diff --git a/master_changes.md b/master_changes.md index 5247c0c2808..5669f8e450d 100644 --- a/master_changes.md +++ b/master_changes.md @@ -60,6 +60,7 @@ users) ## Exec ## Source + * [NEW] Add options `--require-checksums` and `--no-checksums` to harmonise with `opam install` [#5563 @rjbou] ## Lint @@ -172,6 +173,7 @@ users) # API updates ## opam-client * `OpamArg.InvalidCLI`: export exception [#6150 @rjbou] + * `OpamArg`: export `require_checksums` and `no_checksums`, that are shared with `build_options` [#5563 @rjbou] ## opam-repository * `OpamDownload.get_output`: fix `wget` option for `POST` requests [#6036 @rjbou] diff --git a/src/client/opamArg.ml b/src/client/opamArg.ml index 4c978609738..14c25057846 100644 --- a/src/client/opamArg.ml +++ b/src/client/opamArg.ml @@ -1412,6 +1412,17 @@ let lock_suffix ?section cli = "Set locked files suffix to $(i,SUFFIX)." Arg.(string) ("locked") +(* Checksums options *) +let no_checksums ?section cli from_cli = + mk_flag ~cli from_cli ?section ["no-checksums"] + "Do not verify the checksum of downloaded archives.\ + This is equivalent to setting $(b,\\$OPAMNOCHECKSUMS) to \"true\"." +let require_checksums ?section cli from_cli = + mk_flag ~cli from_cli ?section ["require-checksums"] + "Reject the installation of packages that don't provide a checksum for\ + the upstream archives. This is equivalent to setting \ + $(b,\\$OPAMREQUIRECHECKSUMS) to \"true\"." + (* Options common to all build commands *) let build_option_section = "PACKAGE BUILD OPTIONS" let man_build_option_section = @@ -1440,14 +1451,8 @@ let build_options cli = affects packages that are explicitly listed on the command-line. \ This is equivalent to setting $(b,\\$OPAMINPLACEBUILD) to \"true\"." in - let no_checksums = - mk_flag ~cli cli_original ~section ["no-checksums"] - "Do not verify the checksum of downloaded archives.\ - This is equivalent to setting $(b,\\$OPAMNOCHECKSUMS) to \"true\"." in - let req_checksums = - mk_flag ~cli cli_original ~section ["require-checksums"] - "Reject the installation of packages that don't provide a checksum for the upstream archives. \ - This is equivalent to setting $(b,\\$OPAMREQUIRECHECKSUMS) to \"true\"." in + let no_checksums = no_checksums ~section cli cli_original in + let req_checksums = require_checksums ~section cli cli_original in let build_test = mk_flag_replaced ~cli ~section [ cli_between cli2_0 cli2_1 ~replaced:"--with-test", ["build-test"]; diff --git a/src/client/opamArg.mli b/src/client/opamArg.mli index 75a31250362..03dfea6a62b 100644 --- a/src/client/opamArg.mli +++ b/src/client/opamArg.mli @@ -213,6 +213,12 @@ val apply_build_options: OpamCLIVersion.Sourced.t -> build_options -> unit val locked: ?section:string -> OpamCLIVersion.Sourced.t -> bool Term.t val lock_suffix: ?section:string -> OpamCLIVersion.Sourced.t -> string Term.t +(** Checksum options *) +val no_checksums: + ?section:string -> OpamCLIVersion.Sourced.t -> validity -> bool Term.t +val require_checksums: + ?section:string -> OpamCLIVersion.Sourced.t -> validity -> bool Term.t + (** {3 Package listing and filtering options} *) (** Man section name *) diff --git a/src/client/opamCommands.ml b/src/client/opamCommands.ml index 9e2827ff733..78d4d5b9641 100644 --- a/src/client/opamCommands.ml +++ b/src/client/opamCommands.ml @@ -3703,8 +3703,19 @@ let source cli = "Choose package without consideration for \ the current (or any other) switch (installed or pinned packages, etc.)" in - let source global_options atom dev_repo pin no_switch dir () = + let no_checksums = no_checksums cli (cli_from cli2_4) in + let req_checksums = require_checksums cli (cli_from cli2_4) in + let source global_options atom dev_repo pin no_switch dir + no_checksums req_checksums () = apply_global_options cli global_options; + let force_checksums = + if req_checksums then Some (Some true) + else if no_checksums then Some (Some false) + else None + in + OpamStd.Option.iter (fun force_checksums -> + OpamRepositoryConfig.update ~force_checksums ()) + force_checksums; OpamGlobalState.with_ `Lock_none @@ fun gt -> let get_package_dir t = let nv = @@ -3829,9 +3840,11 @@ let source cli = OpamSwitchState.drop (OpamClient.PIN.pin t nv.name ~version:nv.version target) in - mk_command ~cli cli_original "source" ~doc ~man + mk_command ~cli cli_original "source" ~doc ~man Term.(const source - $global_options cli $atom $dev_repo $pin $no_switch $dir) + $global_options cli + $atom $dev_repo $pin $no_switch $dir + $no_checksums $req_checksums) (* LINT *) let lint_doc = "Checks and validate package description ('opam') files." diff --git a/tests/reftests/archive.test b/tests/reftests/archive.test index cea652b2ac6..ff5965783ab 100644 --- a/tests/reftests/archive.test +++ b/tests/reftests/archive.test @@ -285,6 +285,10 @@ Done. ### opam source good-md5 Successfully extracted to ${BASEDIR}/good-md5.1 ### test -f good-md5.1/hello +### rm -r good-md5.1 +### opam source good-md5 --require-checksums +Successfully extracted to ${BASEDIR}/good-md5.1 +### test -f good-md5.1/hello ### opam clean --download-cache Clearing cache of downloaded files ### :I:2: good sha256 @@ -321,6 +325,10 @@ Done. ### opam source good-sha256 Successfully extracted to ${BASEDIR}/good-sha256.1 ### test -f good-sha256.1/hello +### rm -r good-sha256.1 +### opam source good-sha256 --require-checksums +Successfully extracted to ${BASEDIR}/good-sha256.1 +### test -f good-sha256.1/hello ### opam clean --download-cache Clearing cache of downloaded files ### :I:3: good md5 & sha256 @@ -375,6 +383,10 @@ Done. ### opam source good-md5-good-sha256 Successfully extracted to ${BASEDIR}/good-md5-good-sha256.1 ### test -f good-md5-good-sha256.1/hello +### rm -r good-md5-good-sha256.1 +### opam source good-md5-good-sha256 --require-checksums +Successfully extracted to ${BASEDIR}/good-md5-good-sha256.1 +### test -f good-md5-good-sha256.1/hello ### opam clean --download-cache Clearing cache of downloaded files ### :I:4: good sha256 & good md5 @@ -426,6 +438,10 @@ Done. ### opam source good-sha256-good-md5 Successfully extracted to ${BASEDIR}/good-sha256-good-md5.1 ### test -f good-sha256-good-md5.1/hello +### rm -r good-sha256-good-md5.1 +### opam source good-sha256-good-md5 --require-checksums +Successfully extracted to ${BASEDIR}/good-sha256-good-md5.1 +### test -f good-sha256-good-md5.1/hello ### opam clean --download-cache Clearing cache of downloaded files ### :I:5: no checksum @@ -472,6 +488,12 @@ OpamSolution.Fetch_fail("no-checksum.1: Missing checksum, and `--require-checksu ### opam source no-checksum Successfully extracted to ${BASEDIR}/no-checksum.1 ### test -f no-checksum.1/hello +### rm -r no-checksum.1 +### opam source no-checksum --require-checksums +[ERROR] Download failed: no-checksum.1: Missing checksum, and `--require-checksums` was set. +# Return code 40 # +### test -f no-checksum.1/hello +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:6: multiple md5 @@ -534,6 +556,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f multiple-md5.1/hello # Return code 1 # +### opam source multiple-md5 --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] multiple-md5.1: Checksum mismatch for file://${BASEDIR}/archive.tgz: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f multiple-md5.1/hello +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:7: bad md5 @@ -593,6 +623,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f bad-md5.1/hello # Return code 1 # +### opam source bad-md5 --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] bad-md5.1: Checksum mismatch for file://${BASEDIR}/archive.tgz: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f bad-md5.1/hello +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:8: good md5 & bad sha256 @@ -722,6 +760,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f good-md5-bad-sha256.1/hello # Return code 1 # +### opam source good-md5-bad-sha256 --require-checksums | '[0-9a-z]{64}' -> 'md5' +[ERROR] good-md5-bad-sha256.1: Checksum mismatch for file://${BASEDIR}/archive.tgz: + expected sha256=md5 + got sha256=md5 +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f good-md5-bad-sha256.1/hello +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:9: good sha256 & bad md5 @@ -781,6 +827,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f good-sha256-bad-md5.1/hello # Return code 1 # +### opam source good-sha256-bad-md5 --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] good-sha256-bad-md5.1: Checksum mismatch for file://${BASEDIR}/archive.tgz: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f good-sha256-bad-md5.1/hello +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:10: clash with all md5 @@ -928,6 +982,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f clash-with-all-md5s.666/hello # Return code 1 # +### opam source clash-with-all-md5s --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] clash-with-all-md5s.666: Checksum mismatch for file://${BASEDIR}/archive.tgz: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f clash-with-all-md5s.666/hello +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### ::::::::::::::::: diff --git a/tests/reftests/extrafile.test b/tests/reftests/extrafile.test index ff822f46d4a..d5a746ebbfa 100644 --- a/tests/reftests/extrafile.test +++ b/tests/reftests/extrafile.test @@ -196,6 +196,10 @@ Done. ### opam source good-md5 Successfully extracted to ${BASEDIR}/good-md5.1 ### test -f good-md5.1/p.patch +### rm -r good-md5.1 +### opam source good-md5 --require-checksums +Successfully extracted to ${BASEDIR}/good-md5.1 +### test -f good-md5.1/p.patch ### opam clean --download-cache Clearing cache of downloaded files ### :I:2: good md5 & sha256 @@ -234,6 +238,10 @@ Done. ### opam source good-md5-good-sha256 Successfully extracted to ${BASEDIR}/good-md5-good-sha256.1 ### test -f good-md5-good-sha256.1/p.patch +### rm -r good-md5-good-sha256.1 +### opam source good-md5-good-sha256 --require-checksums +Successfully extracted to ${BASEDIR}/good-md5-good-sha256.1 +### test -f good-md5-good-sha256.1/p.patch ### opam clean --download-cache Clearing cache of downloaded files ### :I:3: bad md5 @@ -282,6 +290,12 @@ Bad hash for - ${BASEDIR}/OPAM/repo/default/packages/bad-md5/bad-md5.1/files/p ### opam source bad-md5 | '.n"' -> '"' [WARNING] Some errors extracting to ${BASEDIR}/bad-md5.1: Failure("Bad hash for - ${BASEDIR}/OPAM/repo/default/packages/bad-md5/bad-md5.1/files/p.patch") +### test -f bad-md5.1/p.patch +# Return code 1 # +### rm -r bad-md5.1 +### opam source bad-md5 --require-checksums | '.n"' -> '"' +[WARNING] Some errors extracting to ${BASEDIR}/bad-md5.1: Failure("Bad hash for - ${BASEDIR}/OPAM/repo/default/packages/bad-md5/bad-md5.1/files/p.patch") + ### test -f bad-md5.1/p.patch # Return code 1 # ### opam clean --download-cache @@ -332,6 +346,11 @@ Bad hash for - ${BASEDIR}/OPAM/repo/default/packages/good-md5-bad-sha256/good- ### opam source good-md5-bad-sha256 | '.n"' -> '"' [WARNING] Some errors extracting to ${BASEDIR}/good-md5-bad-sha256.1: Failure("Bad hash for - ${BASEDIR}/OPAM/repo/default/packages/good-md5-bad-sha256/good-md5-bad-sha256.1/files/p.patch") +### test -f good-md5-bad-sha256.1/p.patch +### rm -r good-md5-bad-sha256.1 +### opam source good-md5-bad-sha256 --require-checksums | '.n"' -> '"' +[WARNING] Some errors extracting to ${BASEDIR}/good-md5-bad-sha256.1: Failure("Bad hash for - ${BASEDIR}/OPAM/repo/default/packages/good-md5-bad-sha256/good-md5-bad-sha256.1/files/p.patch") + ### test -f good-md5-bad-sha256.1/p.patch ### opam clean --download-cache Clearing cache of downloaded files @@ -395,6 +414,11 @@ The following actions will be performed: Successfully extracted to ${BASEDIR}/no-checksum.1 ### test -f no-checksum.1/p.patch # Return code 1 # +### rm -r no-checksum.1 +### opam source no-checksum --require-checksums +Successfully extracted to ${BASEDIR}/no-checksum.1 +### test -f no-checksum.1/p.patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### ::::::::::::::::: @@ -447,6 +471,11 @@ The following actions will be performed: Successfully extracted to ${BASEDIR}/not-mentioned.1 ### test -f not-mentioned.1/p.patch # Return code 1 # +### rm -r not-mentioned.1 +### opam source not-mentioned --require-checksums +Successfully extracted to ${BASEDIR}/not-mentioned.1 +### test -f not-mentioned.1/p.patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :II:2: not present diff --git a/tests/reftests/extrasource.test b/tests/reftests/extrasource.test index c5445355894..f64af3722d5 100644 --- a/tests/reftests/extrasource.test +++ b/tests/reftests/extrasource.test @@ -398,6 +398,10 @@ Done. ### opam source good-sha256 Successfully extracted to ${BASEDIR}/good-sha256.1 ### test -f good-sha256.1/i-am-a-patch +### rm -r good-sha256.1 +### opam source good-sha256 --require-checksums +Successfully extracted to ${BASEDIR}/good-sha256.1 +### test -f good-sha256.1/i-am-a-patch ### opam clean --download-cache Clearing cache of downloaded files ### :I:3: good md5 & sha256 @@ -450,6 +454,10 @@ Done. ### opam source good-md5-good-sha256 Successfully extracted to ${BASEDIR}/good-md5-good-sha256.1 ### test -f good-md5-good-sha256.1/i-am-a-patch +### rm -r good-md5-good-sha256.1 +### opam source good-md5-good-sha256 --require-checksums +Successfully extracted to ${BASEDIR}/good-md5-good-sha256.1 +### test -f good-md5-good-sha256.1/i-am-a-patch ### opam clean --download-cache Clearing cache of downloaded files ### :I:4: good sha256 & good md5 @@ -501,6 +509,10 @@ Done. ### opam source good-sha256-good-md5 Successfully extracted to ${BASEDIR}/good-sha256-good-md5.1 ### test -f good-sha256-good-md5.1/i-am-a-patch +### rm -r good-sha256-good-md5.1 +### opam source good-sha256-good-md5 --require-checksums +Successfully extracted to ${BASEDIR}/good-sha256-good-md5.1 +### test -f good-sha256-good-md5.1/i-am-a-patch ### opam clean --download-cache Clearing cache of downloaded files ### :I:5: no checksum @@ -545,6 +557,12 @@ no-checksum.1/i-am-a-patch: Missing checksum, and `--require-checksums` was set. ### opam source no-checksum Successfully extracted to ${BASEDIR}/no-checksum.1 ### test -f no-checksum.1/i-am-a-patch +### rm -r no-checksum.1 +### opam source no-checksum --require-checksums +[WARNING] Some errors extracting to ${BASEDIR}/no-checksum.1: Failure("no-checksum.1/i-am-a-patch: Missing checksum, and `--require-checksums` was set.") + +### test -f no-checksum.1/i-am-a-patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:6: multiple md5 @@ -604,6 +622,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f multiple-md5.1/i-am-a-patch # Return code 1 # +### opam source multiple-md5 --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] multiple-md5.1/i-am-a-patch: Checksum mismatch for file://${BASEDIR}/p.patch: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f multiple-md5.1/i-am-a-patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:7: bad md5 @@ -659,6 +685,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f bad-md5.1/i-am-a-patch # Return code 1 # +### opam source bad-md5 --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] bad-md5.1/i-am-a-patch: Checksum mismatch for file://${BASEDIR}/p.patch: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f bad-md5.1/i-am-a-patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:8: good md5 & bad sha256 @@ -784,6 +818,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f good-md5-bad-sha256.1/i-am-a-patch # Return code 1 # +### opam source good-md5-bad-sha256 --require-checksums | '[0-9a-z]{64}' -> 'md5' +[ERROR] good-md5-bad-sha256.1/i-am-a-patch: Checksum mismatch for file://${BASEDIR}/p.patch: + expected sha256=md5 + got sha256=md5 +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f good-md5-bad-sha256.1/i-am-a-patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:9: good sha256 & bad md5 @@ -839,6 +881,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f good-sha256-bad-md5.1/i-am-a-patch # Return code 1 # +### opam source good-sha256-bad-md5 --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] good-sha256-bad-md5.1/i-am-a-patch: Checksum mismatch for file://${BASEDIR}/p.patch: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f good-sha256-bad-md5.1/i-am-a-patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### :I:10: clash with all md5 @@ -967,6 +1017,14 @@ OpamSolution.Fetch_fail("Checksum mismatch") # Return code 40 # ### test -f clash-with-all-md5s.666/i-am-a-patch # Return code 1 # +### opam source clash-with-all-md5s --require-checksums | '[0-9a-z]{32}' -> 'hash' +[ERROR] clash-with-all-md5s.666/i-am-a-patch: Checksum mismatch for file://${BASEDIR}/p.patch: + expected md5=hash + got md5=hash +[ERROR] Download failed: Checksum mismatch +# Return code 40 # +### test -f clash-with-all-md5s.666/i-am-a-patch +# Return code 1 # ### opam clean --download-cache Clearing cache of downloaded files ### ::::::::::::::::: @@ -1019,6 +1077,11 @@ The following actions will be performed: Successfully extracted to ${BASEDIR}/not-mentioned.1 ### test -f not-mentioned.1/i-am-a-patch # Return code 1 # +### rm -r not-mentioned.1 +### opam source not-mentioned --require-checksums +Successfully extracted to ${BASEDIR}/not-mentioned.1 +### test -f not-mentioned.1/i-am-a-patch +# Return code 1 # ### :II:2: Double extra-source ### opam lint --package multiple /multiple.1: Errors. @@ -1069,6 +1132,10 @@ Done. ### opam source multiple Successfully extracted to ${BASEDIR}/multiple.1 ### test -f multiple.1/i-am-a-patch +### rm -r multiple.1 +### opam source multiple --require-checksums +Successfully extracted to ${BASEDIR}/multiple.1 +### test -f multiple.1/i-am-a-patch ### ::::::::::::::::: ### :III: Cache manipulation ### ::::::::::::::::: @@ -1250,6 +1317,10 @@ Done. ### opam source escape-absolute Successfully extracted to ${BASEDIR}/escape-absolute.1 ### test -f escape-absolute.1/etc/passwd +### rm -r escape-absolute.1 +### opam source escape-absolute --require-checksums +Successfully extracted to ${BASEDIR}/escape-absolute.1 +### test -f escape-absolute.1/etc/passwd ### :IV:2: good md5 ### # /!\ all escape!!! ### opam lint --package escape-build-good-md5 @@ -1289,3 +1360,7 @@ Done. ### opam source escape-source-good-md5 Successfully extracted to ${BASEDIR}/escape-source-good-md5.1 ### test -f shouldnt-exist +### rm -r escape-source-good-md5.1 +### opam source escape-source-good-md5 --require-checksums +Successfully extracted to ${BASEDIR}/escape-source-good-md5.1 +### test -f shouldnt-exist