feat: update package dependencies and enhance checksum verification with b2 and b2sum support

This commit is contained in:
2026-03-10 14:00:03 -05:00
parent 233bd1f1fe
commit adbdf80c0e
7 changed files with 85 additions and 9 deletions
+7 -1
View File
@@ -290,6 +290,7 @@ pub fn fetch_archive(spec: &PackageSpec, source: &Source, cache_dir: &Path) -> R
/// - `sha256:<hex>` (or just `<hex>` — default)
/// - `sha512:<hex>`
/// - `md5:<hex>`
/// - `b2:<hex>` / `b2sum:<hex>`
/// - `skip` to bypass verification
fn verify_checksum(path: &Path, expected: &str) -> Result<bool> {
// Delegate to the shared checker in the parent `source` module.
@@ -731,7 +732,7 @@ mod tests {
}
#[test]
fn verify_checksum_accepts_md5_sha512_and_default_sha256() {
fn verify_checksum_accepts_md5_sha512_b2sum_and_default_sha256() {
use sha2::Digest;
use sha2::Sha256;
use sha2::Sha512;
@@ -753,6 +754,9 @@ mod tests {
};
let md5_hex = format!("{:x}", md5::compute(b"abc"));
let b2_hex = b2sum_rust::Blake2bSum::new(64)
.read(tmp.path())
.to_ascii_lowercase();
// unprefixed should default to sha256
assert!(verify_checksum(tmp.path(), &sha256_hex).unwrap());
@@ -760,6 +764,8 @@ mod tests {
assert!(verify_checksum(tmp.path(), &format!("sha256:{}", sha256_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("sha512:{}", sha512_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("md5:{}", md5_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("b2:{}", b2_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("b2sum:{}", b2_hex)).unwrap());
// empty algorithm before colon -> assume sha256
assert!(verify_checksum(tmp.path(), &format!(":{}", sha256_hex)).unwrap());
// negative: wrong value fails
+11 -1
View File
@@ -181,7 +181,8 @@ fn copy_manual_source_file(
/// Verify a file against an `expected` checksum string.
///
/// Formats accepted: `sha256:HEX`, `sha512:HEX`, `md5:HEX`, or plain `HEX` (assumed sha256).
/// Formats accepted: `sha256:HEX`, `sha512:HEX`, `md5:HEX`, `b2:HEX`,
/// `b2sum:HEX`, or plain `HEX` (assumed sha256).
fn verify_file_hash(path: &Path, expected: &str) -> Result<bool> {
use anyhow::bail;
use std::io::Read;
@@ -251,6 +252,10 @@ fn verify_file_hash(path: &Path, expected: &str) -> Result<bool> {
let actual = format!("{:x}", digest);
Ok(actual == hex)
}
"b2" | "b2sum" => {
let actual = b2sum_rust::Blake2bSum::new(64).read(path);
Ok(actual.eq_ignore_ascii_case(&hex))
}
_ => bail!("Unsupported checksum algorithm: {}", alg),
}
}
@@ -716,11 +721,16 @@ mod tests {
format!("{:x}", h.finalize())
};
let md5_hex = format!("{:x}", md5::compute(b"abc"));
let b2_hex = b2sum_rust::Blake2bSum::new(64)
.read(tmp.path())
.to_ascii_lowercase();
assert!(verify_file_hash(tmp.path(), &sha256_hex).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("sha256:{}", sha256_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("sha512:{}", sha512_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("md5:{}", md5_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("b2:{}", b2_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("b2sum:{}", b2_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!(":{}", sha256_hex)).unwrap());
assert!(!verify_file_hash(tmp.path(), "md5:deadbeef").unwrap());
}