ftlog

type Build struct {
	// TamagoVersion identifies the version of [Tamago] that the builder used to compile
	// the binary with FirmwareDigestSha256.
	//
	// [Tamago]: https://github.com/usbarmory/tamago
	TamagoVersion semver.Version `json:"tamago_version"`

	// Envs contains all environment variables set for this build. Each value in the string
	// array will be a single key/value assignment, such as "DEBUG=1".
	Envs []string `json:"envs,omitempty"`
}

type FirmwareRelease struct {
	// SchemaVersion gives a unique ID for this version of the schema. This will be
	// incremented when there are breaking changes to the schema that all clients
	// should be aware of.
	SchemaVersion int `json:"schema_version"`

	// Component identifies the type of firmware (e.g. OS or applet).
	// This component is key to disambiguate what the firmware is, and other
	// implicit information can be derived from this. For example, the git
	// repository that the code should be checked out from to reproduce the
	// build.
	Component string `json:"component"`

	// Git contains information about the origin of the code used to build this release.
	Git Git `json:"git"`

	// Build contains information about the toolchain used to build this release.
	Build Build `json:"build"`

	// Output contains commitments to the binaries distributed in this release.
	Output Output `json:"output"`

	// HAB holds a signature and related data for firmware which must be authenticated
	// by the device's mask ROM at boot.
	// Currently, this is only meaningful for Bootloader and Recovery firmware images.
	HAB *HAB `json:"hab,omitempty"`
}

type Git struct {
	// TagName identifies the version of this release, e.g. "0.1.2"
	TagName semver.Version `json:"tag_name"`

	// CommitFingerprint contains the hex-encoded SHA-1 commit hash of the git repository when checked
	// out at TagName. Committing to this information allows verifiers that cannot
	// reproduce a build to quickly narrow down the problem space:
	//  - if this CommitFingerprint is different then they have checked out different code
	//    than was used to build the binary. This could happen if the wrong repo was
	//    used, or because the TagName was changed to a different commit
	//  - if the CommitFingerprint is the same, then they have the same code checked out but
	//    there is a problem with the build toolchain (different tooling or non-reproducible
	//    builds).
	CommitFingerprint string `json:"commit_fingerprint"`
}

type HAB struct {
	// Target identifies the class of device for which the signature below is expected to be valid.
	// Examples might be "ci", "wave0", etc.
	Target string `json:"target"`

	// SignatureDigestSha256 is the hash of the "Secure Boot" signature for Bootloader and Recovery firmware images.
	SignatureDigestSha256 []byte `json:"signature_digest_sha256"`
}

type Output struct {
	// FirmwareDigestSha256 is the hash of the compiled firmware binary. Believers that are
	// installing a firmware release must check that the firmware data they are going to
	// believe has a fingerprint matching this hash. Verifiers that check out the correct
	// source repo & version must be able to reproducibly build a binary that has this fingerprint.
	FirmwareDigestSha256 []byte `json:"firmware_digest_sha256"`
}