Right now the omnibor crate only allows manifests to be created in "non-embedding" mode, which means that when the manifest is created, the artifact itself is not updated with a reference to the manifest. This is fine and compliant with the OmniBOR spec, but we also want to support "embedding mode" where the target artifact is updated. Embedding establishes a cryptographic relationship between the manifest and the Artifact Identifier of the target, ensuring that changes in the dependencies used to build the artifact will result in a change of the identifier for the artifact itself. It's in embedding mode that OmniBOR's Artifact IDs established the Merkle-tree like quality that was part of the original value proposition for it.
There are multiple parts to implementing this, which already have a skeleton in the existing code populated with todo!() macro calls:
[ ] #200
[ ] #201
[ ] #202
[ ] #203
While support for a broader range of embedding contexts may be added in the future, this is at least the minimal set of embedding contexts we'd like to support at the beginning.
Right now the
omniborcrate only allows manifests to be created in "non-embedding" mode, which means that when the manifest is created, the artifact itself is not updated with a reference to the manifest. This is fine and compliant with the OmniBOR spec, but we also want to support "embedding mode" where the target artifact is updated. Embedding establishes a cryptographic relationship between the manifest and the Artifact Identifier of the target, ensuring that changes in the dependencies used to build the artifact will result in a change of the identifier for the artifact itself. It's in embedding mode that OmniBOR's Artifact IDs established the Merkle-tree like quality that was part of the original value proposition for it.There are multiple parts to implementing this, which already have a skeleton in the existing code populated with
todo!()macro calls:While support for a broader range of embedding contexts may be added in the future, this is at least the minimal set of embedding contexts we'd like to support at the beginning.