2022-08-01 02:42:18 +03:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Bundler
|
|
|
|
class Checksum
|
2023-10-21 06:16:24 +03:00
|
|
|
ALGO_SEPARATOR = "="
|
2023-09-02 01:15:49 +03:00
|
|
|
DEFAULT_ALGORITHM = "sha256"
|
|
|
|
private_constant :DEFAULT_ALGORITHM
|
2023-08-31 01:15:52 +03:00
|
|
|
DEFAULT_BLOCK_SIZE = 16_384
|
|
|
|
private_constant :DEFAULT_BLOCK_SIZE
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
class << self
|
2023-12-02 01:20:51 +03:00
|
|
|
def from_gem_package(gem_package, algo = DEFAULT_ALGORITHM)
|
|
|
|
return if Bundler.settings[:disable_checksum_validation]
|
|
|
|
return unless source = gem_package.instance_variable_get(:@gem)
|
|
|
|
return unless source.respond_to?(:with_read_io)
|
|
|
|
|
|
|
|
source.with_read_io do |io|
|
|
|
|
from_gem(io, source.path)
|
|
|
|
ensure
|
|
|
|
io.rewind
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def from_gem(io, pathname, algo = DEFAULT_ALGORITHM)
|
|
|
|
digest = Bundler::SharedHelpers.digest(algo.upcase).new
|
2023-12-08 00:10:33 +03:00
|
|
|
buf = String.new(capacity: DEFAULT_BLOCK_SIZE)
|
2023-09-02 01:15:49 +03:00
|
|
|
digest << io.readpartial(DEFAULT_BLOCK_SIZE, buf) until io.eof?
|
|
|
|
Checksum.new(algo, digest.hexdigest!, Source.new(:gem, pathname))
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
|
|
|
|
2023-10-21 06:16:24 +03:00
|
|
|
def from_api(digest, source_uri, algo = DEFAULT_ALGORITHM)
|
2023-12-02 01:20:51 +03:00
|
|
|
return if Bundler.settings[:disable_checksum_validation]
|
2023-12-15 21:30:14 +03:00
|
|
|
|
2023-10-21 06:16:24 +03:00
|
|
|
Checksum.new(algo, to_hexdigest(digest, algo), Source.new(:api, source_uri))
|
2023-09-02 01:15:49 +03:00
|
|
|
end
|
|
|
|
|
|
|
|
def from_lock(lock_checksum, lockfile_location)
|
2023-10-21 06:16:24 +03:00
|
|
|
algo, digest = lock_checksum.strip.split(ALGO_SEPARATOR, 2)
|
|
|
|
Checksum.new(algo, to_hexdigest(digest, algo), Source.new(:lock, lockfile_location))
|
|
|
|
end
|
|
|
|
|
|
|
|
def to_hexdigest(digest, algo = DEFAULT_ALGORITHM)
|
|
|
|
return digest unless algo == DEFAULT_ALGORITHM
|
|
|
|
return digest if digest.match?(/\A[0-9a-f]{64}\z/i)
|
2023-12-15 21:30:14 +03:00
|
|
|
|
2023-10-21 06:16:24 +03:00
|
|
|
if digest.match?(%r{\A[-0-9a-z_+/]{43}={0,2}\z}i)
|
|
|
|
digest = digest.tr("-_", "+/") # fix urlsafe base64
|
2023-12-15 21:30:14 +03:00
|
|
|
digest.unpack1("m0").unpack1("H*")
|
|
|
|
else
|
|
|
|
raise ArgumentError, "#{digest.inspect} is not a valid SHA256 hex or base64 digest"
|
2023-10-21 06:16:24 +03:00
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
attr_reader :algo, :digest, :sources
|
2023-09-02 01:15:49 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def initialize(algo, digest, source)
|
|
|
|
@algo = algo
|
|
|
|
@digest = digest
|
|
|
|
@sources = [source]
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def ==(other)
|
|
|
|
match?(other) && other.sources == sources
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
alias_method :eql?, :==
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-12-14 23:42:15 +03:00
|
|
|
def same_source?(other)
|
|
|
|
sources.include?(other.sources.first)
|
|
|
|
end
|
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def match?(other)
|
|
|
|
other.is_a?(self.class) && other.digest == digest && other.algo == algo
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def hash
|
|
|
|
digest.hash
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def to_s
|
|
|
|
"#{to_lock} (from #{sources.first}#{", ..." if sources.size > 1})"
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def to_lock
|
2023-10-21 06:16:24 +03:00
|
|
|
"#{algo}#{ALGO_SEPARATOR}#{digest}"
|
2023-08-31 01:15:52 +03:00
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def merge!(other)
|
2023-09-02 01:15:49 +03:00
|
|
|
return nil unless match?(other)
|
2023-12-15 21:30:14 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
@sources.concat(other.sources).uniq!
|
|
|
|
self
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def formatted_sources
|
|
|
|
sources.join("\n and ").concat("\n")
|
|
|
|
end
|
|
|
|
|
|
|
|
def removable?
|
|
|
|
sources.all?(&:removable?)
|
|
|
|
end
|
|
|
|
|
|
|
|
def removal_instructions
|
|
|
|
msg = +""
|
|
|
|
i = 1
|
|
|
|
sources.each do |source|
|
|
|
|
msg << " #{i}. #{source.removal}\n"
|
|
|
|
i += 1
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
2023-09-02 01:15:49 +03:00
|
|
|
msg << " #{i}. run `bundle install`\n"
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def inspect
|
2023-10-21 06:16:24 +03:00
|
|
|
abbr = "#{algo}#{ALGO_SEPARATOR}#{digest[0, 8]}"
|
2023-09-02 01:15:49 +03:00
|
|
|
from = "from #{sources.join(" and ")}"
|
|
|
|
"#<#{self.class}:#{object_id} #{abbr} #{from}>"
|
|
|
|
end
|
|
|
|
|
|
|
|
class Source
|
|
|
|
attr_reader :type, :location
|
|
|
|
|
|
|
|
def initialize(type, location)
|
|
|
|
@type = type
|
|
|
|
@location = location
|
|
|
|
end
|
|
|
|
|
|
|
|
def removable?
|
|
|
|
type == :lock || type == :gem
|
|
|
|
end
|
|
|
|
|
|
|
|
def ==(other)
|
|
|
|
other.is_a?(self.class) && other.type == type && other.location == location
|
|
|
|
end
|
|
|
|
|
|
|
|
# phrased so that the usual string format is grammatically correct
|
2023-10-21 06:16:24 +03:00
|
|
|
# rake (10.3.2) sha256=abc123 from #{to_s}
|
2023-09-02 01:15:49 +03:00
|
|
|
def to_s
|
|
|
|
case type
|
|
|
|
when :lock
|
|
|
|
"the lockfile CHECKSUMS at #{location}"
|
|
|
|
when :gem
|
|
|
|
"the gem at #{location}"
|
|
|
|
when :api
|
|
|
|
"the API at #{location}"
|
|
|
|
else
|
|
|
|
"#{location} (#{type})"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# A full sentence describing how to remove the checksum
|
|
|
|
def removal
|
|
|
|
case type
|
|
|
|
when :lock
|
|
|
|
"remove the matching checksum in #{location}"
|
|
|
|
when :gem
|
|
|
|
"remove the gem at #{location}"
|
|
|
|
when :api
|
|
|
|
"checksums from #{location} cannot be locally modified, you may need to update your sources"
|
|
|
|
else
|
|
|
|
"remove #{location} (#{type})"
|
|
|
|
end
|
|
|
|
end
|
2023-08-31 01:15:52 +03:00
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
class Store
|
|
|
|
attr_reader :store
|
|
|
|
protected :store
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-08-31 01:15:52 +03:00
|
|
|
def initialize
|
|
|
|
@store = {}
|
2023-12-14 23:42:15 +03:00
|
|
|
@store_mutex = Mutex.new
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def inspect
|
|
|
|
"#<#{self.class}:#{object_id} size=#{store.size}>"
|
2022-08-01 02:42:18 +03:00
|
|
|
end
|
2023-02-10 22:34:30 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
# Replace when the new checksum is from the same source.
|
2023-12-14 23:42:15 +03:00
|
|
|
# The primary purpose is registering checksums from gems where there are
|
2023-09-02 01:15:49 +03:00
|
|
|
# duplicates of the same gem (according to full_name) in the index.
|
2023-12-14 23:42:15 +03:00
|
|
|
#
|
2023-09-02 01:15:49 +03:00
|
|
|
# In particular, this is when 2 gems have two similar platforms, e.g.
|
|
|
|
# "darwin20" and "darwin-20", both of which resolve to darwin-20.
|
|
|
|
# In the Index, the later gem replaces the former, so we do that here.
|
|
|
|
#
|
|
|
|
# However, if the new checksum is from a different source, we register like normal.
|
|
|
|
# This ensures a mismatch error where there are multiple top level sources
|
|
|
|
# that contain the same gem with different checksums.
|
|
|
|
def replace(spec, checksum)
|
2023-08-31 01:15:52 +03:00
|
|
|
return unless checksum
|
2023-12-15 21:30:14 +03:00
|
|
|
|
2023-12-13 22:15:51 +03:00
|
|
|
lock_name = spec.name_tuple.lock_name
|
2023-12-14 23:42:15 +03:00
|
|
|
@store_mutex.synchronize do
|
|
|
|
existing = fetch_checksum(lock_name, checksum.algo)
|
|
|
|
if !existing || existing.same_source?(checksum)
|
|
|
|
store_checksum(lock_name, checksum)
|
|
|
|
else
|
|
|
|
merge_checksum(lock_name, checksum, existing)
|
|
|
|
end
|
2023-09-02 01:15:49 +03:00
|
|
|
end
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def register(spec, checksum)
|
|
|
|
return unless checksum
|
2023-12-15 21:30:14 +03:00
|
|
|
|
2023-12-13 22:15:51 +03:00
|
|
|
register_checksum(spec.name_tuple.lock_name, checksum)
|
2023-09-02 01:15:49 +03:00
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def merge!(other)
|
2023-12-13 22:15:51 +03:00
|
|
|
other.store.each do |lock_name, checksums|
|
2023-09-02 01:15:49 +03:00
|
|
|
checksums.each do |_algo, checksum|
|
2023-12-13 22:15:51 +03:00
|
|
|
register_checksum(lock_name, checksum)
|
2023-09-02 01:15:49 +03:00
|
|
|
end
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
def to_lock(spec)
|
2023-12-13 22:15:51 +03:00
|
|
|
lock_name = spec.name_tuple.lock_name
|
2023-12-14 23:42:15 +03:00
|
|
|
checksums = @store[lock_name]
|
|
|
|
if checksums
|
2023-12-13 22:15:51 +03:00
|
|
|
"#{lock_name} #{checksums.values.map(&:to_lock).sort.join(",")}"
|
2023-09-02 01:15:49 +03:00
|
|
|
else
|
2023-12-13 22:15:51 +03:00
|
|
|
lock_name
|
2023-09-02 01:15:49 +03:00
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
2023-08-31 01:15:52 +03:00
|
|
|
|
2023-09-02 01:15:49 +03:00
|
|
|
private
|
|
|
|
|
2023-12-13 22:15:51 +03:00
|
|
|
def register_checksum(lock_name, checksum)
|
2023-12-14 23:42:15 +03:00
|
|
|
@store_mutex.synchronize do
|
|
|
|
existing = fetch_checksum(lock_name, checksum.algo)
|
|
|
|
if existing
|
|
|
|
merge_checksum(lock_name, checksum, existing)
|
|
|
|
else
|
|
|
|
store_checksum(lock_name, checksum)
|
|
|
|
end
|
2023-08-09 23:45:56 +03:00
|
|
|
end
|
|
|
|
end
|
2023-12-14 23:42:15 +03:00
|
|
|
|
|
|
|
def merge_checksum(lock_name, checksum, existing)
|
|
|
|
existing.merge!(checksum) || raise(ChecksumMismatchError.new(lock_name, existing, checksum))
|
|
|
|
end
|
|
|
|
|
|
|
|
def store_checksum(lock_name, checksum)
|
|
|
|
(@store[lock_name] ||= {})[checksum.algo] = checksum
|
|
|
|
end
|
|
|
|
|
|
|
|
def fetch_checksum(lock_name, algo)
|
|
|
|
@store[lock_name]&.fetch(algo, nil)
|
|
|
|
end
|
2023-02-10 22:34:30 +03:00
|
|
|
end
|
2022-08-01 02:42:18 +03:00
|
|
|
end
|
|
|
|
end
|