Fail if a remote source content doesn't match lockfile #1103
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stevendanna
changed the title
stevendanna
force-pushed
the
ssd/check-checksum
branch
from
27b6b32 to
07ef97f
Compare
stevendanna
changed the title
chris-rock
force-pushed
the
ssd/check-checksum
branch
from
07ef97f to
a0aee4a
Compare
If a URL based source does not match the shasum recorded in the lockfile, it likely means a new version has been pushed to the remote source. In this case, we fail to help ensure that when using a lockfile we always run the same code as when the lockfile was created. Signed-off-by: Steven Danna <[email protected]>
stevendanna
force-pushed
the
ssd/check-checksum
branch
from
a0aee4a to
1364711
Compare
chris-rock
reviewed
Sep 21, 2016
| @archive_path ||= download_archive(path) | ||
| end | ||
|
|
||
| def shasum |
| archive_shasum.to_s | ||
| end | ||
|
|
||
| def archive_shasum |
| end | ||
|
|
||
| def resolved_source | ||
| { url: @target } | ||
| @resolved_source ||= { url: @target, shasum256: shasum } |
There was a problem hiding this comment.
shasum256 What do you think about sha256?
|
|
||
| remote = open(@target, http_opts) | ||
| def remote_archive_content |
stevendanna
force-pushed
the
ssd/check-checksum
branch
from
1364711 to
7b0347f
Compare
|
Suggested renames pushed |
chris-rock
reviewed
Sep 21, 2016
| @@ -16,7 +16,7 @@ def resolve(target) | |||
| end | |||
| end | |||
|
|
|||
| NON_FETCHER_KEYS = [:name, :version_constraint, :cwd, :backend, :cache].freeze | |||
| NON_FETCHER_KEYS = [:name, :version_constraint, :cwd, :backend, :cache, :shasum256].freeze | |||
Signed-off-by: Steven Danna <[email protected]>
stevendanna
force-pushed
the
ssd/check-checksum
branch
from
7b0347f to
8d63db9
Compare
|
fixes #1066 |
|
Thanks @stevendanna |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If a URL based source does not match the shasum recorded in the
lockfile, it likely means a new version has been pushed to the remote
source. In this case, we fail to help ensure that when using a lockfile
we always run the same code as when the lockfile was created.
Signed-off-by: Steven Danna [email protected]