rust-lang · Turbo87 · Aug 16, 2022 · Aug 10, 2022
diff --git a/migrations/2022-08-14-090630_checksum-column/down.sql b/migrations/2022-08-14-090630_checksum-column/down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE versions
+    DROP COLUMN checksum;
diff --git a/migrations/2022-08-14-090630_checksum-column/up.sql b/migrations/2022-08-14-090630_checksum-column/up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE versions
+    ADD COLUMN checksum CHAR(64) NULL;
diff --git a/src/controllers/krate/publish.rs b/src/controllers/krate/publish.rs
@@ -154,6 +154,11 @@ pub fn publish(req: &mut dyn RequestExt) -> EndpointResult {
         // This is only redundant for now. Eventually the duplication will be removed.
         let license = new_crate.license.clone();
 
+        // Read tarball from request
+        let mut tarball = Vec::new();
+        LimitErrorReader::new(req.body(), maximums.max_upload_size).read_to_end(&mut tarball)?;
+        let hex_cksum: String = Sha256::digest(&tarball).encode_hex();
+
         // Persist the new version of this crate
         let version = NewVersion::new(
             krate.id,
@@ -165,6 +170,7 @@ pub fn publish(req: &mut dyn RequestExt) -> EndpointResult {
             // to get here, and max upload sizes are way less than i32 max
             file_length as i32,
             user.id,
+            hex_cksum.clone(),
         )?
         .save(&conn, &verified_email_address)?;
 
@@ -191,10 +197,6 @@ pub fn publish(req: &mut dyn RequestExt) -> EndpointResult {
         let ignored_invalid_badges = Badge::update_crate(&conn, &krate, new_crate.badges.as_ref())?;
         let top_versions = krate.top_versions(&conn)?;
 
-        // Read tarball from request
-        let mut tarball = Vec::new();
-        LimitErrorReader::new(req.body(), maximums.max_upload_size).read_to_end(&mut tarball)?;
-        let hex_cksum: String = Sha256::digest(&tarball).encode_hex();
         let pkg_name = format!("{}-{}", krate.name, vers);
         let cargo_vcs_info = verify_tarball(&pkg_name, &tarball, maximums.max_unpack_size)?;
         let pkg_path_in_vcs = cargo_vcs_info.map(|info| info.path_in_vcs);

diff --git a/src/downloads_counter.rs b/src/downloads_counter.rs
@@ -457,6 +457,7 @@ mod tests {
                 None,
                 0,
                 self.user.id,
+                "0000000000000000000000000000000000000000000000000000000000000000".to_string(),
             )
             .expect("failed to create version")
             .save(conn, "ghost@example.com")

diff --git a/src/models/version.rs b/src/models/version.rs
@@ -23,6 +23,7 @@ pub struct Version {
     pub license: Option<String>,
     pub crate_size: Option<i32>,
     pub published_by: Option<i32>,
+    pub checksum: Option<String>,
 }
 
 #[derive(Insertable, Debug)]
@@ -34,6 +35,7 @@ pub struct NewVersion {
     license: Option<String>,
     crate_size: Option<i32>,
     published_by: i32,
+    checksum: String,
 }
 
 /// The highest version (semver order) and the most recently updated version.
@@ -121,6 +123,7 @@ impl Version {
 }
 
 impl NewVersion {
+    #[allow(clippy::too_many_arguments)]
     pub fn new(
         crate_id: i32,
         num: &semver::Version,
@@ -129,6 +132,7 @@ impl NewVersion {
         license_file: Option<&str>,
         crate_size: i32,
         published_by: i32,
+        checksum: String,
     ) -> AppResult<Self> {
         let features = serde_json::to_value(features)?;
 
@@ -139,6 +143,7 @@ impl NewVersion {
             license,
             crate_size: Some(crate_size),
             published_by,
+            checksum,
         };
 
         new_version.validate_license(license_file)?;

diff --git a/src/schema.rs b/src/schema.rs
@@ -982,6 +982,12 @@ table! {
         ///
         /// (Automatically generated by Diesel.)
         published_by -> Nullable<Int4>,
+        /// The `checksum` column of the `versions` table.
+        ///
+        /// Its SQL type is `Nullable<Bpchar>`.
+        ///
+        /// (Automatically generated by Diesel.)
+        checksum -> Nullable<Bpchar>,
     }
 }
 

diff --git a/src/tests/builders/version.rs b/src/tests/builders/version.rs
@@ -18,6 +18,7 @@ pub struct VersionBuilder<'a> {
     num: semver::Version,
     size: i32,
     yanked: bool,
+    checksum: String,
 }
 
 impl<'a> VersionBuilder<'a> {
@@ -41,6 +42,7 @@ impl<'a> VersionBuilder<'a> {
             num,
             size: 0,
             yanked: false,
+            checksum: String::new(),
         }
     }
 
@@ -91,6 +93,7 @@ impl<'a> VersionBuilder<'a> {
             self.license_file,
             self.size,
             published_by,
+            self.checksum,
         )?
         .save(connection, "someone@example.com")?;
 

diff --git a/src/worker/dump_db/dump-db.toml b/src/worker/dump_db/dump-db.toml
@@ -212,6 +212,7 @@ yanked = "public"
 license = "public"
 crate_size = "public"
 published_by = "public"
+checksum = "public"
 
 [versions_published_by.columns]
 version_id = "private"

diff --git a/src/worker/update_downloads.rs b/src/worker/update_downloads.rs
@@ -108,6 +108,7 @@ mod test {
             None,
             0,
             user_id,
+            "0000000000000000000000000000000000000000000000000000000000000000".to_string(),
         )
         .unwrap();
         let version = version.save(conn, "someone@example.com").unwrap();
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ALTER TABLE versions
		ADD COLUMN checksum CHAR(64) NULL;