metis/pkg/image/download.go

package image

import (
	"crypto/sha256"
	"encoding/hex"
	"errors"
	"fmt"
	"io"
	"net/http"
	"os"
	"os/exec"
	"path/filepath"
	"strings"
)

// Download fetches url into dest if dest does not exist.
func Download(url, dest string) error {
	_, err := DownloadAndVerify(url, dest, "")
	return err
}

// DownloadAndVerify fetches the source image, verifies it when a checksum is provided,
// and returns the local raw image path ready for copying or injection.
func DownloadAndVerify(url, dest, checksum string) (string, error) {
	if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil {
		return "", err
	}
	if strings.HasSuffix(url, ".xz") {
		archive := dest + ".xz"
		if _, err := os.Stat(archive); errors.Is(err, os.ErrNotExist) {
			if err := downloadRaw(url, archive); err != nil {
				return "", err
			}
		} else if err != nil {
			return "", err
		}
		if err := VerifyChecksum(archive, checksum); err != nil {
			return "", err
		}
		if _, err := os.Stat(dest); errors.Is(err, os.ErrNotExist) {
			if err := decompressXZ(archive, dest); err != nil {
				return "", err
			}
		} else if err != nil {
			return "", err
		}
		return dest, nil
	}
	if _, err := os.Stat(dest); errors.Is(err, os.ErrNotExist) {
		if err := downloadRaw(url, dest); err != nil {
			return "", err
		}
	} else if err != nil {
		return "", err
	}
	if err := VerifyChecksum(dest, checksum); err != nil {
		return "", err
	}
	return dest, nil
}

func downloadRaw(url, dest string) error {
	if strings.HasPrefix(url, "file://") {
		src := strings.TrimPrefix(url, "file://")
		in, err := os.Open(src)
		if err != nil {
			return err
		}
		defer in.Close()
		out, err := os.Create(dest)
		if err != nil {
			return err
		}
		defer out.Close()
		_, err = io.Copy(out, in)
		return err
	}
	resp, err := http.Get(url)
	if err != nil {
		return err
	}
	defer resp.Body.Close()
	if resp.StatusCode != http.StatusOK {
		return fmt.Errorf("download failed: %s", resp.Status)
	}
	out, err := os.Create(dest)
	if err != nil {
		return err
	}
	defer out.Close()
	_, err = io.Copy(out, resp.Body)
	return err
}

func decompressXZ(src, dest string) error {
	out, err := os.Create(dest)
	if err != nil {
		return err
	}
	defer out.Close()
	cmd := exec.Command("xz", "-dc", src)
	cmd.Stdout = out
	var stderr strings.Builder
	cmd.Stderr = &stderr
	if err := cmd.Run(); err != nil {
		return fmt.Errorf("xz decompress %s: %w: %s", src, err, stderr.String())
	}
	return out.Sync()
}

// VerifyChecksum checks sha256 in the form "sha256:<hex>".
func VerifyChecksum(path, checksum string) error {
	if checksum == "" {
		return nil
	}
	parts := strings.SplitN(checksum, ":", 2)
	if len(parts) != 2 || parts[0] != "sha256" {
		return errors.New("unsupported checksum format; use sha256:<hex>")
	}
	expected := strings.ToLower(parts[1])
	f, err := os.Open(path)
	if err != nil {
		return err
	}
	defer f.Close()
	h := sha256.New()
	if _, err := io.Copy(h, f); err != nil {
		return err
	}
	sum := hex.EncodeToString(h.Sum(nil))
	if sum != expected {
		return fmt.Errorf("checksum mismatch: expected %s got %s", expected, sum)
	}
	return nil
}
feat: add download/checksum and burn execution stub 2026-01-11 02:35:24 -03:00			`package image`

			`import (`
			`"crypto/sha256"`
			`"encoding/hex"`
			`"errors"`
			`"fmt"`
			`"io"`
			`"net/http"`
			`"os"`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`"os/exec"`
feat: add download/checksum and burn execution stub 2026-01-11 02:35:24 -03:00			`"path/filepath"`
			`"strings"`
			`)`

			`// Download fetches url into dest if dest does not exist.`
			`func Download(url, dest string) error {`
image: verify compressed sources before unpacking 2026-03-31 19:00:48 -03:00			`_, err := DownloadAndVerify(url, dest, "")`
			`return err`
			`}`

			`// DownloadAndVerify fetches the source image, verifies it when a checksum is provided,`
			`// and returns the local raw image path ready for copying or injection.`
			`func DownloadAndVerify(url, dest, checksum string) (string, error) {`
feat: add download/checksum and burn execution stub 2026-01-11 02:35:24 -03:00			`if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil {`
image: verify compressed sources before unpacking 2026-03-31 19:00:48 -03:00			`return "", err`
feat: add download/checksum and burn execution stub 2026-01-11 02:35:24 -03:00			`}`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`if strings.HasSuffix(url, ".xz") {`
image: verify compressed sources before unpacking 2026-03-31 19:00:48 -03:00			`archive := dest + ".xz"`
			`if _, err := os.Stat(archive); errors.Is(err, os.ErrNotExist) {`
			`if err := downloadRaw(url, archive); err != nil {`
			`return "", err`
			`}`
			`} else if err != nil {`
			`return "", err`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`}`
image: verify compressed sources before unpacking 2026-03-31 19:00:48 -03:00			`if err := VerifyChecksum(archive, checksum); err != nil {`
			`return "", err`
			`}`
			`if _, err := os.Stat(dest); errors.Is(err, os.ErrNotExist) {`
			`if err := decompressXZ(archive, dest); err != nil {`
			`return "", err`
			`}`
			`} else if err != nil {`
			`return "", err`
			`}`
			`return dest, nil`
			`}`
			`if _, err := os.Stat(dest); errors.Is(err, os.ErrNotExist) {`
			`if err := downloadRaw(url, dest); err != nil {`
			`return "", err`
			`}`
			`} else if err != nil {`
			`return "", err`
			`}`
			`if err := VerifyChecksum(dest, checksum); err != nil {`
			`return "", err`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`}`
image: verify compressed sources before unpacking 2026-03-31 19:00:48 -03:00			`return dest, nil`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`}`

			`func downloadRaw(url, dest string) error {`
feat: add download/checksum and burn execution stub 2026-01-11 02:35:24 -03:00			`if strings.HasPrefix(url, "file://") {`
			`src := strings.TrimPrefix(url, "file://")`
			`in, err := os.Open(src)`
			`if err != nil {`
			`return err`
			`}`
			`defer in.Close()`
			`out, err := os.Create(dest)`
			`if err != nil {`
			`return err`
			`}`
			`defer out.Close()`
			`_, err = io.Copy(out, in)`
			`return err`
			`}`
			`resp, err := http.Get(url)`
			`if err != nil {`
			`return err`
			`}`
			`defer resp.Body.Close()`
			`if resp.StatusCode != http.StatusOK {`
			`return fmt.Errorf("download failed: %s", resp.Status)`
			`}`
			`out, err := os.Create(dest)`
			`if err != nil {`
			`return err`
			`}`
			`defer out.Close()`
			`_, err = io.Copy(out, resp.Body)`
			`return err`
			`}`

feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`func decompressXZ(src, dest string) error {`
			`out, err := os.Create(dest)`
			`if err != nil {`
			`return err`
			`}`
			`defer out.Close()`
			`cmd := exec.Command("xz", "-dc", src)`
			`cmd.Stdout = out`
			`var stderr strings.Builder`
			`cmd.Stderr = &stderr`
			`if err := cmd.Run(); err != nil {`
			`return fmt.Errorf("xz decompress %s: %w: %s", src, err, stderr.String())`
			`}`
			`return out.Sync()`
			`}`

feat: add download/checksum and burn execution stub 2026-01-11 02:35:24 -03:00			`// VerifyChecksum checks sha256 in the form "sha256:<hex>".`
			`func VerifyChecksum(path, checksum string) error {`
			`if checksum == "" {`
			`return nil`
			`}`
			`parts := strings.SplitN(checksum, ":", 2)`
			`if len(parts) != 2 \|\| parts[0] != "sha256" {`
			`return errors.New("unsupported checksum format; use sha256:<hex>")`
			`}`
			`expected := strings.ToLower(parts[1])`
			`f, err := os.Open(path)`
			`if err != nil {`
			`return err`
			`}`
			`defer f.Close()`
			`h := sha256.New()`
			`if _, err := io.Copy(h, f); err != nil {`
			`return err`
			`}`
			`sum := hex.EncodeToString(h.Sum(nil))`
			`if sum != expected {`
			`return fmt.Errorf("checksum mismatch: expected %s got %s", expected, sum)`
			`}`
			`return nil`
			`}`