[
https://issues.apache.org/jira/browse/MRESOLVER-269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17611177#comment-17611177
]
ASF GitHub Bot commented on MRESOLVER-269:
------------------------------------------
michael-o commented on code in PR #199:
URL: https://github.com/apache/maven-resolver/pull/199#discussion_r983853854
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,172 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects a "summary" file named as
"checksums.${checksumExt}" for each checksum algorithm, and
+ * file format is artifact ID and checksum separated by space per line. The
format supports comments "#" (hash) and
+ * empty lines (both are ignored).
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * file name (for example "central-checksums.sha1").
+ * <p>
+ * The checksums file once loaded are cached in session, so in-flight file
changes during lifecycle of session are NOT
+ * noticed.
+ * <p>
+ * The name of this implementation is "file-compact".
+ *
+ * @see ArtifactIdUtils#toId(Artifact)
+ * @since TBD
+ */
+@Singleton
+@Named( CompactFileTrustedChecksumsSource.NAME )
+public final class CompactFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
+ public static final String NAME = "file-compact";
+
+ private static final String CHECKSUM_FILE_PREFIX = "checksums.";
+
+ private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums";
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(
CompactFileTrustedChecksumsSource.class );
+
+ @Inject
+ public CompactFileTrustedChecksumsSource()
+ {
+ super( NAME );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ @Override
+ protected Map<String, String> performLookup( RepositorySystemSession
session,
+ Path basedir,
+ Artifact artifact,
+ ArtifactRepository
artifactRepository,
+
List<ChecksumAlgorithmFactory> checksumAlgorithmFactories )
+ {
+ final String prefix;
+ if ( isOriginAware( session ) )
+ {
+ if ( artifactRepository != null )
+ {
+ prefix = artifactRepository.getId() + "-" +
CHECKSUM_FILE_PREFIX;
+ }
+ else
+ {
+ prefix = session.getLocalRepository().getId() + "-" +
CHECKSUM_FILE_PREFIX;
Review Comment:
Do we compare checksums for local files?
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,172 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects a "summary" file named as
"checksums.${checksumExt}" for each checksum algorithm, and
+ * file format is artifact ID and checksum separated by space per line. The
format supports comments "#" (hash) and
+ * empty lines (both are ignored).
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * file name (for example "central-checksums.sha1").
+ * <p>
+ * The checksums file once loaded are cached in session, so in-flight file
changes during lifecycle of session are NOT
+ * noticed.
+ * <p>
+ * The name of this implementation is "file-compact".
+ *
+ * @see ArtifactIdUtils#toId(Artifact)
+ * @since TBD
+ */
+@Singleton
+@Named( CompactFileTrustedChecksumsSource.NAME )
+public final class CompactFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
+ public static final String NAME = "file-compact";
+
+ private static final String CHECKSUM_FILE_PREFIX = "checksums.";
+
+ private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums";
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(
CompactFileTrustedChecksumsSource.class );
+
+ @Inject
Review Comment:
Isn't that noop?
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,172 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects a "summary" file named as
"checksums.${checksumExt}" for each checksum algorithm, and
+ * file format is artifact ID and checksum separated by space per line. The
format supports comments "#" (hash) and
+ * empty lines (both are ignored).
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * file name (for example "central-checksums.sha1").
+ * <p>
+ * The checksums file once loaded are cached in session, so in-flight file
changes during lifecycle of session are NOT
+ * noticed.
+ * <p>
+ * The name of this implementation is "file-compact".
+ *
+ * @see ArtifactIdUtils#toId(Artifact)
+ * @since TBD
+ */
+@Singleton
+@Named( CompactFileTrustedChecksumsSource.NAME )
+public final class CompactFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
+ public static final String NAME = "file-compact";
+
+ private static final String CHECKSUM_FILE_PREFIX = "checksums.";
+
+ private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums";
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(
CompactFileTrustedChecksumsSource.class );
+
+ @Inject
+ public CompactFileTrustedChecksumsSource()
+ {
+ super( NAME );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ @Override
+ protected Map<String, String> performLookup( RepositorySystemSession
session,
+ Path basedir,
+ Artifact artifact,
+ ArtifactRepository
artifactRepository,
+
List<ChecksumAlgorithmFactory> checksumAlgorithmFactories )
+ {
+ final String prefix;
+ if ( isOriginAware( session ) )
+ {
+ if ( artifactRepository != null )
Review Comment:
How can this be `null`?
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/SparseFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,130 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.internal.impl.LocalPathComposer;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.spi.io.FileProcessor;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static java.util.Objects.requireNonNull;
+
+/**
+ * Sparse file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects artifacts checksums on standard Maven2 "local"
layout. This implementation uses Artifact
+ * coordinates solely to form path from basedir, pretty much as Maven local
repository does.
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * base directory name (for example ".checksums/central/...").
+ * <p>
+ * The name of this implementation is "file-sparse".
+ *
+ * @see LocalPathComposer
+ * @since TBD
+ */
+@Singleton
+@Named( SparseFileTrustedChecksumsSource.NAME )
+public final class SparseFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
+ public static final String NAME = "file-sparse";
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(
SparseFileTrustedChecksumsSource.class );
+
+ private final FileProcessor fileProcessor;
+
+ private final LocalPathComposer localPathComposer;
+
+ @Inject
+ public SparseFileTrustedChecksumsSource( FileProcessor fileProcessor,
LocalPathComposer localPathComposer )
+ {
+ super( NAME );
+ this.fileProcessor = requireNonNull( fileProcessor );
+ this.localPathComposer = requireNonNull( localPathComposer );
+ }
+
+ @Override
+ protected Map<String, String> performLookup( RepositorySystemSession
session,
+ Path basedir,
+ Artifact artifact,
+ ArtifactRepository
artifactRepository,
+
List<ChecksumAlgorithmFactory> checksumAlgorithmFactories )
+ {
+ final String prefix;
+ if ( isOriginAware( session ) )
+ {
+ if ( artifactRepository != null )
+ {
+ prefix = artifactRepository.getId() + "/";
+ }
+ else
+ {
+ prefix = session.getLocalRepository().getId() + "/";
+ }
+ }
+ else
+ {
+ prefix = "";
+ }
+
+ final HashMap<String, String> checksums = new HashMap<>();
+ final String artifactPath = localPathComposer.getPathForArtifact(
artifact, false );
+ for ( ChecksumAlgorithmFactory checksumAlgorithmFactory :
checksumAlgorithmFactories )
+ {
+ Path checksumPath = basedir.resolve(
+ prefix + artifactPath + "." +
checksumAlgorithmFactory.getFileExtension() );
+
+ if ( !Files.isRegularFile( checksumPath ) )
+ {
+ continue;
+ }
Review Comment:
I think this deserves a log message. I guess developer provided us nonsense.
##########
maven-resolver-impl/src/test/java/org/eclipse/aether/internal/impl/checksum/FileTrustedChecksumsSourceTestSupport.java:
##########
@@ -0,0 +1,90 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.IOException;
+import java.nio.file.Path;
+import java.util.Collections;
+import java.util.Map;
+
+import org.eclipse.aether.DefaultRepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.artifact.DefaultArtifact;
+import org.eclipse.aether.internal.test.util.TestUtils;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+public abstract class FileTrustedChecksumsSourceTestSupport
+{
+ protected static final Artifact ARTIFACT_WITHOUT_CHECKSUM = new
DefaultArtifact( "test:test:1.0" );
+
+ protected static final Artifact ARTIFACT_WITH_CHECKSUM = new
DefaultArtifact( "test:test:2.0" );
+
+ protected static final String ARTIFACT_TRUSTED_CHECKSUM =
"trustedChecksum";
+
+ protected DefaultRepositorySystemSession session;
+
+ protected ChecksumAlgorithmFactory checksumAlgorithmFactory;
+
+ private FileTrustedChecksumsSourceSupport subject;
+
+ @Before
+ public void before() throws Exception
+ {
+ session = TestUtils.newSession();
+ // populate local repository
+ Path baseDir = session.getLocalRepository().getBasedir().toPath()
Review Comment:
basedir
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,172 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects a "summary" file named as
"checksums.${checksumExt}" for each checksum algorithm, and
+ * file format is artifact ID and checksum separated by space per line. The
format supports comments "#" (hash) and
+ * empty lines (both are ignored).
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * file name (for example "central-checksums.sha1").
+ * <p>
+ * The checksums file once loaded are cached in session, so in-flight file
changes during lifecycle of session are NOT
+ * noticed.
+ * <p>
+ * The name of this implementation is "file-compact".
+ *
+ * @see ArtifactIdUtils#toId(Artifact)
+ * @since TBD
+ */
+@Singleton
+@Named( CompactFileTrustedChecksumsSource.NAME )
+public final class CompactFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
+ public static final String NAME = "file-compact";
+
+ private static final String CHECKSUM_FILE_PREFIX = "checksums.";
+
+ private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums";
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(
CompactFileTrustedChecksumsSource.class );
+
+ @Inject
+ public CompactFileTrustedChecksumsSource()
+ {
+ super( NAME );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ @Override
+ protected Map<String, String> performLookup( RepositorySystemSession
session,
+ Path basedir,
+ Artifact artifact,
+ ArtifactRepository
artifactRepository,
+
List<ChecksumAlgorithmFactory> checksumAlgorithmFactories )
+ {
+ final String prefix;
+ if ( isOriginAware( session ) )
+ {
+ if ( artifactRepository != null )
+ {
+ prefix = artifactRepository.getId() + "-" +
CHECKSUM_FILE_PREFIX;
+ }
+ else
+ {
+ prefix = session.getLocalRepository().getId() + "-" +
CHECKSUM_FILE_PREFIX;
+ }
+ }
+ else
+ {
+ prefix = CHECKSUM_FILE_PREFIX;
+ }
+
+ final ConcurrentHashMap<String, ConcurrentHashMap<String, String>>
basedirProvidedChecksums =
+ (ConcurrentHashMap<String, ConcurrentHashMap<String, String>>)
session.getData()
+ .computeIfAbsent( CHECKSUMS_CACHE_KEY,
ConcurrentHashMap::new );
+
+ final HashMap<String, String> checksums = new HashMap<>();
+ for ( ChecksumAlgorithmFactory checksumAlgorithmFactory :
checksumAlgorithmFactories )
+ {
+ ConcurrentHashMap<String, String> algorithmChecksums =
basedirProvidedChecksums.computeIfAbsent(
+ checksumAlgorithmFactory.getName(),
+ algName -> loadProvidedChecksums(
+ basedir.resolve( prefix +
checksumAlgorithmFactory.getFileExtension() )
+ )
+ );
+ String checksum = algorithmChecksums.get( ArtifactIdUtils.toId(
artifact ) );
+ if ( checksum != null )
+ {
+ checksums.put( checksumAlgorithmFactory.getName(), checksum );
+ }
+ }
+ return checksums;
+ }
+
+ private ConcurrentHashMap<String, String> loadProvidedChecksums( Path
checksumFile )
+ {
+ ConcurrentHashMap<String, String> result = new ConcurrentHashMap<>();
+ try
+ {
+ try ( BufferedReader reader = Files.newBufferedReader(
checksumFile, StandardCharsets.UTF_8 ) )
+ {
+ LOGGER.debug( "Loading provided checksums file '{}'",
checksumFile );
+ String line = reader.readLine();
+ while ( line != null )
+ {
+ if ( !line.startsWith( "#" ) && !line.isEmpty() )
+ {
+ String[] parts = line.split( " ", 2 );
+ if ( parts.length == 2 )
+ {
+ String old = result.put( parts[0], parts[1] );
+ if ( old != null )
+ {
+ LOGGER.warn( "Checksums file '{}' contains
duplicate checksums for artifact {}: "
+ + "old '{}' replaced by new '{}'",
checksumFile, parts[0], old, parts[1] );
+ }
+ }
+ else
+ {
+ LOGGER.warn( "Checksums file '{}' ignored
malformed line '{}'", checksumFile, line );
+ }
+ }
+ line = reader.readLine();
Review Comment:
Why not put `reader.readLine()` in the while condition?
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,172 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects a "summary" file named as
"checksums.${checksumExt}" for each checksum algorithm, and
+ * file format is artifact ID and checksum separated by space per line. The
format supports comments "#" (hash) and
+ * empty lines (both are ignored).
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * file name (for example "central-checksums.sha1").
+ * <p>
+ * The checksums file once loaded are cached in session, so in-flight file
changes during lifecycle of session are NOT
+ * noticed.
+ * <p>
+ * The name of this implementation is "file-compact".
+ *
+ * @see ArtifactIdUtils#toId(Artifact)
+ * @since TBD
+ */
+@Singleton
+@Named( CompactFileTrustedChecksumsSource.NAME )
+public final class CompactFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
+ public static final String NAME = "file-compact";
+
+ private static final String CHECKSUM_FILE_PREFIX = "checksums.";
+
+ private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums";
Review Comment:
This might be nitpicking, but of this cache is an impl detail I think that
the key should be prefixed with the class name.
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java:
##########
@@ -0,0 +1,172 @@
+package org.eclipse.aether.internal.impl.checksum;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that
use specified directory as base
+ * directory, where it expects a "summary" file named as
"checksums.${checksumExt}" for each checksum algorithm, and
+ * file format is artifact ID and checksum separated by space per line. The
format supports comments "#" (hash) and
+ * empty lines (both are ignored).
+ * <p>
+ * The source may be configured to be "origin aware", in that case it will
factor in origin repository ID as well into
+ * file name (for example "central-checksums.sha1").
+ * <p>
+ * The checksums file once loaded are cached in session, so in-flight file
changes during lifecycle of session are NOT
+ * noticed.
+ * <p>
+ * The name of this implementation is "file-compact".
+ *
+ * @see ArtifactIdUtils#toId(Artifact)
+ * @since TBD
+ */
+@Singleton
+@Named( CompactFileTrustedChecksumsSource.NAME )
+public final class CompactFileTrustedChecksumsSource
+ extends FileTrustedChecksumsSourceSupport
+{
Review Comment:
This class has one inconsistency: All our meta files have the form:
`{metafile}.{ext}` or `{metafile}-{repoId}.{ext}`. This should apply here as
well. E.g., `./org/apache/maven/resolver/maven-metadata-local.xml`
> Allow more compact storage of provided checksums
> ------------------------------------------------
>
> Key: MRESOLVER-269
> URL: https://issues.apache.org/jira/browse/MRESOLVER-269
> Project: Maven Resolver
> Issue Type: Improvement
> Components: Resolver
> Reporter: Rafael Winterhalter
> Assignee: Tamás Cservenák
> Priority: Major
> Fix For: resolver-next
>
>
> While the repository layout makes sense for storage outside of a project, it
> would be more convenient to store checksums in a single file (per algorithm)
> when keeping checksums along when storing these checksums within a project.
> This makes the storage easier to version control and avoids the overhead of
> storing a lot of files in version control what often creates some overhead.
> Ideally, Maven could support such files out of the box by shipping a provider
> for such files.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
