Source file src/pkg/cmd/go/internal/modcmd/verify.go

     1	// Copyright 2018 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	package modcmd
     6	
     7	import (
     8		"bytes"
     9		"cmd/go/internal/cfg"
    10		"fmt"
    11		"io/ioutil"
    12		"os"
    13	
    14		"cmd/go/internal/base"
    15		"cmd/go/internal/dirhash"
    16		"cmd/go/internal/modfetch"
    17		"cmd/go/internal/modload"
    18		"cmd/go/internal/module"
    19	)
    20	
    21	var cmdVerify = &base.Command{
    22		UsageLine: "go mod verify",
    23		Short:     "verify dependencies have expected content",
    24		Long: `
    25	Verify checks that the dependencies of the current module,
    26	which are stored in a local downloaded source cache, have not been
    27	modified since being downloaded. If all the modules are unmodified,
    28	verify prints "all modules verified." Otherwise it reports which
    29	modules have been changed and causes 'go mod' to exit with a
    30	non-zero status.
    31		`,
    32		Run: runVerify,
    33	}
    34	
    35	func runVerify(cmd *base.Command, args []string) {
    36		if len(args) != 0 {
    37			// NOTE(rsc): Could take a module pattern.
    38			base.Fatalf("go mod verify: verify takes no arguments")
    39		}
    40		// Checks go mod expected behavior
    41		if !modload.Enabled() {
    42			if cfg.Getenv("GO111MODULE") == "off" {
    43				base.Fatalf("go: modules disabled by GO111MODULE=off; see 'go help modules'")
    44			} else {
    45				base.Fatalf("go: cannot find main module; see 'go help modules'")
    46			}
    47		}
    48		ok := true
    49		for _, mod := range modload.LoadBuildList()[1:] {
    50			ok = verifyMod(mod) && ok
    51		}
    52		if ok {
    53			fmt.Printf("all modules verified\n")
    54		}
    55	}
    56	
    57	func verifyMod(mod module.Version) bool {
    58		ok := true
    59		zip, zipErr := modfetch.CachePath(mod, "zip")
    60		if zipErr == nil {
    61			_, zipErr = os.Stat(zip)
    62		}
    63		dir, dirErr := modfetch.DownloadDir(mod)
    64		if dirErr == nil {
    65			_, dirErr = os.Stat(dir)
    66		}
    67		data, err := ioutil.ReadFile(zip + "hash")
    68		if err != nil {
    69			if zipErr != nil && os.IsNotExist(zipErr) && dirErr != nil && os.IsNotExist(dirErr) {
    70				// Nothing downloaded yet. Nothing to verify.
    71				return true
    72			}
    73			base.Errorf("%s %s: missing ziphash: %v", mod.Path, mod.Version, err)
    74			return false
    75		}
    76		h := string(bytes.TrimSpace(data))
    77	
    78		if zipErr != nil && os.IsNotExist(zipErr) {
    79			// ok
    80		} else {
    81			hZ, err := dirhash.HashZip(zip, dirhash.DefaultHash)
    82			if err != nil {
    83				base.Errorf("%s %s: %v", mod.Path, mod.Version, err)
    84				return false
    85			} else if hZ != h {
    86				base.Errorf("%s %s: zip has been modified (%v)", mod.Path, mod.Version, zip)
    87				ok = false
    88			}
    89		}
    90		if dirErr != nil && os.IsNotExist(dirErr) {
    91			// ok
    92		} else {
    93			hD, err := dirhash.HashDir(dir, mod.Path+"@"+mod.Version, dirhash.DefaultHash)
    94			if err != nil {
    95	
    96				base.Errorf("%s %s: %v", mod.Path, mod.Version, err)
    97				return false
    98			}
    99			if hD != h {
   100				base.Errorf("%s %s: dir has been modified (%v)", mod.Path, mod.Version, dir)
   101				ok = false
   102			}
   103		}
   104		return ok
   105	}
   106	

View as plain text