summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFred Hebert <mononcqc@ferd.ca>2018-04-20 19:26:16 -0400
committerFred Hebert <mononcqc@ferd.ca>2018-04-20 19:26:16 -0400
commita73deb79cdeab9430972e6185b178aaa82ef00d4 (patch)
tree89735227adbb628f5b6b833662d035aa163cd128
parent39b743b36a13f63ccc4b9cd17594be070528d180 (diff)
parent04c4d0878021fd599b871449e8607ecbd2641603 (diff)
Merge branch 'tothlac-1743_specs'
-rw-r--r--src/rebar_pkg_resource.erl314
1 files changed, 250 insertions, 64 deletions
diff --git a/src/rebar_pkg_resource.erl b/src/rebar_pkg_resource.erl
index 2fb1868..2cf167e 100644
--- a/src/rebar_pkg_resource.erl
+++ b/src/rebar_pkg_resource.erl
@@ -14,14 +14,41 @@
,etag/1
,ssl_opts/1]).
+%% Exported for ct
-export([store_etag_in_cache/2]).
-include("rebar.hrl").
-include_lib("public_key/include/OTP-PUB-KEY.hrl").
+-type cached_result() :: {'bad_checksum',string()} |
+ {'bad_registry_checksum',string()} |
+ {'failed_extract',string()} |
+ {'ok','true'} |
+ {'unexpected_hash',string(),_,binary()}.
+
+-type download_result() :: {bad_download, binary() | string()} |
+ {fetch_fail, _, _} | cached_result().
+
+%%==============================================================================
+%% Public API
+%%==============================================================================
+-spec lock(AppDir, Source) -> Res when
+ AppDir :: file:name(),
+ Source :: tuple(),
+ Res :: {atom(), string(), any()}.
lock(_AppDir, Source) ->
Source.
+%%------------------------------------------------------------------------------
+%% @doc
+%% Return true if the stored version of the pkg is older than the current
+%% version.
+%% @end
+%%------------------------------------------------------------------------------
+-spec needs_update(Dir, Pkg) -> Res when
+ Dir :: file:name(),
+ Pkg :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ Res :: boolean().
needs_update(Dir, {pkg, _Name, Vsn, _Hash}) ->
[AppInfo] = rebar_app_discover:find_apps([Dir], all),
case rebar_app_info:original_vsn(AppInfo) =:= rebar_utils:to_list(Vsn) of
@@ -31,9 +58,32 @@ needs_update(Dir, {pkg, _Name, Vsn, _Hash}) ->
true
end.
+%%------------------------------------------------------------------------------
+%% @doc
+%% Download the given pkg.
+%% @end
+%%------------------------------------------------------------------------------
+-spec download(TmpDir, Pkg, State) -> Res when
+ TmpDir :: file:name(),
+ Pkg :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ State :: rebar_state:t(),
+ Res :: {'error',_} | {'ok',_} | {'tarball',binary() | string()}.
download(TmpDir, Pkg, State) ->
download(TmpDir, Pkg, State, true).
+%%------------------------------------------------------------------------------
+%% @doc
+%% Download the given pkg. The etag belonging to the pkg file will be updated
+%% only if the UpdateEtag is true and the ETag returned from the hexpm server
+%% is different.
+%% @end
+%%------------------------------------------------------------------------------
+-spec download(TmpDir, Pkg, State, UpdateETag) -> Res when
+ TmpDir :: file:name(),
+ Pkg :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ State :: rebar_state:t(),
+ UpdateETag :: boolean(),
+ Res :: download_result().
download(TmpDir, Pkg={pkg, Name, Vsn, _Hash}, State, UpdateETag) ->
CDN = rebar_state:get(State, rebar_packages_cdn, ?DEFAULT_CDN),
{ok, PackageDir} = rebar_packages:package_dir(State),
@@ -41,14 +91,124 @@ download(TmpDir, Pkg={pkg, Name, Vsn, _Hash}, State, UpdateETag) ->
ETagFile = binary_to_list(<<Name/binary, "-", Vsn/binary, ".etag">>),
CachePath = filename:join(PackageDir, Package),
ETagPath = filename:join(PackageDir, ETagFile),
- case rebar_utils:url_append_path(CDN, filename:join(?REMOTE_PACKAGE_DIR, Package)) of
+ case rebar_utils:url_append_path(CDN, filename:join(?REMOTE_PACKAGE_DIR,
+ Package)) of
{ok, Url} ->
- cached_download(TmpDir, CachePath, Pkg, Url, etag(ETagPath), State, ETagPath, UpdateETag);
+ cached_download(TmpDir, CachePath, Pkg, Url, etag(ETagPath), State,
+ ETagPath, UpdateETag);
_ ->
{fetch_fail, Name, Vsn}
end.
-cached_download(TmpDir, CachePath, Pkg={pkg, Name, Vsn, _Hash}, Url, ETag, State, ETagPath, UpdateETag) ->
+%%------------------------------------------------------------------------------
+%% @doc
+%% Implementation of rebar_resource make_vsn callback.
+%% Returns {error, string()} as this operation is not supported for pkg sources.
+%% @end
+%%------------------------------------------------------------------------------
+-spec make_vsn(Vsn) -> Res when
+ Vsn :: any(),
+ Res :: {'error',[1..255,...]}.
+make_vsn(_) ->
+ {error, "Replacing version of type pkg not supported."}.
+
+%%------------------------------------------------------------------------------
+%% @doc
+%% Download the pkg belonging to the given address. If the etag of the pkg
+%% is the same what we stored in the etag file previously return {ok, cached},
+%% if the file has changed (so the etag is not the same anymore) return
+%% {ok, Contents, NewEtag}, otherwise if some error occured return error.
+%% @end
+%%------------------------------------------------------------------------------
+-spec request(Url, ETag) -> Res when
+ Url :: string(),
+ ETag :: false | string(),
+ Res :: 'error' | {ok, cached} | {ok, any(), string()}.
+request(Url, ETag) ->
+ HttpOptions = [{ssl, ssl_opts(Url)},
+ {relaxed, true} | rebar_utils:get_proxy_auth()],
+ case httpc:request(get, {Url, [{"if-none-match", "\"" ++ ETag ++ "\""}
+ || ETag =/= false] ++
+ [{"User-Agent", rebar_utils:user_agent()}]},
+ HttpOptions, [{body_format, binary}], rebar) of
+ {ok, {{_Version, 200, _Reason}, Headers, Body}} ->
+ ?DEBUG("Successfully downloaded ~ts", [Url]),
+ {"etag", ETag1} = lists:keyfind("etag", 1, Headers),
+ {ok, Body, rebar_string:trim(ETag1, both, [$"])};
+ {ok, {{_Version, 304, _Reason}, _Headers, _Body}} ->
+ ?DEBUG("Cached copy of ~ts still valid", [Url]),
+ {ok, cached};
+ {ok, {{_Version, Code, _Reason}, _Headers, _Body}} ->
+ ?DEBUG("Request to ~p failed: status code ~p", [Url, Code]),
+ error;
+ {error, Reason} ->
+ ?DEBUG("Request to ~p failed: ~p", [Url, Reason]),
+ error
+ end.
+
+%%------------------------------------------------------------------------------
+%% @doc
+%% Read the etag belonging to the pkg file from the cache directory. The etag
+%% is stored in a separate file when the etag belonging to the package is
+%% returned from the hexpm server. The name is package-vsn.etag.
+%% @end
+%%------------------------------------------------------------------------------
+-spec etag(Path) -> Res when
+ Path :: file:name(),
+ Res :: false | string().
+etag(Path) ->
+ case file:read_file(Path) of
+ {ok, Bin} ->
+ binary_to_list(Bin);
+ {error, _} ->
+ false
+ end.
+
+%%------------------------------------------------------------------------------
+%% @doc
+%% Return the SSL options adequate for the project based on
+%% its configuration, including for validation of certs.
+%% @end
+%%------------------------------------------------------------------------------
+-spec ssl_opts(Url) -> Res when
+ Url :: string(),
+ Res :: proplists:proplist().
+ssl_opts(Url) ->
+ case get_ssl_config() of
+ ssl_verify_enabled ->
+ ssl_opts(ssl_verify_enabled, Url);
+ ssl_verify_disabled ->
+ [{verify, verify_none}]
+ end.
+
+%%------------------------------------------------------------------------------
+%% @doc
+%% Store the given etag in the .cache folder. The name is pakckage-vsn.etag.
+%% @end
+%%------------------------------------------------------------------------------
+-spec store_etag_in_cache(File, ETag) -> Res when
+ File :: file:name(),
+ ETag :: string(),
+ Res :: ok.
+store_etag_in_cache(Path, ETag) ->
+ _ = file:write_file(Path, ETag).
+
+%%%=============================================================================
+%%% Private functions
+%%%=============================================================================
+-spec cached_download(TmpDir, CachePath, Pkg, Url, ETag, State, ETagPath,
+ UpdateETag) -> Res when
+ TmpDir :: file:name(),
+ CachePath :: file:name(),
+ Pkg :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ Url :: string(),
+ ETag :: false | string(),
+ State :: rebar_state:t(),
+ ETagPath :: file:name(),
+ UpdateETag :: boolean(),
+ Res :: download_result().
+cached_download(TmpDir, CachePath, Pkg={pkg, Name, Vsn, _Hash}, Url, ETag,
+ State, ETagPath, UpdateETag) ->
case request(Url, ETag) of
{ok, cached} ->
?INFO("Version cached at ~ts is up to date, reusing it", [CachePath]),
@@ -56,7 +216,8 @@ cached_download(TmpDir, CachePath, Pkg={pkg, Name, Vsn, _Hash}, Url, ETag, State
{ok, Body, NewETag} ->
?INFO("Downloaded package, caching at ~ts", [CachePath]),
maybe_store_etag_in_cache(UpdateETag, ETagPath, NewETag),
- serve_from_download(TmpDir, CachePath, Pkg, NewETag, Body, State, ETagPath);
+ serve_from_download(TmpDir, CachePath, Pkg, NewETag, Body, State,
+ ETagPath);
error when ETag =/= false ->
store_etag_in_cache(ETagPath, ETag),
?INFO("Download error, using cached file at ~ts", [CachePath]),
@@ -65,6 +226,12 @@ cached_download(TmpDir, CachePath, Pkg={pkg, Name, Vsn, _Hash}, Url, ETag, State
{fetch_fail, Name, Vsn}
end.
+-spec serve_from_cache(TmpDir, CachePath, Pkg, State) -> Res when
+ TmpDir :: file:name(),
+ CachePath :: file:name(),
+ Pkg :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ State :: rebar_state:t(),
+ Res :: cached_result().
serve_from_cache(TmpDir, CachePath, Pkg, State) ->
{Files, Contents, Version, Meta} = extract(TmpDir, CachePath),
case checksums(Pkg, Files, Contents, Version, Meta, State) of
@@ -81,10 +248,21 @@ serve_from_cache(TmpDir, CachePath, Pkg, State) ->
?DEBUG("Checksums: registry: ~p, pkg: ~p", [_Reg, Chk]),
{bad_registry_checksum, CachePath};
{_Hash, _Bin, _Reg, _Tar} ->
- ?DEBUG("Checksums: expected: ~p, registry: ~p, pkg: ~p, meta: ~p", [_Hash, _Reg, _Bin, _Tar]),
+ ?DEBUG("Checksums: expected: ~p, registry: ~p, pkg: ~p, meta: ~p",
+ [_Hash, _Reg, _Bin, _Tar]),
{bad_checksum, CachePath}
end.
+-spec serve_from_download(TmpDir, CachePath, Package, ETag, Binary, State,
+ ETagPath) -> Res when
+ TmpDir :: file:name(),
+ CachePath :: file:name(),
+ Package :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ ETag :: string(),
+ Binary :: binary(),
+ State :: rebar_state:t(),
+ ETagPath :: file:name(),
+ Res :: download_result().
serve_from_download(TmpDir, CachePath, Package, ETag, Binary, State, ETagPath) ->
?DEBUG("Writing ~p to cache at ~ts", [Package, CachePath]),
file:write_file(CachePath, Binary),
@@ -92,10 +270,19 @@ serve_from_download(TmpDir, CachePath, Package, ETag, Binary, State, ETagPath) -
ETag ->
serve_from_cache(TmpDir, CachePath, Package, State);
FileETag ->
- ?DEBUG("Downloaded file ~ts ETag ~ts doesn't match returned ETag ~ts", [CachePath, ETag, FileETag]),
+ ?DEBUG("Downloaded file ~ts ETag ~ts doesn't match returned ETag ~ts",
+ [CachePath, ETag, FileETag]),
{bad_download, CachePath}
end.
+-spec extract(TmpDir, CachePath) -> Res when
+ TmpDir :: file:name(),
+ CachePath :: file:name(),
+ Res :: {Files, Contents, Version, Meta},
+ Files :: list({file:name(), binary()}),
+ Contents :: binary(),
+ Version :: binary(),
+ Meta :: binary().
extract(TmpDir, CachePath) ->
ec_file:mkdir_p(TmpDir),
{ok, Files} = erl_tar:extract(CachePath, [memory]),
@@ -104,82 +291,63 @@ extract(TmpDir, CachePath) ->
{"metadata.config", Meta} = lists:keyfind("metadata.config", 1, Files),
{Files, Contents, Version, Meta}.
+-spec checksums(Pkg, Files, Contents, Version, Meta, State) -> Res when
+ Pkg :: {pkg, Name :: binary(), Vsn :: binary(), Hash :: binary()},
+ Files :: list({file:name(), binary()}),
+ Contents :: binary(),
+ Version :: binary(),
+ Meta :: binary(),
+ State :: rebar_state:t(),
+ Res :: {Hash, BinChecksum, RegistryChecksum, TarChecksum},
+ Hash :: binary(),
+ BinChecksum :: binary(),
+ RegistryChecksum :: any(),
+ TarChecksum :: binary().
checksums(Pkg={pkg, _Name, _Vsn, Hash}, Files, Contents, Version, Meta, State) ->
Blob = <<Version/binary, Meta/binary, Contents/binary>>,
<<X:256/big-unsigned>> = crypto:hash(sha256, Blob),
- BinChecksum = list_to_binary(rebar_string:uppercase(lists:flatten(io_lib:format("~64.16.0b", [X])))),
+ BinChecksum = list_to_binary(
+ rebar_string:uppercase(
+ lists:flatten(io_lib:format("~64.16.0b", [X])))),
RegistryChecksum = rebar_packages:registry_checksum(Pkg, State),
{"CHECKSUM", TarChecksum} = lists:keyfind("CHECKSUM", 1, Files),
{Hash, BinChecksum, RegistryChecksum, TarChecksum}.
-make_vsn(_) ->
- {error, "Replacing version of type pkg not supported."}.
-
-request(Url, ETag) ->
- HttpOptions = [{ssl, ssl_opts(Url)}, {relaxed, true} | rebar_utils:get_proxy_auth()],
-
- case httpc:request(get, {Url, [{"if-none-match", "\"" ++ ETag ++ "\""} || ETag =/= false]++
- [{"User-Agent", rebar_utils:user_agent()}]},
- HttpOptions,
- [{body_format, binary}],
- rebar) of
- {ok, {{_Version, 200, _Reason}, Headers, Body}} ->
- ?DEBUG("Successfully downloaded ~ts", [Url]),
- {"etag", ETag1} = lists:keyfind("etag", 1, Headers),
- {ok, Body, rebar_string:trim(ETag1, both, [$"])};
- {ok, {{_Version, 304, _Reason}, _Headers, _Body}} ->
- ?DEBUG("Cached copy of ~ts still valid", [Url]),
- {ok, cached};
- {ok, {{_Version, Code, _Reason}, _Headers, _Body}} ->
- ?DEBUG("Request to ~p failed: status code ~p", [Url, Code]),
- error;
- {error, Reason} ->
- ?DEBUG("Request to ~p failed: ~p", [Url, Reason]),
- error
- end.
-
-etag(Path) ->
- case file:read_file(Path) of
- {ok, Bin} ->
- binary_to_list(Bin);
- {error, _} ->
- false
- end.
-
-%% @doc returns the SSL options adequate for the project based on
+%%------------------------------------------------------------------------------
+%% @doc
+%% Return the SSL options adequate for the project based on
%% its configuration, including for validation of certs.
--spec ssl_opts(string()) -> [term()].
-ssl_opts(Url) ->
- case get_ssl_config() of
- ssl_verify_enabled ->
- ssl_opts(ssl_verify_enabled, Url);
- ssl_verify_disabled ->
- [{verify, verify_none}]
- end.
-
-%% @doc returns the SSL options adequate for the project based on
-%% its configuration, including for validation of certs.
--spec ssl_opts(atom(), string()) -> [term()].
+%% @end
+%%------------------------------------------------------------------------------
+-spec ssl_opts(Enabled, Url) -> Res when
+ Enabled :: atom(),
+ Url :: string(),
+ Res :: proplists:proplist().
ssl_opts(ssl_verify_enabled, Url) ->
case check_ssl_version() of
true ->
- {ok, {_, _, Hostname, _, _, _}} = http_uri:parse(rebar_utils:to_list(Url)),
- VerifyFun = {fun ssl_verify_hostname:verify_fun/3, [{check_hostname, Hostname}]},
+ {ok, {_, _, Hostname, _, _, _}} =
+ http_uri:parse(rebar_utils:to_list(Url)),
+ VerifyFun = {fun ssl_verify_hostname:verify_fun/3,
+ [{check_hostname, Hostname}]},
CACerts = certifi:cacerts(),
- [{verify, verify_peer}, {depth, 2}, {cacerts, CACerts}
- ,{partial_chain, fun partial_chain/1}, {verify_fun, VerifyFun}];
+ [{verify, verify_peer}, {depth, 2}, {cacerts, CACerts},
+ {partial_chain, fun partial_chain/1}, {verify_fun, VerifyFun}];
false ->
- ?WARN("Insecure HTTPS request (peer verification disabled), please update to OTP 17.4 or later", []),
+ ?WARN("Insecure HTTPS request (peer verification disabled), "
+ "please update to OTP 17.4 or later", []),
[{verify, verify_none}]
end.
+-spec partial_chain(Certs) -> Res when
+ Certs :: list(any()),
+ Res :: unknown_ca | {trusted_ca, any()}.
partial_chain(Certs) ->
Certs1 = [{Cert, public_key:pkix_decode_cert(Cert, otp)} || Cert <- Certs],
CACerts = certifi:cacerts(),
CACerts1 = [public_key:pkix_decode_cert(Cert, otp) || Cert <- CACerts],
-
case ec_lists:find(fun({_, Cert}) ->
- check_cert(CACerts1, Cert)
+ check_cert(CACerts1, Cert)
end, Certs1) of
{ok, Trusted} ->
{trusted_ca, element(1, Trusted)};
@@ -187,14 +355,23 @@ partial_chain(Certs) ->
unknown_ca
end.
+-spec extract_public_key_info(Cert) -> Res when
+ Cert :: #'OTPCertificate'{tbsCertificate::#'OTPTBSCertificate'{}},
+ Res :: any().
extract_public_key_info(Cert) ->
((Cert#'OTPCertificate'.tbsCertificate)#'OTPTBSCertificate'.subjectPublicKeyInfo).
+-spec check_cert(CACerts, Cert) -> Res when
+ CACerts :: list(any()),
+ Cert :: any(),
+ Res :: boolean().
check_cert(CACerts, Cert) ->
lists:any(fun(CACert) ->
extract_public_key_info(CACert) == extract_public_key_info(Cert)
end, CACerts).
+-spec check_ssl_version() ->
+ boolean().
check_ssl_version() ->
case application:get_key(ssl, vsn) of
{ok, Vsn} ->
@@ -203,6 +380,8 @@ check_ssl_version() ->
false
end.
+-spec get_ssl_config() ->
+ ssl_verify_disabled | ssl_verify_enabled.
get_ssl_config() ->
GlobalConfigFile = rebar_dir:global_config(),
Config = rebar_config:consult_file(GlobalConfigFile),
@@ -213,9 +392,14 @@ get_ssl_config() ->
ssl_verify_enabled
end.
+-spec parse_vsn(Vsn) -> Res when
+ Vsn :: string(),
+ Res :: {integer(), integer(), integer()}.
parse_vsn(Vsn) ->
version_pad(rebar_string:lexemes(Vsn, ".-")).
+-spec version_pad(list(nonempty_string())) -> Res when
+ Res :: {integer(), integer(), integer()}.
version_pad([Major]) ->
{list_to_integer(Major), 0, 0};
version_pad([Major, Minor]) ->
@@ -225,10 +409,12 @@ version_pad([Major, Minor, Patch]) ->
version_pad([Major, Minor, Patch | _]) ->
{list_to_integer(Major), list_to_integer(Minor), list_to_integer(Patch)}.
+-spec maybe_store_etag_in_cache(UpdateETag, Path, ETag) -> Res when
+ UpdateETag :: boolean(),
+ Path :: file:name(),
+ ETag :: string(),
+ Res :: ok.
maybe_store_etag_in_cache(false = _UpdateETag, _Path, _ETag) ->
ok;
maybe_store_etag_in_cache(true = _UpdateETag, Path, ETag) ->
store_etag_in_cache(Path, ETag).
-
-store_etag_in_cache(Path, ETag) ->
- _ = file:write_file(Path, ETag).