actions/cargo-binstall
1
0
Fork 0
mirror of https://github.com/cargo-bins/cargo-binstall.git synced 2025-04-25 06:40:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat: Verify cksum of crate tarball from cargo registry (#1260)

Browse source 
Fixed #1183

Since the crate tarball could be downloaded from a different set of
servers than where the cargo registry is hosted, verifying the checksum
is necessary to verify its integrity.

Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
This commit is contained in:
Jiahao XU 2023-08-09 20:57:47 +10:00 committed by GitHub
parent 1c886d8897
commit 3e80b12748
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 112 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

7
crates/binstalk/src/drivers/registry.rs
View file

@ -1,5 +1,6 @@
use std::{str::FromStr, sync::Arc};
use base16::DecodeError as Base16DecodeError;
use cargo_toml::Manifest;
use compact_str::CompactString;
use leon::{ParseError, RenderError};
@ -56,6 +57,12 @@ pub enum RegistryError {
#[error("Failed to render dl config: {0}")]
RenderDlConfig(#[from] RenderError),
#[error("Failed to parse checksum encoded in hex: {0}")]
InvalidHex(#[from] Base16DecodeError),
#[error("Expected checksum `{expected}`, actual checksum `{actual}`")]
UnmatchedChecksum { expected: String, actual: String },
}
#[derive(Clone, Debug)]