Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Get the checksum of the VSIX file from the API #678

Merged
merged 1 commit into from
Apr 4, 2023
Merged

[Feature] Get the checksum of the VSIX file from the API #678

merged 1 commit into from
Apr 4, 2023
+110 −9

Conversation

amvanbaren
Copy link
Contributor

@amvanbaren amvanbaren commented Feb 22, 2023
edited
Loading

Fixes #311

Testing steps

  • Open this PR in gitpod: https://gitpod.io/#https://github.com/eclipse/openvsx/pull/678
  • Wait for the workspace to initialize. Once the publisher terminal window has published all test extensions it is done.
  • Open a new browser tab and get an extension: https://8080-{GITPOD_WORKSPACE_ID}.gitpod.io/api/{NAMESPACE}/{EXTENSION}/{VERSION}. You can get namespace, extension, version info from the publisher terminal window. GITPOD_WORKSPACE_ID you can find in the browser location bar.
    gitpod-workspace-id
  • The response should contain files.sha256.
  • Open a new browser tab and get sha256 checksum directly: https://8080-{GITPOD_WORKSPACE_ID}.gitpod.io/api/{NAMESPACE}/{EXTENSION}/{VERSION}/file/sha256

@amvanbaren amvanbaren self-assigned this Feb 22, 2023
@amvanbaren
Copy link
Contributor Author

@ShamrockLee Do you need a file with just the hash or a file in the sha256sum format?

@ShamrockLee
Copy link

ShamrockLee commented Feb 23, 2023
edited
Loading

@amvanbaren The hash is all I need.

BTW, how would user get the hash when this PR gets merged?

@amvanbaren amvanbaren requested a review from filiptronicek March 2, 2023 08:40
@amvanbaren
Copy link
Contributor Author

amvanbaren commented Mar 2, 2023
edited
Loading

@amvanbaren The hash is all I need.

BTW, how would user get the hash when this PR gets merged?

The checksum file is part of the files section in an Extension JSON response. files.download is the download url. files.checksum is the checksum url.

You can also directly get the checksum file: /api/{namespace}/{extension}/{version}/{targetPlatform}/file/checksum. targetPlatform is optional. version can also be an alias like pre-release or latest.

@ShamrockLee
Copy link

Sounds great!

It would be even better to mark the hash output in a per-algorithm manner, such as files.sha256 instead of files.checksum in case an algorithm is considered vulnerable in the future.

@amvanbaren
Copy link
Contributor Author

@ShamrockLee do you have time to test this PR?

@ShamrockLee
Copy link

ShamrockLee commented Mar 9, 2023
edited
Loading

@amvanbaren How do I test this? (Sorry for being n00b.)

I'll try it this weekend.

@amvanbaren
Copy link
Contributor Author

@amvanbaren How do I test this?

I've updated the testing steps. Hope that helps.

@ShamrockLee
Copy link

Tested, and It works.

BTW, the GitPot test setup you provide seems to default to platform win32-x64 when the platform is not specified, and the universal platform, which is usually the default, is not available.

@amvanbaren
Copy link
Contributor Author

Tested, and It works.

Great! Thank you for testing.

BTW, the GitPot test setup you provide seems to default to platform win32-x64 when the platform is not specified, and the universal platform, which is usually the default, is not available.

You mean the /api/{namespace}/{extension}/{version} endpoint?

@ShamrockLee
Copy link

ShamrockLee commented Mar 13, 2023
edited
Loading

BTW, the GitPot test setup you provide seems to default to platform win32-x64 when the platform is not specified, and the universal platform, which is usually the default, is not available.

You mean the /api/{namespace}/{extension}/{version} endpoint?

Yes.

By saying "the universal is not available", I mean that /api/{namespace}/{extension}/universal/{version} is not available.

@amvanbaren
Copy link
Contributor Author

Ok, that's how the /api/{namespace}/{extension}/{version} endpoint works. It tries to get the universal version first and uses other target platforms as a fallback. The fallback target platforms are always in the same order, so you don't get win32-x64 the first time and then the next time linux-x64 for the same API call.
However, the /api/{namespace}/{extension}/{targetPlatform}/{version} endpoint returns a 404 when you try to get the universal version of the same extension.

@ShamrockLee
Copy link

ShamrockLee commented Mar 13, 2023
edited
Loading

So, IIUC, you don't have the universal packages in the test setup. Is that right? For example, package such as bbenoist.Nix are not available as they only provide the universal binary.

@amvanbaren
Copy link
Contributor Author

So, IIUC, you don't have the universal packages in the test setup. Is that right? For example, package such as bbenoist.Nix are not available as they only provide the universal binary.

The test setup only has a limited amount of packages. They can be found here: https://github.com/eclipse/openvsx/blob/master/server/test-extensions.gradle

@ShamrockLee ShamrockLee mentioned this pull request Mar 13, 2023
Open
13 tasks
@amvanbaren amvanbaren merged commit 0832082 into eclipse:master Apr 4, 2023
@amvanbaren amvanbaren mentioned this pull request Apr 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@filiptronicek filiptronicek

Assignees

@amvanbaren amvanbaren

Labels
None yet
Projects
Eclipse Open VSX
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature] Get the checksum of the VSIX file from the API
2 participants
@amvanbaren @ShamrockLee