banger/internal/imagecat/catalog.json at d22d05555ca0d4714b46b6da306ef085807cb3e6 - thaloco/banger - Thaloco Forge: We Forge.

thaloco/banger

Thales Maciel 3d9ae624b1

imagecat: catalog + fetch for banger image bundles

New package mirroring `kernelcat`: catalog + SHA256-verified HTTP
fetch of `.tar.zst` bundles that contain rootfs.ext4 + manifest.json.
Mounted empty (version:1, entries:[]) so nothing is pullable via the
bundle path yet; wiring into `banger image pull` lands in a later
phase.

- catalog.go: Catalog/CatEntry, LoadEmbedded, ParseCatalog, Lookup,
  ValidateName.
- fetch.go: Fetch(ctx, client, destDir, entry) downloads the bundle,
  verifies sha256, extracts exactly rootfs.ext4 and manifest.json
  into destDir, returns the parsed manifest. Rejects unexpected tar
  entries, unsafe paths, non-regular files, and cleans up partial
  writes on failure.
- Thirteen unit tests (happy path + every failure mode).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-17 15:11:52 -03:00

4 lines

36 B

JSON

Raw Blame History

 {
   "version": 1,
   "entries": []
 }