Merge pull request 'Stop calculating MD5 hashes' (#247) from Chewing_Bever/vieter:no-md5 into dev

Reviewed-on: vieter/vieter#247

CHANGELOG.md

@@ -17,6 +17,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Renamed `vieter repos` to `vieter targets`
 * Renamed `/api/v1/repos` namespace to `/api/v1/targets`
 
+### Removed
+
+* md5 hashes are no longer calculated for packages
+
 ## [0.3.0](https://git.rustybever.be/vieter/vieter/src/tag/0.3.0)
 
 Nothing besides bumping the versions.

docs/api/source/includes/_logs.md

@@ -13,7 +13,7 @@ Endpoints for interacting with stored build logs.
 ```shell
 curl \
   -H 'X-Api-Key: secret' \
-  https://example.com/api/logs?offset=10&limit=20
+  https://example.com/api/v1/logs?offset=10&limit=20
 ```
 
 > JSON output format
@@ -38,7 +38,7 @@ Retrieve a list of build logs.
 
 ### HTTP Request
 
-`GET /api/logs`
+`GET /api/v1/logs`
 
 ### Query Parameters
 
@@ -58,7 +58,7 @@ exit_codes | Comma-separated list of exit codes to limit result to; using `!` as
 ```shell
 curl \
   -H 'X-Api-Key: secret' \
-  https://example.com/api/logs/1
+  https://example.com/api/v1/logs/1
 ```
 
 > JSON output format
@@ -81,7 +81,7 @@ Retrieve info about a specific build log.
 
 ### HTTP Request
 
-`GET /api/logs/:id`
+`GET /api/v1/logs/:id`
 
 ### URL Parameters
 
@@ -94,7 +94,7 @@ id | ID of requested log
 ```shell
 curl \
   -H 'X-Api-Key: secret' \
-  https://example.com/api/logs/15/content
+  https://example.com/api/v1/logs/15/content
 ```
 
 Retrieve the contents of a build log. The response is the build log in
@@ -102,7 +102,7 @@ plaintext.
 
 ### HTTP Request
 
-`GET /api/logs/:id/content`
+`GET /api/v1/logs/:id/content`
 
 ### URL Parameters
 
@@ -123,7 +123,7 @@ Publish a new build log to the server.
 
 ### HTTP Request
 
-`POST /api/logs`
+`POST /api/v1/logs`
 
 ### Query parameters
 

docs/api/source/includes/_targets.md

@@ -13,7 +13,7 @@ Endpoints for interacting with the list of targets stored on the server.
 ```shell
 curl \
   -H 'X-Api-Key: secret' \
-  https://example.com/api/targets?offset=10&limit=20
+  https://example.com/api/v1/targets?offset=10&limit=20
 ```
 
 > JSON output format
@@ -44,7 +44,7 @@ Retrieve a list of targets.
 
 ### HTTP Request
 
-`GET /api/targets`
+`GET /api/v1/targets`
 
 ### Query Parameters
 
@@ -59,7 +59,7 @@ repo | Limit results to targets that publish to the given repo.
 ```shell
 curl \
   -H 'X-Api-Key: secret' \
-  https://example.com/api/targets/1
+  https://example.com/api/v1/targets/1
 ```
 
 > JSON output format
@@ -88,7 +88,7 @@ Get info about a specific target.
 
 ### HTTP Request
 
-`GET /api/targets/:id`
+`GET /api/v1/targets/:id`
 
 ### URL Parameters
 
@@ -102,7 +102,7 @@ Create a new target with the given data.
 
 ### HTTP Request
 
-`POST /api/targets`
+`POST /api/v1/targets`
 
 ### Query Parameters
 
@@ -120,7 +120,7 @@ Modify the data of an existing target.
 
 ### HTTP Request
 
-`PATCH /api/targets/:id`
+`PATCH /api/v1/targets/:id`
 
 ### URL Parameters
 
@@ -144,7 +144,7 @@ Remove a target from the server.
 
 ### HTTP Request
 
-`DELETE /api/targets/:id`
+`DELETE /api/v1/targets/:id`
 
 ### URL Parameters
 

src/package/package.v

@@ -42,8 +42,8 @@ pub mut:
 	checkdepends []string
 }
 
-// checksum calculates the md5 & sha256 hash of the package
-pub fn (p &Pkg) checksum() ?(string, string) {
+// checksum calculates the sha256 hash of the package
+pub fn (p &Pkg) checksum() ?string {
 	return util.hash_file(p.path)
 }
 
@@ -201,8 +201,7 @@ pub fn (pkg &Pkg) filename() string {
 }
 
 // to_desc returns a desc file valid string representation
-// TODO calculate md5 & sha256 instead of believing the file
-pub fn (pkg &Pkg) to_desc() string {
+pub fn (pkg &Pkg) to_desc() ?string {
 	p := pkg.info
 
 	// filename
@@ -223,9 +222,8 @@ pub fn (pkg &Pkg) to_desc() string {
 	desc += format_entry('CSIZE', p.csize.str())
 	desc += format_entry('ISIZE', p.size.str())
 
-	md5sum, sha256sum := pkg.checksum() or { '', '' }
+	sha256sum := pkg.checksum()?
 
-	desc += format_entry('MD5SUM', md5sum)
 	desc += format_entry('SHA256SUM', sha256sum)
 
 	// TODO add pgpsig stuff

src/repo/repo.v

@@ -139,7 +139,7 @@ fn (r &RepoGroupManager) add_pkg_in_arch_repo(repo string, arch string, pkg &pac
 
 	os.mkdir_all(pkg_dir) or { return error('Failed to create package directory.') }
 
-	os.write_file(os.join_path_single(pkg_dir, 'desc'), pkg.to_desc()) or {
+	os.write_file(os.join_path_single(pkg_dir, 'desc'), pkg.to_desc()?) or {
 		os.rmdir_all(pkg_dir)?
 
 		return error('Failed to write desc file.')

src/util/util.v

@@ -1,7 +1,6 @@
 module util
 
 import os
-import crypto.md5
 import crypto.sha256
 
 const (
@@ -23,12 +22,10 @@ pub fn exit_with_message(code int, msg string) {
 	exit(code)
 }
 
-// hash_file returns the md5 & sha256 hash of a given file
-// TODO actually implement sha256
-pub fn hash_file(path &string) ?(string, string) {
+// hash_file returns the sha256 hash of a given file
+pub fn hash_file(path &string) ?string {
 	file := os.open(path) or { return error('Failed to open file.') }
 
-	mut md5sum := md5.new()
 	mut sha256sum := sha256.new()
 
 	buf_size := int(1_000_000)
@@ -40,16 +37,12 @@ pub fn hash_file(path &string) ?(string, string) {
 		bytes_read := file.read(mut buf) or { return error('Failed to read from file.') }
 		bytes_left -= u64(bytes_read)
 
-		// For now we'll assume that this always works
-		md5sum.write(buf[..bytes_read]) or {
-			return error('Failed to update md5 checksum. This should never happen.')
-		}
-		sha256sum.write(buf[..bytes_read]) or {
-			return error('Failed to update sha256 checksum. This should never happen.')
-		}
+		// This function never actually fails, but returns an option to follow
+		// the Writer interface.
+		sha256sum.write(buf[..bytes_read])?
 	}
 
-	return md5sum.checksum().hex(), sha256sum.checksum().hex()
+	return sha256sum.checksum().hex()
 }
 
 // pretty_bytes converts a byte count to human-readable version