From 55e34953a907ef9256f5811015d520214705dd7d Mon Sep 17 00:00:00 2001 From: DilumAluthge-LLM <267464666+DilumAluthge-LLM@users.noreply.github.com> Date: Tue, 7 Apr 2026 00:54:36 -0400 Subject: [PATCH 1/2] Add `git-tree-{sha1,sha256}` (but only for `.tar.gz` downloads) Co-authored-by: OpenAI Codex GPT-5 --- Manifest.toml | 2 +- Project.toml | 1 + schema.json | 6 ++++ src/VersionsJSONUtil.jl | 63 +++++++++++++++++++++++++++++++---------- 4 files changed, 56 insertions(+), 16 deletions(-) diff --git a/Manifest.toml b/Manifest.toml index e2d74f2..1830bc9 100644 --- a/Manifest.toml +++ b/Manifest.toml @@ -2,7 +2,7 @@ julia_version = "1.10.11" manifest_format = "2.0" -project_hash = "55efac5eb5e37942e9cd8fef54ac706b62080e7c" +project_hash = "297ab27881cec0a85c719648b28381580e85162c" [[deps.AbstractFFTs]] deps = ["LinearAlgebra"] diff --git a/Project.toml b/Project.toml index 46b898b..2776991 100644 --- a/Project.toml +++ b/Project.toml @@ -10,6 +10,7 @@ JSON = "682c06a0-de6a-54ab-a142-c8b1cf79cde6" Lazy = "50d2b5c4-7a5e-59d5-8109-a42b560f39c0" Pkg = "44cfe95a-1eb2-52ea-b672-e2afdf69b78f" SHA = "ea8e919c-243c-51af-8825-aaa63cd721ce" +Tar = "a4e569a6-e804-4fa4-b0f3-eef7a1d5b13e" TimeZones = "f269a46b-ccf7-5d73-abea-4c690281aa53" WebCacheUtilities = "0c1c26de-fc5f-47ff-87a8-a157289a9bac" diff --git a/schema.json b/schema.json index ffb1ad0..c79c1c6 100644 --- a/schema.json +++ b/schema.json @@ -41,6 +41,12 @@ "sha256": { "type": "string" }, + "git-tree-sha1": { + "type": "string" + }, + "git-tree-sha256": { + "type": "string" + }, "size": { "type": "integer" }, diff --git a/src/VersionsJSONUtil.jl b/src/VersionsJSONUtil.jl index 837d348..1df4431 100644 --- a/src/VersionsJSONUtil.jl +++ b/src/VersionsJSONUtil.jl @@ -1,7 +1,9 @@ module VersionsJSONUtil using HTTP, JSON, Pkg.BinaryPlatforms, WebCacheUtilities, SHA, Lazy +using Tar: Tar import Pkg.BinaryPlatforms: triplet, arch +import Pkg.PlatformEngines: exe7z "Wrapper types to define three jlext methods for portable, tarball and installer Windows" struct WindowsPortable @@ -109,6 +111,11 @@ julia_platforms = [ FreeBSD(:x86_64), ] +const tarball_git_tree_hash_skiplist = [ + # Corrupt gzip stream: `7z` reports a CRC failure for the embedded tarball. + "https://julialang-s3.julialang.org/bin/linux/x86/0.7/julia-0.7.0-alpha-linux-i686.tar.gz", +] + function vnum_maybe(x::AbstractString) try return VersionNumber(x) @@ -122,6 +129,10 @@ function is_stable(v::VersionNumber) return v.prerelease == () && v.build == () end +function tarball_git_tree_hash(; tarball_path::AbstractString, algorithm::AbstractString) + return open(io -> Tar.tree_hash(io; algorithm), `$(exe7z()) x $tarball_path -so`) +end + # Get list of tags from the Julia repo function get_tags() @info("Probing for tag list...") @@ -160,6 +171,22 @@ function main(out_path) number_urls_success += 1 println(stdout, " ✓") + if endswith(filename, ".dmg") + kind = "archive" + extension = "dmg" + elseif endswith(filename, ".exe") + kind = "installer" + extension = "exe" + elseif endswith(filename, ".tar.gz") + kind = "archive" + extension = "tar.gz" + elseif endswith(filename, ".zip") + kind = "archive" + extension = "zip" + else + error("Unsupported file extension in filename: $(filename)") + end + tarball_hash_path = hit_file_cache("$(filename).sha256") do tarball_hash_path open(filepath, "r") do io open(tarball_hash_path, "w") do hash_io @@ -169,6 +196,24 @@ function main(out_path) end tarball_hash = String(read(tarball_hash_path)) + if extension == "tar.gz" && !(url in tarball_git_tree_hash_skiplist) + tarball_git_tree_hashes = Dict{String, String}() + tree_hash_path_sha1 = hit_file_cache("$(filename).git-tree-sha1") do tree_hash_path + open(tree_hash_path, "w") do hash_io + write(hash_io, tarball_git_tree_hash(; tarball_path=filepath, algorithm="git-sha1")) + end + end + tree_hash_path_sha256 = hit_file_cache("$(filename).git-tree-sha256") do tree_hash_path + open(tree_hash_path, "w") do hash_io + write(hash_io, tarball_git_tree_hash(; tarball_path=filepath, algorithm="git-sha256")) + end + end + tarball_git_tree_hashes["git-tree-sha1"] = String(read(tree_hash_path_sha1)) + tarball_git_tree_hashes["git-tree-sha256"] = String(read(tree_hash_path_sha256)) + else + tarball_git_tree_hashes = nothing + end + # Initialize overall version key, if needed if !haskey(meta, version) meta[version] = Dict( @@ -196,21 +241,6 @@ function main(out_path) end # Build up metadata about this file - if endswith(filename, ".dmg") - kind = "archive" - extension = "dmg" - elseif endswith(filename, ".exe") - kind = "installer" - extension = "exe" - elseif endswith(filename, ".tar.gz") - kind = "archive" - extension = "tar.gz" - elseif endswith(filename, ".zip") - kind = "archive" - extension = "zip" - else - error("Unsupported file extension in filename: $(filename)") - end file_dict = Dict( "triplet" => triplet(platform), "os" => meta_os(platform), @@ -222,6 +252,9 @@ function main(out_path) "extension" => extension, "url" => url, ) + if tarball_git_tree_hashes !== nothing + merge!(file_dict, tarball_git_tree_hashes) + end # Add in `.asc` signature content, if applicable if asc_signature !== nothing file_dict["asc"] = asc_signature From fec50816bfec5262e93b675003c5961c043ceb94 Mon Sep 17 00:00:00 2001 From: Dilum Aluthge <5619885+DilumAluthge@users.noreply.github.com> Date: Sun, 19 Apr 2026 01:03:03 -0400 Subject: [PATCH 2/2] Tests: Add `git-tree-sha1` and `git-tree-sha256` as allowed keys --- test/more_tests.jl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/more_tests.jl b/test/more_tests.jl index 587196a..82d4ff4 100644 --- a/test/more_tests.jl +++ b/test/more_tests.jl @@ -67,6 +67,8 @@ end ] optional_keys = [ "asc", + "git-tree-sha1", + "git-tree-sha256", ] allowed_keys = union(required_keys, optional_keys) @test required_keys ⊆ collect(keys(filedict))