From 1b7c14e7dcd8850d622687e27eb454c6f8d5b05c Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Wed, 15 Jun 2022 22:15:11 +0200 Subject: [PATCH 1/2] feat(server): no longer calculate md5 hashes for packages --- CHANGELOG.md | 4 ++++ src/package/package.v | 10 ++++------ src/repo/repo.v | 2 +- src/util/util.v | 19 ++++++------------- 4 files changed, 15 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 109e65c..d01409a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Renamed `vieter repos` to `vieter targets` * Renamed `/api/v1/repos` namespace to `/api/v1/targets` +### Removed + +* md5 hashes are no longer calculated for packages + ## [0.3.0](https://git.rustybever.be/vieter/vieter/src/tag/0.3.0) Nothing besides bumping the versions. diff --git a/src/package/package.v b/src/package/package.v index 273322f..86bf40a 100644 --- a/src/package/package.v +++ b/src/package/package.v @@ -42,8 +42,8 @@ pub mut: checkdepends []string } -// checksum calculates the md5 & sha256 hash of the package -pub fn (p &Pkg) checksum() ?(string, string) { +// checksum calculates the sha256 hash of the package +pub fn (p &Pkg) checksum() ?string { return util.hash_file(p.path) } @@ -201,8 +201,7 @@ pub fn (pkg &Pkg) filename() string { } // to_desc returns a desc file valid string representation -// TODO calculate md5 & sha256 instead of believing the file -pub fn (pkg &Pkg) to_desc() string { +pub fn (pkg &Pkg) to_desc() ?string { p := pkg.info // filename @@ -223,9 +222,8 @@ pub fn (pkg &Pkg) to_desc() string { desc += format_entry('CSIZE', p.csize.str()) desc += format_entry('ISIZE', p.size.str()) - md5sum, sha256sum := pkg.checksum() or { '', '' } + sha256sum := pkg.checksum()? - desc += format_entry('MD5SUM', md5sum) desc += format_entry('SHA256SUM', sha256sum) // TODO add pgpsig stuff diff --git a/src/repo/repo.v b/src/repo/repo.v index 817ec30..c4b85c0 100644 --- a/src/repo/repo.v +++ b/src/repo/repo.v @@ -139,7 +139,7 @@ fn (r &RepoGroupManager) add_pkg_in_arch_repo(repo string, arch string, pkg &pac os.mkdir_all(pkg_dir) or { return error('Failed to create package directory.') } - os.write_file(os.join_path_single(pkg_dir, 'desc'), pkg.to_desc()) or { + os.write_file(os.join_path_single(pkg_dir, 'desc'), pkg.to_desc()?) or { os.rmdir_all(pkg_dir)? return error('Failed to write desc file.') diff --git a/src/util/util.v b/src/util/util.v index 266bcb5..4cd374e 100644 --- a/src/util/util.v +++ b/src/util/util.v @@ -1,7 +1,6 @@ module util import os -import crypto.md5 import crypto.sha256 const ( @@ -23,12 +22,10 @@ pub fn exit_with_message(code int, msg string) { exit(code) } -// hash_file returns the md5 & sha256 hash of a given file -// TODO actually implement sha256 -pub fn hash_file(path &string) ?(string, string) { +// hash_file returns the sha256 hash of a given file +pub fn hash_file(path &string) ?string { file := os.open(path) or { return error('Failed to open file.') } - mut md5sum := md5.new() mut sha256sum := sha256.new() buf_size := int(1_000_000) @@ -40,16 +37,12 @@ pub fn hash_file(path &string) ?(string, string) { bytes_read := file.read(mut buf) or { return error('Failed to read from file.') } bytes_left -= u64(bytes_read) - // For now we'll assume that this always works - md5sum.write(buf[..bytes_read]) or { - return error('Failed to update md5 checksum. This should never happen.') - } - sha256sum.write(buf[..bytes_read]) or { - return error('Failed to update sha256 checksum. This should never happen.') - } + // This function never actually fails, but returns an option to follow + // the Writer interface. + sha256sum.write(buf[..bytes_read])? } - return md5sum.checksum().hex(), sha256sum.checksum().hex() + return sha256sum.checksum().hex() } // pretty_bytes converts a byte count to human-readable version From a8d647cca365dec1c036c055783d9cd3ef632973 Mon Sep 17 00:00:00 2001 From: Chewing_Bever Date: Thu, 16 Jun 2022 22:38:42 +0200 Subject: [PATCH 2/2] fix(docs): use versioned endpoints in HTTP API docs --- docs/api/source/includes/_logs.md | 14 +++++++------- docs/api/source/includes/_targets.md | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/api/source/includes/_logs.md b/docs/api/source/includes/_logs.md index a38bf48..2797e60 100644 --- a/docs/api/source/includes/_logs.md +++ b/docs/api/source/includes/_logs.md @@ -13,7 +13,7 @@ Endpoints for interacting with stored build logs. ```shell curl \ -H 'X-Api-Key: secret' \ - https://example.com/api/logs?offset=10&limit=20 + https://example.com/api/v1/logs?offset=10&limit=20 ``` > JSON output format @@ -38,7 +38,7 @@ Retrieve a list of build logs. ### HTTP Request -`GET /api/logs` +`GET /api/v1/logs` ### Query Parameters @@ -58,7 +58,7 @@ exit_codes | Comma-separated list of exit codes to limit result to; using `!` as ```shell curl \ -H 'X-Api-Key: secret' \ - https://example.com/api/logs/1 + https://example.com/api/v1/logs/1 ``` > JSON output format @@ -81,7 +81,7 @@ Retrieve info about a specific build log. ### HTTP Request -`GET /api/logs/:id` +`GET /api/v1/logs/:id` ### URL Parameters @@ -94,7 +94,7 @@ id | ID of requested log ```shell curl \ -H 'X-Api-Key: secret' \ - https://example.com/api/logs/15/content + https://example.com/api/v1/logs/15/content ``` Retrieve the contents of a build log. The response is the build log in @@ -102,7 +102,7 @@ plaintext. ### HTTP Request -`GET /api/logs/:id/content` +`GET /api/v1/logs/:id/content` ### URL Parameters @@ -123,7 +123,7 @@ Publish a new build log to the server. ### HTTP Request -`POST /api/logs` +`POST /api/v1/logs` ### Query parameters diff --git a/docs/api/source/includes/_targets.md b/docs/api/source/includes/_targets.md index 05cf001..f7ea21e 100644 --- a/docs/api/source/includes/_targets.md +++ b/docs/api/source/includes/_targets.md @@ -13,7 +13,7 @@ Endpoints for interacting with the list of targets stored on the server. ```shell curl \ -H 'X-Api-Key: secret' \ - https://example.com/api/targets?offset=10&limit=20 + https://example.com/api/v1/targets?offset=10&limit=20 ``` > JSON output format @@ -44,7 +44,7 @@ Retrieve a list of targets. ### HTTP Request -`GET /api/targets` +`GET /api/v1/targets` ### Query Parameters @@ -59,7 +59,7 @@ repo | Limit results to targets that publish to the given repo. ```shell curl \ -H 'X-Api-Key: secret' \ - https://example.com/api/targets/1 + https://example.com/api/v1/targets/1 ``` > JSON output format @@ -88,7 +88,7 @@ Get info about a specific target. ### HTTP Request -`GET /api/targets/:id` +`GET /api/v1/targets/:id` ### URL Parameters @@ -102,7 +102,7 @@ Create a new target with the given data. ### HTTP Request -`POST /api/targets` +`POST /api/v1/targets` ### Query Parameters @@ -120,7 +120,7 @@ Modify the data of an existing target. ### HTTP Request -`PATCH /api/targets/:id` +`PATCH /api/v1/targets/:id` ### URL Parameters @@ -144,7 +144,7 @@ Remove a target from the server. ### HTTP Request -`DELETE /api/targets/:id` +`DELETE /api/v1/targets/:id` ### URL Parameters