[package]
categories = ["cryptography", "development-tools"]
description = "Git Object Identifiers in Rust"
keywords = ["gitbom", "omnibor", "sbom", "gitoid"]
name = "gitoid"
readme = "README.md"
repository = "https://github.com/omnibor/omnibor-rs"
version = "0.8.0"
homepage.workspace = true
license.workspace = true
edition.workspace = true

[dependencies]

# no_std compatible dependencies.

# NOTE: Must match the version used in the hash crate.
#
# Technically, we could rely on the re-export from one of those crates,
# but since all the hash crates are optional dependencies our usage code
# within the 'gitoid' crate would be more complex to handle the possibility
# for any/all of them to be missing. It's simpler to just specify it here
# so we know we always get the crate.
digest = { version = "0.10.7" }
sha1 = { version = "0.10.6", default-features = false, optional = true }
sha1collisiondetection = { version = "0.3.3", default-features = false, features = [
    "digest-trait",
], optional = true }
sha2 = { version = "0.10.8", default-features = false, optional = true }

# std-requiring dependencies.

format-bytes = { version = "0.3.0", optional = true }
hex = { version = "0.4.3", optional = true }
serde = { version = "1.0.197", optional = true }
tokio = { version = "1.36.0", features = ["io-util"], optional = true }
url = { version = "2.4.1", optional = true }
boring = { version = "4.6.0", optional = true }
openssl = { version = "0.10.66", optional = true }

[dev-dependencies]

# Need "rt" and "fs" additionally for tests.
tokio = { version = "1.36.0", features = [
    "io-util",
    "fs",
    "rt",
    "rt-multi-thread",
] }
serde_test = "1.0.176"
criterion = { version = "0.5.1" }

[features]

# By default, you get:
#
# - Hashes: sha1, sha1cd, sha256.
# - Async: ability to asynchronously produce GitOIDs using the Tokio runtime.
# - Hex: ability to print a GitOid with a hexadecimal hash representation.
# - Url: ability to convert a GitOid to and from a gitoid-scheme URL.
# - Serde: ability to serialize and deserialize a GitOid to and from a URL.
# - Rustcrypto: use the RustCrypto crates as the cryptography backend.
default = [
    "async",
    "hex",
    "serde",
    "std",
    "url",
    "rustcrypto",
    "sha1",
    "sha1cd",
    "sha256",
]

# Async support is optional. That said, it's currently _only_ with Tokio,
# meaning you'd need to handle integrating with any other async runtime
# yourself. In the future it may be nice to make our async support fully
# generic and not specific to a given runtime.
#
# Note also that async support implies using the standard library, as Tokio
# is not `no_std`-compatible.
async = ["dep:tokio", "std"]

# Get the ability to print the contents of the hash buffer as a hexadecimal string.
#
# This relies on `std` as we don't currently expose a `no_std`-compatible
# variant of our API's which use `hex`.
hex = ["dep:hex", "std"]

# Get the ability to serialize and deserialize `GitOids`.
serde = ["dep:serde", "url", "std"]

# All hash algorithms are optional, though you need to have at least one
# algorithm turned on for this crate to be useful. This is intended to
# just let you avoid paying the cost of algorithms you don't use.
sha1 = ["dep:sha1"]
sha1cd = ["dep:sha1collisiondetection"]
sha256 = ["dep:sha2"]

# Get standard library support.
#
# This feature is enabled by default. You can disable it to run in
# environments without `std`, usually embedded environments.
std = [
    "digest/std",
    "sha1?/std",
    "sha1collisiondetection?/std",
    "sha2?/std",
    "dep:format-bytes",
]

# Get the ability to construct and get out URLs.
#
# This relies on `std` as the `url` crate isn't `no_std`-compatible.
# This also relies on `hex` as the URL includes the hex-encoded hash.
url = ["dep:url", "hex", "std"]

# Enable using RustCrypto as a cryptography backend.
rustcrypto = []

# Enable using BoringSLL as a cryptography backend.
#
# NOTE: This unconditionally turns on the "sha1" and "sha256" features,
# because the `boring` crate which provides the BoringSSL cryptography
# implementations does not permit conditionally compiling those
# implementations out. Since they're _always_ present, we might as well
# use them unconditionally.
boringssl = ["dep:boring", "sha1", "sha256"]

# Enable using OpenSSL as a cryptography backend.
#
# NOTE: Like the "boringssl" feature, this unconditionally turns on
# the "sha1" and "sha256" features, as they're not able to be
# conditionally compiled out of the dependency, so there's no reason to omit
# them here.
openssl = ["dep:openssl", "sha1", "sha256"]

[[bench]]
name = "benchmark"
harness = false