File tree 4 files changed +23
-14
lines changed
4 files changed +23
-14
lines changed Original file line number Diff line number Diff line change @@ -16,6 +16,7 @@ Versioning].
1616
1717- Correct typo in the ` ghasum help verify ` output.
1818- Enable cache eviction on ` ghasum init ` .
19+ - Ensure ` ghasum verify ` outcome is linked to ` gha.sum ` content.
1920
2021## [ v0.4.0] - 2025-04-27
2122
Original file line number Diff line number Diff line change @@ -33,8 +33,8 @@ If the checksum file does not exist the process shall exit immediately with an
3333error.
3434
3535If the checksum file exists the process shall obtain a lock on it, if this is
36- not possible to process shall exit immediately (it means the file may be edited
37- by another process leading to an inconsistent state) .
36+ not possible the process shall exit immediately. Otherwise the file could be
37+ changed by another process potentially leading to an inconsistent sumfile .
3838
3939If the file lock is obtained, the process shall first read it and parse it
4040completely to extract the sumfile version. If this fails the process shall exit
@@ -62,6 +62,11 @@ This process does not verify any of the checksums currently in the sumfile.
6262If the checksum file does not exist the process shall exit immediately with an
6363error.
6464
65+ If the checksum file exists the process shall obtain a lock on it, if this is
66+ not possible the process shall exit immediately. Otherwise the file could be
67+ changed during the verification process resulting in a potential mismatch
68+ between verification outcome and sumfile content.
69+
6570If the checksum file exists the process shall read and parse it fully. If this
6671fails the process shall exit immediately. Else it shall recompute the checksums
6772(see [ Computing Checksums] ) for all actions in the target (see [ Collecting
Original file line number Diff line number Diff line change @@ -203,17 +203,6 @@ func open(base string) (*os.File, error) {
203203 return file , nil
204204}
205205
206- func read (repo fs.FS ) ([]byte , error ) {
207- raw , err := fs .ReadFile (repo , ghasumPath )
208- if errors .Is (err , fs .ErrNotExist ) {
209- return nil , ErrNotInitialized
210- } else if err != nil {
211- return nil , errors .Join (ErrSumfileRead , err )
212- }
213-
214- return raw , nil
215- }
216-
217206func remove (base string ) error {
218207 fullGhasumPath := path .Join (base , ghasumPath )
219208 if err := os .Remove (fullGhasumPath ); err != nil {
Original file line number Diff line number Diff line change @@ -187,11 +187,21 @@ func Update(cfg *Config, force bool) error {
187187// Verification report checksums that do not match and checksums that are
188188// missing. It does not report checksums that are not used.
189189func Verify (cfg * Config ) ([]Problem , error ) {
190- raw , err := read (cfg .Repo )
190+ file , err := open (cfg .Path )
191191 if err != nil {
192192 return nil , err
193193 }
194194
195+ defer func () {
196+ _ = unlock (cfg .Path )
197+ _ = file .Close ()
198+ }()
199+
200+ raw , err := io .ReadAll (file )
201+ if err != nil {
202+ return nil , errors .Join (ErrSumfileRead , err )
203+ }
204+
195205 stored , err := decode (raw )
196206 if err != nil {
197207 return nil , err
@@ -208,5 +218,9 @@ func Verify(cfg *Config) ([]Problem, error) {
208218 }
209219
210220 result := compare (fresh , stored )
221+ if err := unlock (cfg .Path ); err != nil {
222+ return nil , err
223+ }
224+
211225 return result , nil
212226}
You can’t perform that action at this time.
0 commit comments