From fee8f1e014c8e8a078a11059266d2be88eb073cb Mon Sep 17 00:00:00 2001 From: ejegrova Date: Mon, 11 Mar 2024 14:21:45 +0100 Subject: [PATCH] Add validation for all go.sum files in workspace Signed-off-by: ejegrova --- cachi2/core/package_managers/gomod.py | 37 +++++++++++++++++++-------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/cachi2/core/package_managers/gomod.py b/cachi2/core/package_managers/gomod.py index 2cd705553..fe128fb9a 100644 --- a/cachi2/core/package_managers/gomod.py +++ b/cachi2/core/package_managers/gomod.py @@ -734,7 +734,6 @@ def _resolve_gomod( :raises PackageManagerError: if fetching dependencies fails """ _protect_against_symlinks(app_dir) - modules_in_go_sum = _parse_go_sum(app_dir) config = get_config() @@ -824,6 +823,11 @@ def _resolve_gomod( except NameError: raise PackageManagerError(f"Main module not found, it should have been at {app_dir.path}.") + raw_main_module = module_list.pop(0) + main_module_name = raw_main_module["Path"] + module_list_paths = [RootedPath(module["Dir"]) for module in module_list] + modules_in_go_sum = _parse_go_sum_files(app_dir, module_list_paths) + def get_relative_path_workspace_to_main_module(path1: Path, path2: Path) -> str: """Return relative path from workspace module to main module.""" if not path2.is_relative_to(app_dir.root): @@ -881,20 +885,33 @@ def go_list_deps(pattern: Literal["./...", "all"]) -> Iterator[ParsedPackage]: return ResolvedGoModule(main_module, all_modules, all_packages, modules_in_go_sum) -def _parse_go_sum(module_dir: RootedPath) -> frozenset[ModuleID]: +def _parse_go_sum_files( + app_dir: RootedPath, module_dir_list: list[RootedPath] +) -> frozenset[ModuleID]: + + go_sum_files_list = [RootedPath(app_dir.root).join_within_root("go.work.sum")] + go_sum_files_list.extend( + [module_dir.join_within_root("go.sum") for module_dir in module_dir_list] + ) + + modules: list[ModuleID] = [] + for go_sum_file in go_sum_files_list: + if not go_sum_file.path.exists(): + continue + modules.extend(_parse_go_sum(go_sum_file)) + + return frozenset(modules) + + +def _parse_go_sum(go_sum_file: RootedPath) -> list[tuple[str, str]]: """Return the set of modules present in the go.sum file in the specified directory. A module is considered present if the checksum for its .zip file is present. The go.mod file checksums are not relevant for our purposes. """ - go_sum = module_dir.join_within_root("go.sum") - if not go_sum.path.exists(): - return frozenset() - modules: list[ModuleID] = [] - # https://github.com/golang/go/blob/d5c5808534f0ad97333b1fd5fff81998f44986fe/src/cmd/go/internal/modfetch/fetch.go#L507-L534 - lines = go_sum.path.read_text().splitlines() + lines = go_sum_file.path.read_text().splitlines() for i, go_sum_line in enumerate(lines): parts = go_sum_line.split() if not parts: @@ -905,7 +922,7 @@ def _parse_go_sum(module_dir: RootedPath) -> frozenset[ModuleID]: # of go.sum for checksum verification log.warning( "%s:%d: malformed line, skipping the rest of the file: %r", - go_sum.subpath_from_root, + go_sum_file.subpath_from_root, i + 1, go_sum_line, ) @@ -917,7 +934,7 @@ def _parse_go_sum(module_dir: RootedPath) -> frozenset[ModuleID]: modules.append((name, version)) - return frozenset(modules) + return modules def _deduplicate_resolved_modules(