try to synchronize index.pidx with psdc when adding (#548)

## Fixes
try to correct different version numbers between index.pidx and
corresponding PDSC when adding

## Checklist
<!-- Put an `x` in the boxes. All tasks must be completed and boxes
checked before merging. -->
- [x] 🤖 This change is covered by unit tests (if applicable).
- [x] 🤹 Manual testing has been performed (if necessary).
- [x] 🛡️ Security impacts have been considered (if relevant).
- [x] 📖 Documentation updates are complete (if required).
- [x] 🧠 Third-party dependencies and TPIP updated (if required).

---------

Co-authored-by: Sourabh Mehta <[email protected]>

Author: bgn42

cmd/commands/add.go

@@ -100,7 +100,7 @@ Add a pack using the following "<pack>" specification or using packs provided by
 		installer.UnlockPackRoot()
 		for _, packPath := range args {
 			var err error
-			if filepath.Ext(packPath) == ".pdsc" {
+			if filepath.Ext(packPath) == installer.PdscExtension {
 				err = installer.AddPdsc(packPath)
 			} else {
 				err = installer.AddPack(packPath, !addCmdFlags.skipEula, addCmdFlags.extractEula, addCmdFlags.forceReinstall, addCmdFlags.noRequirements, false, viper.GetInt("timeout"))

cmd/commands/rm.go

@@ -60,7 +60,7 @@ please use "--purge".`,
 		installer.UnlockPackRoot()
 		for _, packPath := range args {
 			var err error
-			if filepath.Ext(packPath) == ".pdsc" {
+			if filepath.Ext(packPath) == installer.PdscExtension {
 				err = installer.RemovePdsc(packPath)
 				if err == errs.ErrPdscEntryNotFound {
 					err = errs.ErrPackNotInstalled

cmd/commands/root.go

@@ -79,7 +79,7 @@ func configureInstaller(cmd *cobra.Command, args []string) error {
 			// Exclude index updating commands to not double update
 			if cmd.Name() != "init" && cmd.Name() != "index" && cmd.Name() != "update-index" && cmd.Name() != "list" {
 				installer.UnlockPackRoot()
-				err = installer.UpdatePublicIndex(installer.DefaultPublicIndex, true, true, false, false, 0, 0)
+				err = installer.UpdatePublicIndex(installer.ActualPublicIndex, true, true, false, false, 0, 0)
 				if err != nil {
 					return err
 				}

cmd/cryptography/checksum.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	errs "github.com/open-cmsis-pack/cpackget/cmd/errors"
+	"github.com/open-cmsis-pack/cpackget/cmd/installer"
 	"github.com/open-cmsis-pack/cpackget/cmd/utils"
 	log "github.com/sirupsen/logrus"
 )
@@ -51,7 +52,7 @@ func GenerateChecksum(sourcePack, destinationDir, hashFunction string) error {
 		return errs.ErrHashNotSupported
 	}
 	if !utils.FileExists(sourcePack) {
-		log.Errorf("\"%s\" does not exist", sourcePack)
+		log.Errorf("%q does not exist", sourcePack)
 		return errs.ErrFileNotFound
 	}
 
@@ -63,11 +64,11 @@ func GenerateChecksum(sourcePack, destinationDir, hashFunction string) error {
 		if !utils.DirExists(destinationDir) {
 			return errs.ErrDirectoryNotFound
 		}
-		base = filepath.Clean(destinationDir) + string(filepath.Separator) + strings.TrimSuffix(string(filepath.Base(sourcePack)), ".pack")
+		base = filepath.Clean(destinationDir) + string(filepath.Separator) + strings.TrimSuffix(string(filepath.Base(sourcePack)), installer.PackExtension)
 	}
 	checksumFilename := base + "." + strings.ReplaceAll(hashFunction, "-", "") + ".checksum"
 	if utils.FileExists(checksumFilename) {
-		log.Errorf("\"%s\" already exists, choose a diferent path", checksumFilename)
+		log.Errorf("%q already exists, choose a different path", checksumFilename)
 		return errs.ErrPathAlreadyExists
 	}
 
@@ -86,7 +87,7 @@ func GenerateChecksum(sourcePack, destinationDir, hashFunction string) error {
 // according to a provided .checksum file.
 func VerifyChecksum(packPath, checksumPath string) error {
 	if !utils.FileExists(packPath) {
-		log.Errorf("\"%s\" does not exist", packPath)
+		log.Errorf("%q does not exist", packPath)
 		return errs.ErrFileNotFound
 	}
 
@@ -95,15 +96,15 @@ func VerifyChecksum(packPath, checksumPath string) error {
 	// exist .checksums with different algos in the same dir
 	if checksumPath == "" {
 		for _, hash := range Hashes {
-			checksumPath = strings.ReplaceAll(packPath, ".pack", "."+hash+".checksum")
+			checksumPath = strings.ReplaceAll(packPath, installer.PackExtension, "."+hash+".checksum")
 			if utils.FileExists(checksumPath) {
 				break
 			}
 		}
 	}
 
 	if !utils.FileExists(checksumPath) {
-		log.Errorf("\"%s\" does not exist", checksumPath)
+		log.Errorf("%q does not exist", checksumPath)
 		return errs.ErrFileNotFound
 	}
 	hashFunction := filepath.Ext(strings.Split(checksumPath, ".checksum")[0])[1:]
@@ -137,7 +138,7 @@ func VerifyChecksum(packPath, checksumPath string) error {
 
 		if digests[targetFile] != targetDigest {
 			if digests[targetFile] == "" {
-				log.Errorf("\"%s\" does not exist in the provided pack but is listed in the checksum file", targetFile)
+				log.Errorf("%q does not exist in the provided pack but is listed in the checksum file", targetFile)
 				return errs.ErrIntegrityCheckFailed
 			}
 			log.Debugf("%s != %s", digests[targetFile], targetDigest)

cmd/cryptography/signature.go

@@ -324,19 +324,19 @@ func embedPack(packFilename, version string, z *zip.ReadCloser, rawCert, signedH
 // specific creation functions.
 func SignPack(packPath, certPath, keyPath, outputDir, version string, certOnly, skipCertValidation, skipInfo bool) error {
 	if !utils.FileExists(packPath) {
-		log.Errorf("\"%s\" does not exist", packPath)
+		log.Errorf("%q does not exist", packPath)
 		return errs.ErrFileNotFound
 	}
 	// Flag validation is already performed in the command package,
 	// so we can assume they make sense
 	if keyPath != "" && !utils.FileExists(keyPath) {
-		log.Errorf("\"%s\" does not exist", keyPath)
+		log.Errorf("%q does not exist", keyPath)
 		return errs.ErrFileNotFound
 	}
 	pgp := false
 	if certPath != "" {
 		if !utils.FileExists(certPath) {
-			log.Errorf("\"%s\" does not exist", certPath)
+			log.Errorf("%q does not exist", certPath)
 			return errs.ErrFileNotFound
 		}
 	} else {
@@ -362,7 +362,7 @@ func SignPack(packPath, certPath, keyPath, outputDir, version string, certOnly,
 
 	zip, err := zip.OpenReader(packPath)
 	if err != nil {
-		log.Errorf("Can't decompress \"%s\": %s", packPath, err)
+		log.Errorf("Can't decompress %q: %s", packPath, err)
 		return errs.ErrFailedDecompressingFile
 	}
 	switch validateSignatureScheme(zip, version, true) {
@@ -514,16 +514,16 @@ func verifyPackPGPSignature(zip *zip.ReadCloser, keyPath, b64Signature string) e
 // specific validation functions.
 func VerifyPackSignature(packPath, pubPath, version string, export, skipCertValidation, skipInfo bool) error {
 	if !utils.FileExists(packPath) {
-		log.Errorf("\"%s\" does not exist", packPath)
+		log.Errorf("%q does not exist", packPath)
 		return errs.ErrFileNotFound
 	}
 	if pubPath != "" && !utils.FileExists(pubPath) {
-		log.Errorf("\"%s\" does not exist", packPath)
+		log.Errorf("%q does not exist", packPath)
 		return errs.ErrFileNotFound
 	}
 	zip, err := zip.OpenReader(packPath)
 	if err != nil {
-		log.Errorf("Can't decompress \"%s\": %s", packPath, err)
+		log.Errorf("Can't decompress %q: %s", packPath, err)
 		return errs.ErrFailedDecompressingFile
 	}
 

cmd/cryptography/utils.go

@@ -100,7 +100,7 @@ func getDigestList(sourcePack, hashFunction string) (map[string]string, error) {
 
 	zipReader, err := zip.OpenReader(sourcePack)
 	if err != nil {
-		log.Errorf("can't decompress \"%s\": %s", sourcePack, err)
+		log.Errorf("can't decompress %q: %s", sourcePack, err)
 		return nil, errs.ErrFailedDecompressingFile
 	}
 

cmd/installer/pack.go

@@ -155,7 +155,7 @@ func preparePack(packPath string, toBeRemoved, forceLatest, noLocal, nometa bool
 
 	if pack.isPackID && nometa {
 		if meta, found := utils.SemverHasMeta(pack.Version); found {
-			return pack, fmt.Errorf("%w: \"%s\". Expected vendor.pack.version", errs.ErrBadPackVersion, meta)
+			return pack, fmt.Errorf("%w: %q. Expected vendor.pack.version", errs.ErrBadPackVersion, meta)
 		}
 	}
 
@@ -188,20 +188,20 @@ func preparePack(packPath string, toBeRemoved, forceLatest, noLocal, nometa bool
 // Returns:
 //   - error: an error object if the file does not exist or if there is an issue during download.
 func (p *PackType) fetch(timeout int) error {
-	log.Debugf("Fetching pack file \"%s\" (or just making sure it exists locally)", p.path)
+	log.Debugf("Fetching pack file %q (or just making sure it exists locally)", p.path)
 	var err error
 	if strings.HasPrefix(p.path, "http") {
-		p.path, err = utils.DownloadFile(p.path, false, timeout)
+		p.path, err = utils.DownloadFile(p.path, true, false, timeout)
 		if err == errs.ErrTerminatedByUser {
-			log.Infof("Aborting pack download. Removing \"%s\"", p.path)
+			log.Infof("Aborting pack download. Removing %q", p.path)
 		}
 
 		p.isDownloaded = true
 		return err
 	}
 
 	if !utils.FileExists(p.path) {
-		log.Errorf("File \"%s\" doesn't exist", p.path)
+		log.Errorf("File %q doesn't exist", p.path)
 		return errs.ErrFileNotFound
 	}
 
@@ -212,10 +212,10 @@ func (p *PackType) fetch(timeout int) error {
 // to be installed.
 func (p *PackType) validate() error {
 	log.Debug("Validating pack")
-	pdscFileName := p.PdscFileName()
+	myPdscFileName := p.PdscFileName()
 	for _, file := range p.zipReader.File {
-		if filepath.Base(file.Name) == pdscFileName {
-
+		ext := strings.ToLower(filepath.Ext(file.Name))
+		if ext == PdscExtension {
 			// Check if pack was compressed in a subfolder
 			subfoldersCount := strings.Count(file.Name, "/") + strings.Count(file.Name, "\\")
 			if subfoldersCount > 1 {
@@ -226,10 +226,12 @@ func (p *PackType) validate() error {
 
 			// Ensure the file path does not contain ".."
 			if strings.Contains(file.Name, "..") {
-				log.Errorf("File \"%s\" invalid file path", file.Name)
+				log.Errorf("File %q invalid file path", file.Name)
 				return errs.ErrInvalidFilePath
 			}
 
+			myPdscFileName = p.PackID() + filepath.Ext(file.Name)
+
 			// Read pack's pdsc
 			tmpPdscFileName := filepath.Join(os.TempDir(), utils.RandStringBytes(10))
 			defer os.RemoveAll(tmpPdscFileName)
@@ -247,20 +249,31 @@ func (p *PackType) validate() error {
 			version := p.GetVersion()
 			latestVersion := p.Pdsc.LatestVersion()
 
-			log.Debugf("Making sure %s is the latest release in %s", p.targetVersion, pdscFileName)
+			log.Debugf("Making sure %s is the latest release in %s", version, myPdscFileName)
 
 			if utils.SemverCompare(version, latestVersion) != 0 {
 				releaseTag := p.Pdsc.FindReleaseTagByVersion(version)
 				if releaseTag == nil {
-					log.Errorf("The pack's pdsc (%s) has no release tag matching version \"%s\"", pdscFileName, version)
+					log.Errorf("The pack's pdsc (%s) has no release tag matching version %q", myPdscFileName, version)
 					return errs.ErrPackVersionNotFoundInPdsc
 				}
 
-				log.Errorf("The latest release (%s) in pack's pdsc (%s) does not match pack version \"%s\"", latestVersion, pdscFileName, version)
+				log.Errorf("The latest release (%s) in pack's pdsc (%s) does not match pack version %q", latestVersion, myPdscFileName, version)
 				return errs.ErrPackVersionNotLatestReleasePdsc
 			}
 
 			p.Pdsc.FileName = file.Name
+
+			pdscFileName := p.PdscFileName()                          // destination file name in .Download directory
+			pdscFilePath := filepath.Join(tmpPdscFileName, file.Name) // #nosec
+			newPdscFileName := p.PdscFileNameWithVersion()
+
+			if !p.IsPublic {
+				_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.LocalDir, pdscFileName))
+			}
+
+			_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.DownloadDir, newPdscFileName))
+
 			return nil
 		} else {
 			if strings.Contains(file.Name, "..") {
@@ -269,7 +282,7 @@ func (p *PackType) validate() error {
 		}
 	}
 
-	log.Errorf("\"%s\" not found in \"%s\"", pdscFileName, p.path)
+	log.Errorf("%q not found in %q", myPdscFileName, p.path)
 	return errs.ErrPdscFileNotFound
 }
 
@@ -329,12 +342,12 @@ func (p *PackType) install(installation *PacksInstallationType, checkEula bool)
 	p.path = filepath.FromSlash(p.path)
 	p.path = filepath.Clean(p.path)
 
-	log.Debugf("Installing \"%s\"", p.path)
+	log.Debugf("Installing %q", p.path)
 
 	var err error
 	p.zipReader, err = zip.OpenReader(p.path)
 	if err != nil {
-		log.Errorf("Can't decompress \"%s\": %s", p.path, err)
+		log.Errorf("Can't decompress %q: %s", p.path, err)
 		return errs.ErrFailedDecompressingFile
 	}
 
@@ -379,12 +392,12 @@ func (p *PackType) install(installation *PacksInstallationType, checkEula bool)
 	// Inflate all files
 	err = utils.EnsureDir(packHomeDir)
 	if err != nil {
-		log.Errorf("Can't access pack directory \"%s\": %s", packHomeDir, err)
+		log.Errorf("Can't access pack directory %q: %s", packHomeDir, err)
 		return err
 	}
 
 	if log.IsLevelEnabled(log.DebugLevel) {
-		log.Debugf("Extracting files from \"%s\" to \"%s\"", p.path, packHomeDir)
+		log.Debugf("Extracting files from %q to %q", p.path, packHomeDir)
 	} else {
 		log.Infof("Extracting files to %s...", packHomeDir)
 	}
@@ -411,7 +424,7 @@ func (p *PackType) install(installation *PacksInstallationType, checkEula bool)
 			defer p.zipReader.Close()
 
 			if err == errs.ErrTerminatedByUser {
-				log.Infof("Aborting pack extraction. Removing \"%s\"", packHomeDir)
+				log.Infof("Aborting pack extraction. Removing %q", packHomeDir)
 				if newErr := p.uninstall(installation); newErr != nil {
 					log.Error(err)
 				}
@@ -423,16 +436,6 @@ func (p *PackType) install(installation *PacksInstallationType, checkEula bool)
 	// Close zip file so Windows can't complain if we rename it
 	p.zipReader.Close()
 
-	pdscFileName := p.PdscFileName()
-	pdscFilePath := filepath.Join(packHomeDir, pdscFileName)
-	newPdscFileName := p.PdscFileNameWithVersion()
-
-	if !p.IsPublic {
-		_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.LocalDir, pdscFileName))
-	}
-
-	_ = utils.CopyFile(pdscFilePath, filepath.Join(Installation.DownloadDir, newPdscFileName))
-
 	if !p.isDownloaded {
 		return utils.CopyFile(p.path, packBackupPath)
 	}
@@ -552,7 +555,7 @@ func (p *PackType) extractEula(packPath string) error {
 	eulaFileName := packPath + "." + filepath.Base(p.Pdsc.License)
 
 	if utils.GetEncodedProgress() {
-		log.Infof("[L:F\"%s\"]", eulaFileName)
+		log.Infof("[L:F%q]", eulaFileName)
 	} else {
 		log.Infof("Extracting embedded license to %v", eulaFileName)
 	}
@@ -562,7 +565,7 @@ func (p *PackType) extractEula(packPath string) error {
 		os.Remove(eulaFileName)
 	}
 	if utils.FileExists(eulaFileName) {
-		log.Errorf("Cannot remove previous copy of license file: \"%s\"", eulaFileName)
+		log.Errorf("Cannot remove previous copy of license file: %q", eulaFileName)
 		return errs.ErrFailedCreatingFile
 	}
 
@@ -572,7 +575,7 @@ func (p *PackType) extractEula(packPath string) error {
 // resolveVersionModifier takes into account eventual versionModifiers (@, @^, @~ and @>=) to determine
 // which version of a pack should be targeted for installation
 func (p *PackType) resolveVersionModifier(pdscXML *xml.PdscXML) {
-	log.Debugf("Resolving version modifier for \"%s\" using PDSC \"%s\"", p.path, pdscXML.FileName)
+	log.Debugf("Resolving version modifier for %q using PDSC %q", p.path, pdscXML.FileName)
 
 	if p.versionModifier == utils.ExactVersion {
 		p.targetVersion = p.Version
@@ -728,17 +731,17 @@ func (p *PackType) PackIDWithVersion() string {
 
 // PackFileName returns a string with how the pack file name would be: Vendor.PackName.x.y.z.pack
 func (p *PackType) PackFileName() string {
-	return p.PackIDWithVersion() + ".pack"
+	return p.PackIDWithVersion() + PackExtension
 }
 
 // PdscFileName returns a string with how the pack's pdsc file name would be: Vendor.PackName.pdsc
 func (p *PackType) PdscFileName() string {
-	return p.PackID() + ".pdsc"
+	return p.PackID() + PdscExtension
 }
 
 // PdscFileNameWithVersion returns a string with how the pack's pdsc file name would be: Vendor.PackName.x.y.z.pdsc
 func (p *PackType) PdscFileNameWithVersion() string {
-	return p.PackIDWithVersion() + ".pdsc"
+	return p.PackIDWithVersion() + PdscExtension
 }
 
 // GetVersion makes sure to get the latest version for the pack