Fix custom scie_jump digest validation. (#180)

Fixes #179

Author: jsirois

CHANGES.md

@@ -1,5 +1,12 @@
 # Release Notes
 
+## 0.15.2
+
+This release fixes validation of custom `scie_jump`s with some portion of their digest filled out.
+Now, if you specify a `size` or a `fingerprint` or both for the `lift.scie_jump.digest`, the
+corresponding property of the downloaded `scie-jump` binary will be validated or else the scie
+build will fail with an informative message.
+
 ## 0.15.1
 
 This release fixes a bug present since the initial 0.1.0 release for `--hash shake_*`. The SHAKE

science/__init__.py

@@ -3,6 +3,6 @@
 
 from packaging.version import Version
 
-__version__ = "0.15.1"
+__version__ = "0.15.2"
 
 VERSION = Version(__version__)

science/a_scie.py

@@ -20,6 +20,7 @@
 @dataclass(frozen=True)
 class LoadResult(FetchResult):
     binary_name: str
+    version: Version | None = None
 
 
 def load_project_release(
@@ -44,7 +45,9 @@ def load_project_release(
         executable=True,
         ttl=ttl,
     )
-    return LoadResult(path=result.path, digest=result.digest, binary_name=qualified_binary_name)
+    return LoadResult(
+        path=result.path, digest=result.digest, binary_name=qualified_binary_name, version=version
+    )
 
 
 def jump(

science/commands/build.py

@@ -42,14 +42,13 @@ def assemble_scies(
     native_jump_path = (a_scie.custom_jump(repo_path=use_jump) if use_jump else a_scie.jump()).path
 
     scies = list[ScieAssembly]()
-    for platform_spec, lift_manifest in lift.export_manifest(
-        lift_config, application, dest_dir=dest_dir, platform_specs=platform_specs
+    for platform_spec, lift_manifest, jump_path in lift.export_manifest(
+        lift_config,
+        application,
+        dest_dir=dest_dir,
+        platform_specs=platform_specs,
+        use_jump=use_jump,
     ):
-        jump_path = (
-            a_scie.custom_jump(repo_path=use_jump)
-            if use_jump
-            else a_scie.jump(specification=application.scie_jump, platform=platform_spec.platform)
-        ).path
         with temporary_directory("assemble") as build_dir:
             subprocess.run(
                 args=[str(native_jump_path), "-sj", str(jump_path), lift_manifest],

science/commands/lift.py

@@ -101,7 +101,8 @@ def export_manifest(
     dest_dir: Path,
     *,
     platform_specs: Iterable[PlatformSpec] | None = None,
-) -> Iterator[tuple[PlatformSpec, Path]]:
+    use_jump: Path | None = None,
+) -> Iterator[tuple[PlatformSpec, Path, Path]]:
     app_info = AppInfo.assemble(lift_config.app_info)
 
     for platform_spec in platform_specs or application.platform_specs:
@@ -232,14 +233,24 @@ def maybe_invert_lazy(file: File) -> File:
 
         build_info = application.build_info if lift_config.include_provenance else None
 
+        load_result = (
+            a_scie.custom_jump(repo_path=use_jump)
+            if use_jump
+            else a_scie.jump(specification=application.scie_jump, platform=platform_spec.platform)
+        )
+        if load_result.version:
+            scie_jump = ScieJump(version=load_result.version, digest=load_result.digest)
+        else:
+            scie_jump = ScieJump()
+
         with open(lift_manifest, "w") as lift_manifest_output:
             _emit_manifest(
                 lift_manifest_output,
                 name=application.name,
                 description=application.description,
                 load_dotenv=application.load_dotenv,
                 base=application.base,
-                scie_jump=application.scie_jump or ScieJump(),
+                scie_jump=scie_jump,
                 platform_spec=platform_spec,
                 distributions=distributions,
                 interpreter_groups=application.interpreter_groups,
@@ -250,7 +261,7 @@ def maybe_invert_lazy(file: File) -> File:
                 build_info=build_info,
                 app_info=app_info,
             )
-        yield platform_spec, lift_manifest
+        yield platform_spec, lift_manifest, load_result.path
 
 
 def _render_file(file: File) -> dict[str, Any]:

science/exe.py

@@ -782,7 +782,7 @@ def export(
     application = parse_application(lift_config, config)
     platform_info = PlatformInfo.create(application, use_suffix=use_platform_suffix)
     with temporary_directory("export") as td:
-        for _, manifest_path in lift.export_manifest(
+        for _, manifest_path, _ in lift.export_manifest(
             lift_config, application, dest_dir=td, platform_specs=lift_config.platform_specs
         ):
             lift_manifest = dest_dir / (

science/hashing.py

@@ -51,8 +51,8 @@ def __getattr__(self, name: str) -> Any:
 
 @documented_dataclass(frozen=True, alias="digest")
 class Digest:
-    size: int
-    fingerprint: Fingerprint
+    size: int | None = None
+    fingerprint: Fingerprint | None = None
 
     @classmethod
     def hasher(cls, underlying: BinaryIO, algorithm: str = DEFAULT_ALGORITHM) -> BinaryHasher:
@@ -71,7 +71,7 @@ def hash(cls, path: Path, algorithm: str = DEFAULT_ALGORITHM) -> Digest:
 
 @dataclass(frozen=True)
 class ExpectedDigest:
-    fingerprint: Fingerprint
+    fingerprint: Fingerprint | None = None
     algorithm: str = DEFAULT_ALGORITHM
     size: int | None = None
 
@@ -86,7 +86,7 @@ def maybe_check_size(self, subject: str, actual_size: Callable[[], int]) -> None
             )
 
     def check_fingerprint(self, subject: str, actual_fingerprint: Fingerprint) -> None:
-        if self.fingerprint != actual_fingerprint:
+        if self.fingerprint and self.fingerprint != actual_fingerprint:
             raise InputError(
                 f"The {subject} has unexpected contents.\n"
                 f"Expected {self.algorithm} digest:\n"

science/model.py

@@ -226,13 +226,13 @@ def id(self) -> str:
     def placeholder(self) -> str:
         return f"{{{self.id}}}"
 
-    def maybe_check_digest(self, path: Path):
+    def maybe_check_digest(self, path: Path) -> None:
         if not self.digest:
             return
         if self.source and self.source.lazy:
             return
         expected_digest = ExpectedDigest(fingerprint=self.digest.fingerprint, size=self.digest.size)
-        return expected_digest.check_path(path)
+        expected_digest.check_path(path)
 
 
 class Url(str):

tests/test_exe.py

@@ -21,11 +21,14 @@
 
 import pytest
 import toml
+from packaging.version import Version
 from pytest import TempPathFactory
 from testing import issue
 
-from science import __version__
+from science import __version__, a_scie
 from science.config import parse_config_file
+from science.hashing import Digest, Fingerprint
+from science.model import ScieJump
 from science.os import IS_WINDOWS
 from science.platform import CURRENT_PLATFORM, CURRENT_PLATFORM_SPEC, LibC, Os, Platform
 from science.providers import PyPy
@@ -1211,3 +1214,219 @@ def scie_select(python) -> dict[str, Any]:
             "debug": 1,
             "free-threaded": 0,
         } == scie_select("python3.14d")
+
+
+def test_load_dotenv(tmp_path: Path, science_exe: Path) -> None:
+    dest = tmp_path / "dest"
+    chroot = tmp_path / "chroot"
+    chroot.mkdir(parents=True, exist_ok=True)
+
+    subprocess.run(
+        args=[str(science_exe), "lift", "build", "--dest-dir", str(dest), "-"],
+        input=dedent(
+            """\
+            [lift]
+            name = "exe"
+            load_dotenv = true
+
+            [[lift.interpreters]]
+            id = "cpython"
+            provider = "PythonBuildStandalone"
+            release = "20251120"
+            version = "3.14"
+            flavor = "install_only_stripped"
+
+            [[lift.commands]]
+            exe = "#{cpython:python}"
+            args = ["-c", "import os; print(os.environ.get('SLARTIBARTFAST', '<unset>'))"]
+            """
+        ),
+        cwd=chroot,
+        stdout=subprocess.PIPE,
+        text=True,
+        check=True,
+    )
+    exe = dest / "exe"
+    assert (
+        "<unset>"
+        == subprocess.run(args=[exe], stdout=subprocess.PIPE, text=True, check=True).stdout.strip()
+    )
+    (dest / ".env").write_text("SLARTIBARTFAST=42")
+    assert (
+        "<unset>"
+        == subprocess.run(args=[exe], stdout=subprocess.PIPE, text=True, check=True).stdout.strip()
+    )
+    assert (
+        "42"
+        == subprocess.run(
+            args=[exe], stdout=subprocess.PIPE, text=True, check=True, cwd=dest
+        ).stdout.strip()
+    )
+
+
+@pytest.mark.parametrize("version", ["1.8.0", "1.8.1", "1.8.2"])
+def test_custom_jump_nominal(tmp_path: Path, science_exe: Path, version: str) -> None:
+    dest = tmp_path / "dest"
+    chroot = tmp_path / "chroot"
+    chroot.mkdir(parents=True, exist_ok=True)
+
+    lift_manifest = chroot / "lift.toml"
+    lift_manifest.write_text(
+        dedent(
+            f"""\
+            [lift]
+            name = "exe"
+
+            [lift.scie_jump]
+            version = "{version}"
+
+            [[lift.interpreters]]
+            id = "cpython"
+            provider = "PythonBuildStandalone"
+            release = "20251120"
+            version = "3.14"
+            flavor = "install_only_stripped"
+
+            [[lift.commands]]
+            exe = "#{{cpython:python}}"
+            args = ["-V"]
+            """
+        )
+    )
+
+    cache_dir = tmp_path / "cache"
+    subprocess.run(
+        args=[str(science_exe), "lift", "build", "--dest-dir", str(dest), lift_manifest],
+        env={**os.environ, "SCIENCE_CACHE_DIR": str(cache_dir)},
+        check=True,
+    )
+    exe = dest / "exe"
+
+    split_dir = tmp_path / "split"
+    subprocess.run(args=[exe, split_dir], env={**os.environ, "SCIE": "split"}, check=True)
+    assert (
+        version
+        == subprocess.run(
+            args=[split_dir / "scie-jump", "-V"], stdout=subprocess.PIPE, text=True, check=True
+        ).stdout.strip()
+    )
+
+    result = subprocess.run(
+        args=[exe],
+        env={**os.environ, "SCIE": "inspect"},
+        stdout=subprocess.PIPE,
+        text=True,
+        check=True,
+    )
+    manifest = json.loads(result.stdout)
+    assert version == manifest["scie"]["jump"]["version"]
+
+    load_result = a_scie.jump(ScieJump(version=Version(version)))
+    assert load_result.digest.size == manifest["scie"]["jump"]["size"]
+    assert os.path.getsize(load_result.path) == manifest["scie"]["jump"]["size"]
+
+
+GOOD_SIZE = 2223910
+GOOD_FINGERPRINT = Fingerprint("e7ebc56578041eb5c92d819f948f9c8d5a671afaa337720d7d310f5311a2c5c3")
+
+BAD_SIZE = -1
+BAD_FINGERPRINT = Fingerprint("bad")
+
+
+def digest_id(digest: Digest) -> str:
+    if digest.size and digest.fingerprint:
+        components = ["digest"]
+        if digest.size == BAD_SIZE:
+            components.append("bad-size")
+        if digest.fingerprint == BAD_FINGERPRINT:
+            components.append("bad-fingerprint")
+        return "-".join(components)
+    if digest.size:
+        return "bad-size" if digest.size == BAD_SIZE else "size"
+    if digest.fingerprint:
+        return "bad-fingerprint" if digest.fingerprint == BAD_FINGERPRINT else "fingerprint"
+    raise AssertionError(f"Expected digest to have at least one field set: {digest}")
+
+
+@pytest.mark.parametrize(
+    "digest",
+    [
+        pytest.param(digest, id=digest_id(digest))
+        for digest in (
+            Digest(size=GOOD_SIZE, fingerprint=GOOD_FINGERPRINT),
+            Digest(size=BAD_SIZE, fingerprint=BAD_FINGERPRINT),
+            Digest(size=BAD_SIZE, fingerprint=GOOD_FINGERPRINT),
+            Digest(size=GOOD_SIZE, fingerprint=BAD_FINGERPRINT),
+            Digest(size=GOOD_SIZE),
+            Digest(size=BAD_SIZE),
+            Digest(fingerprint=GOOD_FINGERPRINT),
+            Digest(fingerprint=BAD_FINGERPRINT),
+        )
+    ],
+)
+def test_custom_jump_invalid(tmp_path: Path, science_exe: Path, digest: Digest) -> None:
+    dest = tmp_path / "dest"
+    chroot = tmp_path / "chroot"
+    chroot.mkdir(parents=True, exist_ok=True)
+
+    digest_fields = []
+    if digest.size:
+        digest_fields.append(f"size = {digest.size}")
+    if digest.fingerprint:
+        digest_fields.append(f'fingerprint = "{digest.fingerprint}"')
+    assert digest_fields, f"Expected digest to have at least one field set; given: {digest}"
+
+    lift_manifest = chroot / "lift.toml"
+    lift_manifest.write_text(
+        dedent(
+            f"""\
+            [lift]
+            name = "exe"
+            platforms = [{{ platform = "linux-x86_64", libc = "gnu" }}]
+
+            [lift.scie_jump]
+            version = "1.8.2"
+            digest = {{ {", ".join(digest_fields)} }}
+
+            [[lift.interpreters]]
+            id = "cpython"
+            provider = "PythonBuildStandalone"
+            release = "20251120"
+            version = "3.14"
+            flavor = "install_only_stripped"
+
+            [[lift.commands]]
+            exe = "#{{cpython:python}}"
+            args = ["-V"]
+            """
+        )
+    )
+
+    cache_dir = tmp_path / "cache"
+    result = subprocess.run(
+        args=[str(science_exe), "lift", "build", "--dest-dir", str(dest), lift_manifest],
+        env={**os.environ, "SCIENCE_CACHE_DIR": str(cache_dir)},
+        stderr=subprocess.PIPE,
+        text=True,
+    )
+    if digest.size == BAD_SIZE:
+        assert result.returncode != 0
+        assert (
+            "The content at "
+            "https://github.com/a-scie/jump/releases/download/v1.8.2/scie-jump-linux-x86_64 is "
+            f"expected to be {BAD_SIZE} bytes, but advertises a Content-Length of {GOOD_SIZE} "
+            "bytes."
+        ) in result.stderr
+    elif digest.fingerprint == BAD_FINGERPRINT:
+        assert result.returncode != 0
+        assert (
+            "The download from "
+            "https://github.com/a-scie/jump/releases/download/v1.8.2/scie-jump-linux-x86_64 has "
+            "unexpected contents.\n"
+            "Expected sha256 digest:\n"
+            f"  {BAD_FINGERPRINT}\n"
+            "Actual sha256 digest:\n"
+            f"  {GOOD_FINGERPRINT}"
+        ) in result.stderr
+    else:
+        assert 0 == result.returncode