Skip to content

Commit

Permalink
[MRESOLVER-269] [MRESOLVER-275] Trusted checksums source and more com…
Browse files Browse the repository at this point in the history
…pact format backed source (s4u#199)

This PR implements several improvement issues:
* introduces "trusted" checksums source (and adapts them for provided transport checksums)
* pushed/moved existing implementation as "trusted" source and introduces "compact" (file) based source
* cleanup re naming: before it was "file" source, now there is "file-sparse" (old) and "file-compact" (new)
* also adds minor "cleanup" in AetherModule (stylistic, renames provider private vars and makes them unmodifiable). This does not affects consumer of this library that use sisu (like Maven).

Reason: existing `ProvidedChecksumSource` is all about _transport_ (see API). Uses transport related classes and is meant -- as it's name and package says -- to provide expected checksums for transport related checks (it provides ChecksumKind#PROVIDED, uses RemoteRepository and transfer related classes). OTOH, there may be requirement to "provide" checksums for operations totally unrelated to transport. Hence, the introduced trusted checksums (using non transport related API) is exactly that, provides checksums for given Artifact (optionally factoring in origin as well in form of  ArtifactRepository). This clearly separates "transport realm" and rest of the things.

Along with existing (moved) source, new trusted checksums implementation added that uses more compact format: a "summary" file that contains list of Artifact IDs and checksum per one line. This format is more VCS friendly, and also easier to handle then sparse directories.

By default, new "trusted" checksum sources _are adapted_ to "provided" checksum sources (see `TrustedToProvidedChecksumsSourceAdapter`), so no functionality loss happens.

Perfomed cleanup around trusted checksum sources as well, old one was in wrong place and wrongly named, dropped it (as it was final class), and now we have two sources:
* `sparse-directory` -- behaves exactly same as dropped one, expects provided checksums in "local repo"-like sparse layout
* `summary-file` -- is the new format, where one file `checksums.${checksumExt}` is expected to contain Artifact ID and checksum for given algorithm per line (separated by space)

Both source are able to be "origin aware" when it factors in origin repository ID as well (so one could get `checksums-central.sha1` with all the known trusted checksums for use).

Sources are DISABLED by default, as even if file is present (check possible only for file-compact) it does not mean user want to use it in every project. Enabling them is possible via usual means (`-D...` or by config in `.mvn` directory to make it per-project persistent). All configuration is sourced from repo system session, no system properties used.

Based on work done in apache/maven-resolver#192

Co-authored-by: @raphw <rafael.wth@gmail.com>

---
https://issues.apache.org/jira/browse/MRESOLVER-275 -- Introduce trusted checksums source
https://issues.apache.org/jira/browse/MRESOLVER-269 -- Allow more compact storage of provided checksums
  • Loading branch information
cstamas authored Oct 3, 2022
1 parent 5566bd5 commit 8b0d143
Show file tree
Hide file tree
Showing 12 changed files with 826 additions and 313 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,15 @@
import org.eclipse.aether.internal.impl.DefaultLocalPathComposer;
import org.eclipse.aether.internal.impl.DefaultTrackingFileManager;
import org.eclipse.aether.internal.impl.LocalPathPrefixComposerFactory;
import org.eclipse.aether.internal.impl.FileProvidedChecksumsSource;
import org.eclipse.aether.internal.impl.TrackingFileManager;
import org.eclipse.aether.internal.impl.checksum.SummaryFileTrustedChecksumsSource;
import org.eclipse.aether.internal.impl.checksum.Md5ChecksumAlgorithmFactory;
import org.eclipse.aether.internal.impl.checksum.Sha1ChecksumAlgorithmFactory;
import org.eclipse.aether.internal.impl.checksum.Sha256ChecksumAlgorithmFactory;
import org.eclipse.aether.internal.impl.checksum.Sha512ChecksumAlgorithmFactory;
import org.eclipse.aether.internal.impl.checksum.DefaultChecksumAlgorithmFactorySelector;
import org.eclipse.aether.internal.impl.checksum.SparseDirectoryTrustedChecksumsSource;
import org.eclipse.aether.internal.impl.checksum.TrustedToProvidedChecksumsSourceAdapter;
import org.eclipse.aether.internal.impl.collect.DependencyCollectorDelegate;
import org.eclipse.aether.internal.impl.collect.bf.BfDependencyCollector;
import org.eclipse.aether.internal.impl.collect.df.DfDependencyCollector;
Expand Down Expand Up @@ -90,6 +92,7 @@
import org.eclipse.aether.internal.impl.SimpleLocalRepositoryManagerFactory;
import org.eclipse.aether.internal.impl.slf4j.Slf4jLoggerFactory;
import org.eclipse.aether.named.providers.NoopNamedLockFactory;
import org.eclipse.aether.spi.checksums.TrustedChecksumsSource;
import org.eclipse.aether.spi.connector.checksum.ProvidedChecksumsSource;
import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactorySelector;
import org.eclipse.aether.spi.connector.checksum.ChecksumPolicyProvider;
Expand Down Expand Up @@ -188,8 +191,14 @@ protected void configure()
.to( EnhancedLocalRepositoryManagerFactory.class ).in( Singleton.class );
bind( TrackingFileManager.class ).to( DefaultTrackingFileManager.class ).in( Singleton.class );

bind( ProvidedChecksumsSource.class ).annotatedWith( Names.named( FileProvidedChecksumsSource.NAME ) ) //
.to( FileProvidedChecksumsSource.class ).in( Singleton.class );
bind( ProvidedChecksumsSource.class )
.annotatedWith( Names.named( TrustedToProvidedChecksumsSourceAdapter.NAME ) )
.to( TrustedToProvidedChecksumsSourceAdapter.class ).in( Singleton.class );

bind( TrustedChecksumsSource.class ).annotatedWith( Names.named( SparseDirectoryTrustedChecksumsSource.NAME ) )
.to( SparseDirectoryTrustedChecksumsSource.class ).in( Singleton.class );
bind( TrustedChecksumsSource.class ).annotatedWith( Names.named( SummaryFileTrustedChecksumsSource.NAME ) )
.to( SummaryFileTrustedChecksumsSource.class ).in( Singleton.class );

bind( ChecksumAlgorithmFactory.class ).annotatedWith( Names.named( Md5ChecksumAlgorithmFactory.NAME ) )
.to( Md5ChecksumAlgorithmFactory.class );
Expand Down Expand Up @@ -238,21 +247,34 @@ Map<String, DependencyCollectorDelegate> dependencyCollectorDelegates(
@Named( DfDependencyCollector.NAME ) DependencyCollectorDelegate df
)
{
Map<String, DependencyCollectorDelegate> dependencyCollectorDelegates = new HashMap<>();
dependencyCollectorDelegates.put( BfDependencyCollector.NAME, bf );
dependencyCollectorDelegates.put( DfDependencyCollector.NAME, df );
return dependencyCollectorDelegates;
Map<String, DependencyCollectorDelegate> result = new HashMap<>();
result.put( BfDependencyCollector.NAME, bf );
result.put( DfDependencyCollector.NAME, df );
return Collections.unmodifiableMap( result );
}

@Provides
@Singleton
Map<String, ProvidedChecksumsSource> providedChecksumSources(
@Named( TrustedToProvidedChecksumsSourceAdapter.NAME ) ProvidedChecksumsSource adapter
)
{
Map<String, ProvidedChecksumsSource> result = new HashMap<>();
result.put( TrustedToProvidedChecksumsSourceAdapter.NAME, adapter );
return Collections.unmodifiableMap( result );
}

@Provides
@Singleton
Map<String, ProvidedChecksumsSource> provideChecksumSources(
@Named( FileProvidedChecksumsSource.NAME ) ProvidedChecksumsSource fileProvidedChecksumSource
Map<String, TrustedChecksumsSource> trustedChecksumSources(
@Named( SparseDirectoryTrustedChecksumsSource.NAME ) TrustedChecksumsSource sparse,
@Named( SummaryFileTrustedChecksumsSource.NAME ) TrustedChecksumsSource compact
)
{
Map<String, ProvidedChecksumsSource> providedChecksumsSource = new HashMap<>();
providedChecksumsSource.put( FileProvidedChecksumsSource.NAME, fileProvidedChecksumSource );
return providedChecksumsSource;
Map<String, TrustedChecksumsSource> result = new HashMap<>();
result.put( SparseDirectoryTrustedChecksumsSource.NAME, sparse );
result.put( SummaryFileTrustedChecksumsSource.NAME, compact );
return Collections.unmodifiableMap( result );
}

@Provides
Expand All @@ -263,12 +285,12 @@ Map<String, ChecksumAlgorithmFactory> provideChecksumTypes(
@Named( Sha1ChecksumAlgorithmFactory.NAME ) ChecksumAlgorithmFactory sha1,
@Named( Md5ChecksumAlgorithmFactory.NAME ) ChecksumAlgorithmFactory md5 )
{
Map<String, ChecksumAlgorithmFactory> checksumTypes = new HashMap<>();
checksumTypes.put( Sha512ChecksumAlgorithmFactory.NAME, sha512 );
checksumTypes.put( Sha256ChecksumAlgorithmFactory.NAME, sha256 );
checksumTypes.put( Sha1ChecksumAlgorithmFactory.NAME, sha1 );
checksumTypes.put( Md5ChecksumAlgorithmFactory.NAME, md5 );
return Collections.unmodifiableMap( checksumTypes );
Map<String, ChecksumAlgorithmFactory> result = new HashMap<>();
result.put( Sha512ChecksumAlgorithmFactory.NAME, sha512 );
result.put( Sha256ChecksumAlgorithmFactory.NAME, sha256 );
result.put( Sha1ChecksumAlgorithmFactory.NAME, sha1 );
result.put( Md5ChecksumAlgorithmFactory.NAME, md5 );
return Collections.unmodifiableMap( result );
}

@Provides
Expand All @@ -280,13 +302,13 @@ Map<String, NameMapper> provideNameMappers(
@Named( FileGAVNameMapperProvider.NAME ) NameMapper fileGavNameMapper,
@Named( FileHashingGAVNameMapperProvider.NAME ) NameMapper fileHashingGavNameMapper )
{
Map<String, NameMapper> nameMappers = new HashMap<>();
nameMappers.put( StaticNameMapperProvider.NAME, staticNameMapper );
nameMappers.put( GAVNameMapperProvider.NAME, gavNameMapper );
nameMappers.put( DiscriminatingNameMapperProvider.NAME, discriminatingNameMapper );
nameMappers.put( FileGAVNameMapperProvider.NAME, fileGavNameMapper );
nameMappers.put( FileHashingGAVNameMapperProvider.NAME, fileHashingGavNameMapper );
return Collections.unmodifiableMap( nameMappers );
Map<String, NameMapper> result = new HashMap<>();
result.put( StaticNameMapperProvider.NAME, staticNameMapper );
result.put( GAVNameMapperProvider.NAME, gavNameMapper );
result.put( DiscriminatingNameMapperProvider.NAME, discriminatingNameMapper );
result.put( FileGAVNameMapperProvider.NAME, fileGavNameMapper );
result.put( FileHashingGAVNameMapperProvider.NAME, fileHashingGavNameMapper );
return Collections.unmodifiableMap( result );
}

@Provides
Expand All @@ -296,11 +318,11 @@ Map<String, NamedLockFactory> provideNamedLockFactories(
@Named( LocalSemaphoreNamedLockFactory.NAME ) NamedLockFactory localSemaphore,
@Named( FileLockNamedLockFactory.NAME ) NamedLockFactory fileLockFactory )
{
Map<String, NamedLockFactory> factories = new HashMap<>();
factories.put( LocalReadWriteLockNamedLockFactory.NAME, localRwLock );
factories.put( LocalSemaphoreNamedLockFactory.NAME, localSemaphore );
factories.put( FileLockNamedLockFactory.NAME, fileLockFactory );
return Collections.unmodifiableMap( factories );
Map<String, NamedLockFactory> result = new HashMap<>();
result.put( LocalReadWriteLockNamedLockFactory.NAME, localRwLock );
result.put( LocalSemaphoreNamedLockFactory.NAME, localSemaphore );
result.put( FileLockNamedLockFactory.NAME, fileLockFactory );
return Collections.unmodifiableMap( result );
}

@Provides
Expand All @@ -309,19 +331,19 @@ Set<LocalRepositoryManagerFactory> provideLocalRepositoryManagerFactories(
@Named( "simple" ) LocalRepositoryManagerFactory simple,
@Named( "enhanced" ) LocalRepositoryManagerFactory enhanced )
{
Set<LocalRepositoryManagerFactory> factories = new HashSet<>();
factories.add( simple );
factories.add( enhanced );
return Collections.unmodifiableSet( factories );
Set<LocalRepositoryManagerFactory> result = new HashSet<>();
result.add( simple );
result.add( enhanced );
return Collections.unmodifiableSet( result );
}

@Provides
@Singleton
Set<RepositoryLayoutFactory> provideRepositoryLayoutFactories( @Named( "maven2" ) RepositoryLayoutFactory maven2 )
{
Set<RepositoryLayoutFactory> factories = new HashSet<>();
factories.add( maven2 );
return Collections.unmodifiableSet( factories );
Set<RepositoryLayoutFactory> result = new HashSet<>();
result.add( maven2 );
return Collections.unmodifiableSet( result );
}

@Provides
Expand Down

This file was deleted.

Loading

0 comments on commit 8b0d143

Please sign in to comment.