Skip to content

Offline package resolution #4963

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Offline package resolution #4963

wants to merge 7 commits into from

Conversation

benev0
Copy link
Contributor

@benev0 benev0 commented Sep 12, 2025
edited
Loading

requires gleam-lang/hexpm-rust#48
resolves #2162

Caches /packages/{name} protobuf as a gz and /packages/{name}/releases/{version} as json for use in offline package resolution. Requests fail-over to use local caches.

TODO:

  • notify when cache is used
  • prune dependency resolver to only allow locally available dependency solutions
  • harden or remove json cache

@benev0
Copy link
Contributor Author

benev0 commented Sep 22, 2025

I have opened this because I am ready for feedback on anything/everything.

Before this is merged: JSON caching is an area of major concern as it is unsigned and unverifiable. I am currently looking into ways to either cache it safely, use another safe source, or validate with another safe source (match checksum from protobuf content).

@benev0 benev0 marked this pull request as ready for review September 22, 2025 23:25
benev0
benev0 commented Sep 22, 2025
View reviewed changes
compiler-cli/src/dependencies.rs Outdated
Comment on lines 1120 to 1133
let cached_result =
fs.read_bytes(&cache_path).map_err(|err| Error::FileIo {
action: FileIoAction::Read,
kind: FileKind::File,
path: cache_path.clone(),
err: Some(err.to_string()),
})?;

serde_json::from_slice(&cached_result).map_err(|err| Error::FileIo {
action: FileIoAction::Read,
kind: FileKind::File,
path: cache_path,
err: Some(err.to_string()),
})?
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cache reading concerns here as json source is unverifiable in current state

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use cached deps version information when network connection is not available
1 participant
@benev0