fix(crypto): take source URI type and revision into hashing

Hashing only the URL part will lead to dirty caches.

Author: xtexx

acbs/crypto.py

@@ -18,12 +18,6 @@ def check_hash_hashlib_inner(chksum_type: str, target_file: str) -> Optional[str
     return target_hash
 
 
-def hash_url(url: str) -> str:
-    hash_obj = hashlib.new('sha256')
-    hash_obj.update(url.encode('utf-8'))
-    return hash_obj.hexdigest()
-
-
 def check_hash_hashlib(chksum_tuple: Tuple[str, str], target_file: str) -> None:
     hash_type, hash_value = chksum_tuple
     hash_type = hash_type.lower()

acbs/fetch.py

@@ -1,3 +1,4 @@
+import hashlib
 import http.client
 import logging
 import os
@@ -9,7 +10,7 @@
 from urllib.parse import urlparse
 
 from acbs.base import ACBSPackageInfo, ACBSSourceInfo
-from acbs.crypto import check_hash_hashlib, hash_url
+from acbs.crypto import check_hash_hashlib
 from acbs.utils import guess_extension_name
 
 fetcher_signature = Callable[[ACBSSourceInfo,
@@ -28,8 +29,8 @@ def fetch_source(info: List[ACBSSourceInfo], source_location: str, package_name:
         # in generate mode, we need to fetch all the sources
         if not i.enabled and not generate_mode:
             logging.info(f'Source {count} skipped.')
-        url_hash = hash_url(i.url)
-        fetch_source_inner(i, source_location, url_hash)
+        uri_hash = hash_source_uri(i)
+        fetch_source_inner(i, source_location, uri_hash)
     return None
 
 
@@ -64,13 +65,21 @@ def process_source(info: ACBSPackageInfo, source_name: str) -> None:
     return
 
 
+def hash_source_uri(uri: ACBSSourceInfo) -> str:
+    hash_obj = hashlib.new("sha256")
+    hash_obj.update(uri.type.encode("utf-8"))
+    hash_obj.update(uri.url.encode("utf-8"))
+    hash_obj.update(uri.revision.encode("utf-8") if uri.revision else b'NONE')
+    hash_obj.update(uri.branch.encode("utf-8") if uri.branch else b"NONE")
+    return hash_obj.hexdigest()
+
+
 # Fetchers implementations
 def tarball_fetch(info: ACBSSourceInfo, source_location: str, name: str) -> Optional[ACBSSourceInfo]:
     if source_location:
-        filename = hash_url(info.url)
         if not info.chksum[1] and not generate_mode:
             raise ValueError('No checksum found. Please specify the checksum!')
-        full_path = os.path.join(source_location, filename)
+        full_path = os.path.join(source_location, name)
         try:
             wget_download(info.url, full_path)
             info.source_location = full_path

tests/test.py

@@ -1,6 +1,7 @@
 import unittest
 import unittest.mock
 
+import acbs.fetch
 import acbs.find
 import acbs.parser
 import acbs.pm
@@ -157,6 +158,28 @@ def test_guess_extension_name(self):
         self.assertEqual(guess_extension_name('test-1.2.3.bin'), '.bin')
         self.assertEqual(guess_extension_name('test'), '')
 
+    def test_source_uri_hash(self):
+        self.assertNotEqual(
+            acbs.fetch.hash_source_uri(
+                acbs.parser.parse_url_schema('pypi::version=1.0.0::acbs', 'SKIP')
+            ),
+            acbs.fetch.hash_source_uri(
+                acbs.parser.parse_url_schema('pypi::version=1.0.1::acbs', 'SKIP')
+            ),
+        )
+        self.assertNotEqual(
+            acbs.fetch.hash_source_uri(
+                acbs.parser.parse_url_schema(
+                    'tbl::https://github.com/AOSC-Dev/aosc-os-abbs', 'SKIP'
+                )
+            ),
+            acbs.fetch.hash_source_uri(
+                acbs.parser.parse_url_schema(
+                    'git::https://github.com/AOSC-Dev/aosc-os-abbs', 'SKIP'
+                )
+            ),
+        )
+
 
 if __name__ == '__main__':
     unittest.main()