mip: hash checks for third-party libraries #718
Description
I'm trying to use hashes in the package.json file for my private package.
This package is hosted on a server on a private local network.
When doing a clean install on an ESP32C3 microcontroller, mip will do the hash comparison and download the files if necessary. Here, however, urequests will raise an Error 404 exception because it tries to find the package in the micropython index instead of the local server I indicated.
The code responsible for this I have referenced below.
https://github.com/micropython/micropython-lib/blob/01ab7ba6e27e0b7350e9f6da5b7096fa0a7b0d70/micropython/mip/mip/__init__.py#L105C1-L113C29
I want to be able to use hashes to check for code updates/integrity and to then download it from my private index/server.
The url to the package.json is already available and the file location (target_path) is paired with the hash, so all information needed is already present.
I am not sure if the use of hashes in this way is intended or desired. It does save me a lot of time implementing my own update script.
Possible (not sure if correct) solution:
if not target:
file_url = "{}/file/{}/{}".format(index, short_hash[:2], short_hash)
else:
file_url = package_json_url.rstrip('package.json') + target_path
if not _download_file(file_url, fs_target_path):
print("File not found: {} {}".format(target_path, short_hash))
return False