Rename "root hash" to "fingerprint"

README.md

@@ -216,11 +216,11 @@ Lofty Ambitions
 
 `filepack` has lofty ambitions!
 
-- Definition of a "root" hash, likely just the hash of the manifest itself, so
- that as long as the root hash is received from a trusted source the manifest
- itself does not need to be trusted.
+- Definition of a "fingerprint" hash, likely just the hash of the manifest
+ itself, so that as long as the fingerprint is received from a trusted source
+ the manifest itself does not need to be trusted.
 
-- Creation and verification of signatures over the root hash, so that
+- Creation and verification of signatures over the fingerprint, so that
  developers and packagers can vouch for the correctness of the contents of a
  manifest, and users can verify that a manifest was signed by a trusted public
  key.

src/error.rs

@@ -127,8 +127,8 @@ pub(crate) enum Error {
  backtrace: Option<Backtrace>,
  path: DisplayPath,
  },
- #[snafu(display("root hash mismatch"))]
- RootHashMismatch { backtrace: Option<Backtrace> },
+ #[snafu(display("fingerprint mismatch"))]
+ FingerprintMismatch { backtrace: Option<Backtrace> },
  #[snafu(display("manifest has already been signed by public key `{public_key}`"))]
  SignatureAlreadyExists {
  backtrace: Option<Backtrace>,

src/manifest.rs

@@ -12,7 +12,7 @@ pub(crate) struct Manifest {
 impl Manifest {
  pub(crate) const FILENAME: &'static str = "filepack.json";
 
- pub(crate) fn root_hash(&self) -> Hash {
+ pub(crate) fn fingerprint(&self) -> Hash {
  let canonical = Self {
  files: self.files.clone(),
  signatures: BTreeMap::new(),

src/page.rs

@@ -69,7 +69,7 @@ mod tests {
  <dd>1</dd>
  <dt>total size</dt>
  <dd>1 KiB</dd>
- <dt>root hash</dt>
+ <dt>fingerprint</dt>
  <dd class=monospace>2e2f6ca534371afe8783a9bcace2237a7611e2e5aa87eb272782b563f70d14ac</dd>
  <dt>signatures</dt>
  <dd class=monospace>3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29</dd>

src/subcommand/create.rs

@@ -180,7 +180,7 @@ impl Create {
  let private_key_path = options.key_dir()?.join(MASTER_PRIVATE_KEY);
 
  let (public_key, signature) =
- PrivateKey::load_and_sign(&private_key_path, manifest.root_hash().as_bytes())?;
+ PrivateKey::load_and_sign(&private_key_path, manifest.fingerprint().as_bytes())?;
 
  manifest.signatures.insert(public_key, signature);
  }

src/subcommand/sign.rs

@@ -25,10 +25,10 @@ impl Sign {
 
  let mut manifest = Manifest::load(&path)?;
 
- let root_hash = manifest.root_hash();
+ let fingerprint = manifest.fingerprint();
 
  for (public_key, signature) in &manifest.signatures {
- public_key.verify(root_hash.as_bytes(), signature)?;
+ public_key.verify(fingerprint.as_bytes(), signature)?;
  }
 
  if !self.force {
@@ -43,7 +43,7 @@ impl Sign {
  let private_key_path = options.key_dir()?.join(MASTER_PRIVATE_KEY);
 
  let (public_key, signature) =
- PrivateKey::load_and_sign(&private_key_path, root_hash.as_bytes())?;
+ PrivateKey::load_and_sign(&private_key_path, fingerprint.as_bytes())?;
 
  manifest.signatures.insert(public_key, signature);
 

src/subcommand/verify.rs

@@ -2,8 +2,8 @@ use super::*;
 
 #[derive(Parser)]
 pub(crate) struct Verify {
- #[arg(help = "Verify manifest root hash is <HASH>", long)]
- hash: Option<Hash>,
+ #[arg(help = "Verify manifest fingerprint is <FINGERPRINT>", long)]
+ fingerprint: Option<Hash>,
  #[arg(help = "Ignore missing files", long)]
  ignore_missing: bool,
  #[arg(help = "Verify that manifest has been signed by <KEY>", long)]
@@ -45,20 +45,20 @@ impl Verify {
  path: Manifest::FILENAME,
  })?;
 
- let root_hash = manifest.root_hash();
+ let fingerprint = manifest.fingerprint();
 
- if let Some(expected) = self.hash {
- if root_hash != expected {
+ if let Some(expected) = self.fingerprint {
+ if fingerprint != expected {
  let style = Style::stderr();
  eprintln!(
  "\
-root hash mismatch: `{source}`
- expected: {}
- actual: {}",
+fingerprint mismatch: `{source}`
+  expected: {}
+  actual: {}",
  expected.style(style.good()),
- root_hash.style(style.bad()),
+ fingerprint.style(style.bad()),
  );
- return Err(error::RootHashMismatch.build());
+ return Err(error::FingerprintMismatch.build());
  }
  }
 
@@ -169,7 +169,7 @@ mismatched file: `{path}`
  }
 
  for (public_key, signature) in &manifest.signatures {
- public_key.verify(root_hash.as_bytes(), signature)?;
+ public_key.verify(fingerprint.as_bytes(), signature)?;
  }
 
  if let Some(key) = self.key {

templates/page.html

@@ -21,8 +21,8 @@ <h1>{{ metadata.title }}</h1>
  <dd>{{ self.manifest.files.len() }}</dd>
  <dt>total size</dt>
  <dd>{{ Bytes(self.manifest.total_size()) }}</dd>
- <dt>root hash</dt>
- <dd class=monospace>{{ self.manifest.root_hash() }}</dd>
+ <dt>fingerprint</dt>
+ <dd class=monospace>{{ self.manifest.fingerprint() }}</dd>
  <dt>signatures</dt>
 %% for key in self.manifest.signatures.keys() {
  <dd class=monospace>{{ key }}</dd>

tests/create.rs

@@ -588,10 +588,10 @@ fn sign_creates_valid_signature() {
  ed25519_dalek::VerifyingKey::from_bytes(&hex::decode(public_key).unwrap().try_into().unwrap())
  .unwrap();
 
- let root_hash = blake3::hash(r#"{"files":{"bar":{"hash":"af1349b9f5f9a1a6a0404dea36dcc9499bcb25c9adc112b7cc9a93cae41f3262","size":0}}}"#.as_bytes());
+ let fingerprint = blake3::hash(r#"{"files":{"bar":{"hash":"af1349b9f5f9a1a6a0404dea36dcc9499bcb25c9adc112b7cc9a93cae41f3262","size":0}}}"#.as_bytes());
 
  public_key
- .verify_strict(root_hash.as_bytes(), &signature)
+ .verify_strict(fingerprint.as_bytes(), &signature)
  .unwrap();
 
  Command::cargo_bin("filepack")

tests/verify.rs

@@ -624,7 +624,7 @@ fn signature_verification_success() {
 }
 
 #[test]
-fn verify_hash() {
+fn verify_fingerprint() {
  let dir = TempDir::new().unwrap();
 
  dir.child("foo").touch().unwrap();
@@ -640,7 +640,7 @@ fn verify_hash() {
  .unwrap()
  .args([
  "verify",
- "--hash",
+ "--fingerprint",
  "74ddbe0dcf48c634aca1d90f37defd60b230fc52857ffa4b6c956583e8a4daaf",
  ])
  .current_dir(&dir)
@@ -651,17 +651,17 @@ fn verify_hash() {
  .unwrap()
  .args([
  "verify",
- "--hash",
+ "--fingerprint",
  "0000000000000000000000000000000000000000000000000000000000000000",
  ])
  .current_dir(&dir)
  .assert()
  .stderr(is_match(
  "\
-root hash mismatch: `.*filepack\\.json`
- expected: 0000000000000000000000000000000000000000000000000000000000000000
- actual: 74ddbe0dcf48c634aca1d90f37defd60b230fc52857ffa4b6c956583e8a4daaf
-error: root hash mismatch\n",
+fingerprint mismatch: `.*filepack\\.json`
+  expected: 0000000000000000000000000000000000000000000000000000000000000000
+  actual: 74ddbe0dcf48c634aca1d90f37defd60b230fc52857ffa4b6c956583e8a4daaf
+error: fingerprint mismatch\n",
  ))
  .failure();
 }