Add outer checksum (#65)

* Deprecate inner checksum * Do not allow comments in safe_erl_term * Forward compatible tarball contents by not failing on unknown files
hexpm · Jul 27, 2019 · 8c756fd · 8c756fd
1 parent 017e60d
commit 8c756fd
Show file tree

Hide file tree

Showing 8 changed files with 346 additions and 405 deletions.
diff --git a/README.md b/README.md
@@ -91,13 +91,18 @@ Publish package tarball:
 Unpack package tarball:
 
 ```erlang
-{ok, #{checksum := Checksum, contents := Contents, metadata := Metadata}} = hex_tarball:unpack(Tarball, memory).
+{ok, #{outer_checksum := Checksum, contents := Contents, metadata := Metadata}} = hex_tarball:unpack(Tarball, memory).
 ```
 
+Remember to verify the outer tarball checksum against the registry checksum
+returned from `hex_repo:get_package(Config, Package)`.
+
 Create package tarball:
 
 ```erlang
-{ok, {Tarball, Checksum}} = hex_tarball:create(Metadata, Contents).
+{ok, #{tarball := Tarball,
+       inner_checksum := InnerChecksum,
+       outer_checksum := OuterChecksum}} = hex_tarball:create(Metadata, Contents).
 ```
 
 ## Configuration

diff --git a/proto/hex_pb_package.proto b/proto/hex_pb_package.proto
@@ -12,13 +12,17 @@ message Package {
 message Release {
   // Release version
   required string version = 1;
-  // sha256 checksum of package tarball
-  required bytes checksum = 2;
+  // sha256 checksum of "inner" package tarball
+  // deprecated in favor of outer_checksum
+  required bytes inner_checksum = 2;
   // All dependencies of the release
   repeated Dependency dependencies = 3;
   // If set the release is retired, a retired release should only be
   // resolved if it has already been locked in a project
   optional RetirementStatus retired = 4;
+  // sha256 checksum of outer package tarball
+  // required when encoding but optional when decoding
+  optional bytes outer_checksum = 5;
 }
 
 message RetirementStatus {