Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize repo configuration in DEBUG output #2484

Merged
merged 2 commits into from
Feb 5, 2021
Merged

Sanitize repo configuration in DEBUG output #2484

merged 2 commits into from
Feb 5, 2021

Conversation

ferd
Copy link
Collaborator

@ferd ferd commented Feb 5, 2021

A few issues exist in the current code:

  1. the DEBUG information for a brand new package when no index cache is
    present outputs private hex keys
  2. recently merged branches had debug output I Felt could be cleaner (see Use rebar_packages_cdn for fetching package resource #2479)

This commits fixes both by adding helper function to the rebar_hex_repos
module whose role is to anonimize the information and also provide a
stringified version of each repo config for debugging purposes.

The new output should look something like:

===> Verifying dependencies...
...
===> Getting definition for package hex_core from repo hexpm (#{api_url => <<"https://hex.pm/api">>,name => <<"hexpm">>,
         repo_name => <<"hexpm">>,repo_organization => undefined,
         repo_url => <<"https://repo.hex.pm">>,repo_verify => true,
         repo_verify_origin => true})
===> Getting definition for package verl from repo hexpm
===> Compile (apps)
...
===> Running provider: install_deps
===> Verifying dependencies...
===> Getting definition for package bbmustache from repo hexpm
===> Getting definition for package certifi from repo hexpm
===> Getting definition for package cf from repo hexpm
...
===> Fetching relx v4.3.0
===> Making request to get package relx from repo hexpm
===> Downloaded package relx, caching at /home/ferd/.cache/rebar3/hex/hexpm/packages/relx-4.3.0.tar
===> Writing {pkg,<<"relx">>,<<"4.3.0">>,
                         <<"5BD80A4BC733DD648C68A7AC882BA3922C45EEA2E23D9D207A4BF9F416D1F301">>,
                         <<"738E0949A6FC7D0DE9E4549DC0F73D9B6E05B539E1511BB248590702B3220440">>,
                         #{api_url => <<"https://hex.pm/api">>,
                           name => <<"hexpm">>,repo_name => <<"hexpm">>,
                           repo_organization => undefined,
                           repo_url => <<"https://repo.hex.pm">>,
                           repo_verify => true,repo_verify_origin => true}} to cache at /home/ferd/.cache/rebar3/hex/hexpm/packages/relx-4.3.0.tar
===> Running provider: lock
===> Running provider: 'get-deps'

This shows the 'hexpm' config being displayed one and then cached across
providers, and the debug message for package writing being simplified to
show the origins and non-private security details

@ferd
Sanitize repo configuration in DEBUG output
2d6ab21 
A few issues exist in the current code:

1. the DEBUG information for a brand new package when no index cache is
   present outputs private hex keys
2. recently merged branches had debug output I Felt could be cleaner

This commits fixes both by adding helper function to the rebar_hex_repos
module whose role is to anonimize the information and also provide a
stringified version of each repo config for debugging purposes.

The new output should look something like:

    ===> Verifying dependencies...
    ...
    ===> Getting definition for package hex_core from repo hexpm (#{api_url => <<"https://hex.pm/api">>,name => <<"hexpm">>,
             repo_name => <<"hexpm">>,repo_organization => undefined,
             repo_url => <<"https://repo.hex.pm">>,repo_verify => true,
             repo_verify_origin => true})
    ===> Getting definition for package verl from repo hexpm
    ===> Compile (apps)
    ...
    ===> Running provider: install_deps
    ===> Verifying dependencies...
    ===> Getting definition for package bbmustache from repo hexpm
    ===> Getting definition for package certifi from repo hexpm
    ===> Getting definition for package cf from repo hexpm
    ...
    ===> Fetching relx v4.3.0
    ===> Making request to get package relx from repo hexpm
    ===> Downloaded package relx, caching at /home/ferd/.cache/rebar3/hex/hexpm/packages/relx-4.3.0.tar
    ===> Writing {pkg,<<"relx">>,<<"4.3.0">>,
                             <<"5BD80A4BC733DD648C68A7AC882BA3922C45EEA2E23D9D207A4BF9F416D1F301">>,
                             <<"738E0949A6FC7D0DE9E4549DC0F73D9B6E05B539E1511BB248590702B3220440">>,
                             #{api_url => <<"https://hex.pm/api">>,
                               name => <<"hexpm">>,repo_name => <<"hexpm">>,
                               repo_organization => undefined,
                               repo_url => <<"https://repo.hex.pm">>,
                               repo_verify => true,repo_verify_origin => true}} to cache at /home/ferd/.cache/rebar3/hex/hexpm/packages/relx-4.3.0.tar
    ===> Running provider: lock
    ===> Running provider: 'get-deps'

This shows the 'hexpm' config being displayed one and then cached across
providers, and the debug message for package writing being simplified to
show the origins and non-private security details
@ferd ferd requested a review from tsloughter February 5, 2021 01:13
@ferd ferd mentioned this pull request Feb 5, 2021
Merged
@ferd ferd merged commit f9c3784 into erlang:master Feb 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsloughter tsloughter tsloughter approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ferd @tsloughter