Sanitize repo configuration in DEBUG output#2484
Merged
Merged
Conversation
A few issues exist in the current code:
1. the DEBUG information for a brand new package when no index cache is
present outputs private hex keys
2. recently merged branches had debug output I Felt could be cleaner
This commits fixes both by adding helper function to the rebar_hex_repos
module whose role is to anonimize the information and also provide a
stringified version of each repo config for debugging purposes.
The new output should look something like:
===> Verifying dependencies...
...
===> Getting definition for package hex_core from repo hexpm (#{api_url => <<"https://hex.pm/api">>,name => <<"hexpm">>,
repo_name => <<"hexpm">>,repo_organization => undefined,
repo_url => <<"https://repo.hex.pm">>,repo_verify => true,
repo_verify_origin => true})
===> Getting definition for package verl from repo hexpm
===> Compile (apps)
...
===> Running provider: install_deps
===> Verifying dependencies...
===> Getting definition for package bbmustache from repo hexpm
===> Getting definition for package certifi from repo hexpm
===> Getting definition for package cf from repo hexpm
...
===> Fetching relx v4.3.0
===> Making request to get package relx from repo hexpm
===> Downloaded package relx, caching at /home/ferd/.cache/rebar3/hex/hexpm/packages/relx-4.3.0.tar
===> Writing {pkg,<<"relx">>,<<"4.3.0">>,
<<"5BD80A4BC733DD648C68A7AC882BA3922C45EEA2E23D9D207A4BF9F416D1F301">>,
<<"738E0949A6FC7D0DE9E4549DC0F73D9B6E05B539E1511BB248590702B3220440">>,
#{api_url => <<"https://hex.pm/api">>,
name => <<"hexpm">>,repo_name => <<"hexpm">>,
repo_organization => undefined,
repo_url => <<"https://repo.hex.pm">>,
repo_verify => true,repo_verify_origin => true}} to cache at /home/ferd/.cache/rebar3/hex/hexpm/packages/relx-4.3.0.tar
===> Running provider: lock
===> Running provider: 'get-deps'
This shows the 'hexpm' config being displayed one and then cached across
providers, and the debug message for package writing being simplified to
show the origins and non-private security details
tsloughter
approved these changes
Feb 5, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
A few issues exist in the current code:
present outputs private hex keys
This commits fixes both by adding helper function to the rebar_hex_repos
module whose role is to anonimize the information and also provide a
stringified version of each repo config for debugging purposes.
The new output should look something like:
This shows the 'hexpm' config being displayed one and then cached across
providers, and the debug message for package writing being simplified to
show the origins and non-private security details