v3: collision-safe SHA-256 key encoding#21
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
a/banda:bpreviously sanitized to the same directory namea_b, silently returning wrong cache entries. Keys are now SHA-256 hashed into fixed-length (66-char) directory names, eliminating collisions and NAME_MAX issues with long keys.find -maxdepth/-mindepthwith POSIX-compatible alternatives; added macOS to the CI test matrix.encode_key,append_summary, and constants moved tolib/cache-common.sh, sourced by both scripts. CI test assertions also source this file so encoding stays in sync automatically..local-cache-keymetadata file, since SHA-256 hashes are not prefix-preserving.This is a v3 major version because the on-disk cache layout changes. The README, SECURITY.md, and action.yml are updated accordingly, including an "Upgrading from v2" section.
Test plan
shellcheckandsh -npass on all three shell scriptsa/bvsa:b), dot keys (.,..), prefix matching, legacy v2 entry fallback, metadata file exclusion from restore targetsubuntu-latestandmacos-latest(matrix added in this PR)🤖 Generated with Claude Code