Package org.eclipse.aether.internal.impl.checksum

Class SummaryFileTrustedChecksumsSource

java.lang.Object

org.eclipse.aether.internal.impl.checksum.SummaryFileTrustedChecksumsSource

All Implemented Interfaces:

TrustedChecksumsSource

@Singleton
@Named("summaryFile")
public final class SummaryFileTrustedChecksumsSource
extends Object

Compact file FileTrustedChecksumsSourceSupport implementation that use specified directory as base directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm. File format is GNU Coreutils compatible: each line holds checksum followed by two spaces and artifact relative path (from local repository root, without leading "./"). This means that trusted checksums summary file can be used to validate artifacts or generate it using standard GNU tools like GNU sha1sum is (for BSD derivatives same file can be used with -r switch).

The format supports comments "#" (hash) and empty lines for easier structuring the file content, and both are ignored. Also, their presence makes the summary file incompatible with GNU Coreutils format. On save of the summary file, the comments and empty lines are lost, and file is sorted by path names for easier diffing (2nd column in file).

The source by default is "origin aware", and it will factor in origin repository ID as well into summary file name, for example "checksums-central.sha256".

Example commands for managing summary file (in examples will use repository ID "central"):

• To create summary file: find * -not -name "checksums-central.sha256" -type f -print0 | xargs -0 sha256sum | sort -k 2 > checksums-central.sha256
• To verify artifacts using summary file: sha256sum --quiet -c checksums-central.sha256

The checksums summary file is lazily loaded and remains cached during lifetime of the component, so file changes during lifecycle of the component are not picked up. This implementation can be simultaneously used to lookup and also record checksums. The recorded checksums will become visible for every session, and will be flushed at repository system shutdown, merged with existing ones on disk.

The name of this implementation is "summaryFile".

Since:

1.9.0

See Also:

• sha1sum man page
• GNU Coreutils: md5sum

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.aether.spi.checksums.TrustedChecksumsSource

TrustedChecksumsSource.Writer

Field Summary

Fields

Modifier and Type	Field	Description
static final String	NAME

Constructor Summary

Constructors

Constructor	Description
SummaryFileTrustedChecksumsSource(LocalPathComposer localPathComposer, RepositorySystemLifecycle repositorySystemLifecycle)

Method Summary

Modifier and Type	Method	Description
protected String	configPropKey(String name)	To be used by underlying implementations to form configuration property keys properly scoped.
protected Map<String,String>	doGetTrustedArtifactChecksums(RepositorySystemSession session, Artifact artifact, ArtifactRepository artifactRepository, List<ChecksumAlgorithmFactory> checksumAlgorithmFactories)	Implementors MUST NOT return null at this point, as this source is enabled.
protected org.eclipse.aether.internal.impl.checksum.SummaryFileTrustedChecksumsSource.SummaryFileWriter	doGetTrustedArtifactChecksumsWriter(RepositorySystemSession session)	Implementors may override this method and return TrustedChecksumsSource.Writer instance.
protected Path	getBasedir(RepositorySystemSession session, boolean mayCreate)	Uses utility DirectoryUtils.resolveDirectory(RepositorySystemSession, String, String, boolean) to calculate (and maybe create) basedir for this implementation, never returns null.
Map<String,String>	getTrustedArtifactChecksums(RepositorySystemSession session, Artifact artifact, ArtifactRepository artifactRepository, List<ChecksumAlgorithmFactory> checksumAlgorithmFactories)	This implementation will call into underlying code only if enabled, and will enforce non-null return value.
TrustedChecksumsSource.Writer	getTrustedArtifactChecksumsWriter(RepositorySystemSession session)	This implementation will call into underlying code only if enabled.
protected boolean	isEnabled(RepositorySystemSession session)	Returns true if session configuration marks this instance as enabled.
protected boolean	isOriginAware(RepositorySystemSession session)	Returns true if session configuration marks this instance as origin aware.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

NAME

public static final String NAME

See Also:

• Constant Field Values

Constructor Details

SummaryFileTrustedChecksumsSource

@Inject
public SummaryFileTrustedChecksumsSource(LocalPathComposer localPathComposer,
 RepositorySystemLifecycle repositorySystemLifecycle)

Method Details

doGetTrustedArtifactChecksums

protected Map<String,String> doGetTrustedArtifactChecksums(RepositorySystemSession session,
 Artifact artifact,
 ArtifactRepository artifactRepository,
 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories)

Implementors MUST NOT return null at this point, as this source is enabled.

doGetTrustedArtifactChecksumsWriter

protected org.eclipse.aether.internal.impl.checksum.SummaryFileTrustedChecksumsSource.SummaryFileWriter doGetTrustedArtifactChecksumsWriter(RepositorySystemSession session)

Implementors may override this method and return TrustedChecksumsSource.Writer instance.

getTrustedArtifactChecksums

public Map<String,String> getTrustedArtifactChecksums(RepositorySystemSession session,
 Artifact artifact,
 ArtifactRepository artifactRepository,
 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories)

This implementation will call into underlying code only if enabled, and will enforce non-null return value. In worst case, empty map should be returned, meaning "no trusted checksums available".

Specified by:

getTrustedArtifactChecksums in interface TrustedChecksumsSource

Parameters:

session - The repository system session, never null.

artifact - The artifact we want checksums for, never null.

artifactRepository - The origin repository: local, workspace, remote repository, never null.

checksumAlgorithmFactories - The checksum algorithms that are expected, never null.

Returns:

Map of expected checksums, or null if not enabled.

getTrustedArtifactChecksumsWriter

public TrustedChecksumsSource.Writer getTrustedArtifactChecksumsWriter(RepositorySystemSession session)

This implementation will call into underlying code only if enabled. Underlying implementation may still choose to return null.

Specified by:

getTrustedArtifactChecksumsWriter in interface TrustedChecksumsSource

configPropKey

protected String configPropKey(String name)

To be used by underlying implementations to form configuration property keys properly scoped.

isEnabled

protected boolean isEnabled(RepositorySystemSession session)

Returns true if session configuration marks this instance as enabled.

Default value is false.

isOriginAware

protected boolean isOriginAware(RepositorySystemSession session)

Returns true if session configuration marks this instance as origin aware.

Default value is true.

getBasedir

protected Path getBasedir(RepositorySystemSession session,
 boolean mayCreate)

Uses utility DirectoryUtils.resolveDirectory(RepositorySystemSession, String, String, boolean) to calculate (and maybe create) basedir for this implementation, never returns null. The returned Path may not exist, if invoked with mayCreate being false.

Default value is ${LOCAL_REPOSITORY}/.checksums.

Returns:

The Path of basedir, never null.