0)
 	default:
 		return nil, nil, fmt.Errorf("unknown key algorithm: %s", ks.Algorithm)
@@ -38,7 +46,7 @@ func (ks KeySpec) SigningAlgorithm() (x509.SignatureAlgorithm, error) {
 		return x509.SHA512WithRSAPSS, nil
 	case "ecdsa":
 		return x509.ECDSAWithSHA512, nil
-	case "ed25519":
+	case nameEd25519:
 		return x509.PureEd25519, nil
 	default:
 		return 0, fmt.Errorf("unknown key algorithm: %s", ks.Algorithm)
@@ -88,6 +96,10 @@ func (cs CertificateRequest) Request(priv crypto.PrivateKey) (*x509.CertificateR
 		IPAddresses:        ipAddresses,
 	}

+	if cs.Subject.Email != "" {
+		req.EmailAddresses = []string{cs.Subject.Email}
+	}
+
 	reqBytes, err := x509.CreateCertificateRequest(rand.Reader, req, priv)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create certificate request: %w", err)
--- a/certlib/certgen/keygen.go
+++ b/certlib/certgen/keygen.go
@@ -16,6 +16,10 @@ import (
 //	oidEd25519 = asn1.ObjectIdentifier{1, 3, 101, 110}
 //)

+const (
+	nameEd25519 = "ed25519"
+)
+
 func GenerateKey(algorithm x509.PublicKeyAlgorithm, bitSize int) (crypto.PublicKey, crypto.PrivateKey, error) {
 	var key crypto.PrivateKey
 	var pub crypto.PublicKey
--- a/certlib/ski/ski.go
+++ b/certlib/ski/ski.go
@@ -6,6 +6,7 @@ import (
 	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/sha1" // #nosec G505 this is the standard
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
@@ -15,7 +16,9 @@ import (

 	"git.wntrmute.dev/kyle/goutils/certlib"
 	"git.wntrmute.dev/kyle/goutils/die"
+	"git.wntrmute.dev/kyle/goutils/fileutil"
 	"git.wntrmute.dev/kyle/goutils/lib"
+	"git.wntrmute.dev/kyle/goutils/lib/fetch"
 )

 const (
@@ -53,6 +56,30 @@ func (k *KeyInfo) SKI(displayMode lib.HexEncodeMode) (string, error) {
 	return pubHashString, nil
 }

+func Lookup(path string, tcfg *tls.Config) (*KeyInfo, error) {
+	if fileutil.FileDoesExist(path) {
+		return ParsePEM(path)
+	}
+
+	server, err := fetch.ParseServer(path, tcfg)
+	if err != nil {
+		return nil, err
+	}
+
+	cert, err := server.Get()
+	if err != nil {
+		return nil, err
+	}
+
+	material := &KeyInfo{
+		FileType: "certificate",
+	}
+
+	material.PublicKey, material.KeyType = parseCertificate(cert)
+
+	return material, nil
+}
+
 // ParsePEM parses a PEM file and returns the public key and its type.
 func ParsePEM(path string) (*KeyInfo, error) {
 	material := &KeyInfo{}
@@ -79,7 +106,7 @@ func ParsePEM(path string) (*KeyInfo, error) {
 		material.PublicKey, material.KeyType = parseKey(data)
 		material.FileType = "private key"
 	case "CERTIFICATE":
-		material.PublicKey, material.KeyType = parseCertificate(data)
+		material.PublicKey, material.KeyType = parseCertificateFile(data)
 		material.FileType = "certificate"
 	case "CERTIFICATE REQUEST":
 		material.PublicKey, material.KeyType = parseCSR(data)
@@ -113,12 +140,17 @@ func parseKey(data []byte) ([]byte, string) {
 	return public, kt
 }

-func parseCertificate(data []byte) ([]byte, string) {
+func parseCertificateFile(data []byte) ([]byte, string) {
 	cert, err := x509.ParseCertificate(data)
 	die.If(err)

+	return parseCertificate(cert)
+}
+
+func parseCertificate(cert *x509.Certificate) ([]byte, string) {
 	pub := cert.PublicKey
 	var kt string
+
 	switch pub.(type) {
 	case *rsa.PublicKey:
 		kt = keyTypeRSA
--- a/cmd/bcuz/README
+++ b/cmd/bcuz/README
@@ -0,0 +1,8 @@
+bcuz: bandcamp unzip
+
+When you download stuff from bandcamp, it gives you a zip file that
+extracts files into the current directory. This is a quick hack tries
+to parse the filename as "artist - album", unpack the contents to
+"artist/album/*", and remove the zip file (which can be kept with
+-k). Works on my machine™, good enough for me.
+
--- a/cmd/bcuz/main.go
+++ b/cmd/bcuz/main.go
@@ -0,0 +1,110 @@
+package main
+
+import (
+	"archive/zip"
+	"errors"
+	"flag"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+var unrestrictedDecompression bool
+
+var keepArchive bool
+
+func removedir(dir string, existed bool) {
+	if !existed {
+		os.RemoveAll(dir)
+	}
+}
+
+func unpackFile(path string) error {
+	var dir string
+	var existed bool
+
+	fmt.Printf("[+] processing %s:\n", path)
+
+	base := filepath.Base(path[:len(path)-4])
+	pieces := strings.SplitN(base, "-", 2)
+	if len(pieces) == 2 {
+		artist := strings.TrimSpace(pieces[0])
+		album := strings.TrimSpace(pieces[1])
+		dir = filepath.Join(artist, album)
+	} else {
+		dir = base
+	}
+
+	_, err := os.Stat(dir)
+	if err == nil {
+		existed = true
+	}
+
+	fmt.Printf("\tunpack directory: %s\n", dir)
+	err = os.MkdirAll(dir, 0755)
+	if err != nil {
+		return err
+	}
+
+	r, err := zip.OpenReader(path)
+	if err != nil {
+		removedir(dir, existed)
+		return err
+	}
+	defer r.Close()
+
+	var rc io.ReadCloser
+	for _, f := range r.File {
+		fmt.Printf("\tunpacking %s\n", f.FileHeader.Name)
+		rc, err = f.Open()
+		if err != nil {
+			rc.Close()
+			removedir(dir, existed)
+			return err
+		}
+
+		if f.UncompressedSize64 > (f.CompressedSize64*32) && !unrestrictedDecompression {
+			rc.Close()
+			removedir(dir, existed)
+			return errors.New("file is too large to decompress (maybe a zip bomb)")
+		}
+
+		var out *os.File
+		out, err = os.Create(filepath.Join(dir, f.FileHeader.Name))
+		if err != nil {
+			rc.Close()
+			removedir(dir, existed)
+			return err
+		}
+
+		_, err = io.Copy(out, rc) // #nosec G110: handled with size check above
+		if err != nil {
+			rc.Close()
+			removedir(dir, existed)
+			return err
+		}
+
+		out.Close()
+		rc.Close()
+	}
+
+	if !keepArchive {
+		return os.Remove(path)
+	}
+	return nil
+}
+
+func main() {
+	flag.BoolVar(&keepArchive, "k", false, "don't remove the archive file after unpacking")
+	flag.BoolVar(&unrestrictedDecompression, "u", false, "allow unrestricted decompression")
+	flag.Parse()
+
+	for _, path := range flag.Args() {
+		err := unpackFile(path)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "[!] failed to process %s: %s\n", path, err)
+		}
+	}
+}
--- a/cmd/kgz/main.go
+++ b/cmd/kgz/main.go
@@ -111,7 +111,7 @@ func buildExtraForPath(st unix.Stat_t, path string, setUID, setGID int) []byte {
 		ctns = clampToInt32(ft.Changed.Nanosecond())
 	}

-	return buildKGExtra(uid, gid, mode, cts, ctns)
+	return buildKGExtra(uid, gid, uint32(mode), cts, ctns)
 }

 // parseKGExtra scans a gzip Extra blob and returns kgz metadata if present.
Author	SHA1	Message	Date
Kyle Isom	08a411bccf	Update CHANGELOG for v1.17.0.	2025-11-21 16:58:02 -08:00
Kyle Isom	91f954391e	certlib and other updates	2025-11-21 16:56:39 -08:00
Kyle Isom	d6efbd22fd	add bcuz	2025-11-21 16:45:01 -08:00