Module: Gem::Guardian::ChecksumProvider

Defined in:

lib/gem/guardian/checksum_provider.rb

Overview

Pluggable checksum providers for registry or publisher supplied SHA256 data.

A provider answers one question:

"Is there an independent SHA256 for this dependency, and where did it come from?"

Providers are intentionally separate from artifact hashing. The downloaded .gem file is always hashed locally by Verifier; provider results are independent trust anchors that can be compared with that artifact digest.

Defined Under Namespace

Classes: CompactIndex, Result, RubyGemsApi, SourceScoped, Url

Instance Attribute Summary

• #provider ⇒ String readonly

  Provider implementation name.

• #sha256 ⇒ String readonly

  Lowercase SHA256 hex digest.

• #source ⇒ Symbol readonly

  Provider source category, such as +:registry+ or +:publisher+.

• #verification_uri ⇒ String^? readonly

  URI a user or tool can inspect to verify the checksum source.

Instance Attribute Details

#provider ⇒ String (readonly)

Returns provider implementation name.

Returns:

• (String) —

  provider implementation name

# File 'lib/gem/guardian/checksum_provider.rb', line 28

Result = Data.define(:sha256, :source, :provider, :verification_uri) do
  # @return [Hash{Symbol => Object}] JSON-friendly representation of the provider result,
  #   including the checksum, provider name, source category, and verification URI
  def to_h
    {
      sha256: sha256,
      source: source,
      provider: provider,
      verification_uri: verification_uri
    }
  end
end

#sha256 ⇒ String (readonly)

Returns lowercase SHA256 hex digest.

Returns:

• (String) —

  lowercase SHA256 hex digest

# File 'lib/gem/guardian/checksum_provider.rb', line 28

Result = Data.define(:sha256, :source, :provider, :verification_uri) do
  # @return [Hash{Symbol => Object}] JSON-friendly representation of the provider result,
  #   including the checksum, provider name, source category, and verification URI
  def to_h
    {
      sha256: sha256,
      source: source,
      provider: provider,
      verification_uri: verification_uri
    }
  end
end

#source ⇒ Symbol (readonly)

Returns provider source category, such as +:registry+ or +:publisher+.

Returns:

• (Symbol) —

  provider source category, such as +:registry+ or +:publisher+

# File 'lib/gem/guardian/checksum_provider.rb', line 28

Result = Data.define(:sha256, :source, :provider, :verification_uri) do
  # @return [Hash{Symbol => Object}] JSON-friendly representation of the provider result,
  #   including the checksum, provider name, source category, and verification URI
  def to_h
    {
      sha256: sha256,
      source: source,
      provider: provider,
      verification_uri: verification_uri
    }
  end
end

#verification_uri ⇒ String^? (readonly)

Returns URI a user or tool can inspect to verify the checksum source.

Returns:

• (String, nil) —

  URI a user or tool can inspect to verify the checksum source

# File 'lib/gem/guardian/checksum_provider.rb', line 28

Result = Data.define(:sha256, :source, :provider, :verification_uri) do
  # @return [Hash{Symbol => Object}] JSON-friendly representation of the provider result,
  #   including the checksum, provider name, source category, and verification URI
  def to_h
    {
      sha256: sha256,
      source: source,
      provider: provider,
      verification_uri: verification_uri
    }
  end
end