diff --git a/pkg/cli/runner.go b/pkg/cli/runner.go index 7aedb801b..f0d22c525 100644 --- a/pkg/cli/runner.go +++ b/pkg/cli/runner.go @@ -110,6 +110,13 @@ func (r *Runner) setParam(c *cli.Context, commandName string, param *config.Para } } } + if a := os.Getenv("AQUA_CHECKSUM"); a != "" { + chksm, err := strconv.ParseBool(a) + if err != nil { + return fmt.Errorf("parse the environment variable AQUA_CHECKSUM as bool: %w", err) + } + param.Checksum = chksm + } if a := os.Getenv("AQUA_REQUIRE_CHECKSUM"); a != "" { requireChecksum, err := strconv.ParseBool(a) if err != nil { @@ -117,6 +124,20 @@ func (r *Runner) setParam(c *cli.Context, commandName string, param *config.Para } param.RequireChecksum = requireChecksum } + if a := os.Getenv("AQUA_ENFORCE_CHECKSUM"); a != "" { + chksm, err := strconv.ParseBool(a) + if err != nil { + return fmt.Errorf("parse the environment variable AQUA_ENFORCE_CHECKSUM as bool: %w", err) + } + param.EnforceChecksum = chksm + } + if a := os.Getenv("AQUA_ENFORCE_REQUIRE_CHECKSUM"); a != "" { + requireChecksum, err := strconv.ParseBool(a) + if err != nil { + return fmt.Errorf("parse the environment variable AQUA_ENFORCE_REQUIRE_CHECKSUM as bool: %w", err) + } + param.EnforceRequireChecksum = requireChecksum + } return nil } diff --git a/pkg/config/aqua/checksum.go b/pkg/config/aqua/checksum.go index 6eec1cd65..382d6cd79 100644 --- a/pkg/config/aqua/checksum.go +++ b/pkg/config/aqua/checksum.go @@ -2,14 +2,20 @@ package aqua import "github.com/aquaproj/aqua/v2/pkg/config/registry" -func (c *Config) ChecksumEnabled() bool { - if c == nil { - return false +func (c *Config) ChecksumEnabled(enforceValue, defValue bool) bool { + if enforceValue { + return true + } + if c == nil || c.Checksum == nil || c.Checksum.Enabled == nil { + return defValue } return c.Checksum.GetEnabled() } -func (c *Config) RequireChecksum(defValue bool) bool { +func (c *Config) RequireChecksum(enforceValue, defValue bool) bool { + if enforceValue { + return true + } if c == nil || c.Checksum == nil || c.Checksum.RequireChecksum == nil { return defValue } diff --git a/pkg/config/package.go b/pkg/config/package.go index 4df4a8d2f..6cccbbca3 100644 --- a/pkg/config/package.go +++ b/pkg/config/package.go @@ -240,46 +240,49 @@ const ( ) type Param struct { - GlobalConfigFilePaths []string - ConfigFilePath string - LogLevel string - File string - AQUAVersion string - AquaCommitHash string - RootDir string - PWD string - InsertFile string - LogColor string - Dest string - HomeDir string - OutTestData string - Limit int - MaxParallelism int - Args []string - Tags map[string]struct{} - ExcludedTags map[string]struct{} - DisableLazyInstall bool - OnlyLink bool - All bool - Global bool - Insert bool - SelectVersion bool - ShowVersion bool - ProgressBar bool - Deep bool - SkipLink bool - Pin bool - Prune bool - RequireChecksum bool - DisablePolicy bool - Detail bool - OnlyPackage bool - OnlyRegistry bool - CosignDisabled bool - SLSADisabled bool - Installed bool - PolicyConfigFilePaths []string - Commands []string + GlobalConfigFilePaths []string + ConfigFilePath string + LogLevel string + File string + AQUAVersion string + AquaCommitHash string + RootDir string + PWD string + InsertFile string + LogColor string + Dest string + HomeDir string + OutTestData string + Limit int + MaxParallelism int + Args []string + Tags map[string]struct{} + ExcludedTags map[string]struct{} + DisableLazyInstall bool + OnlyLink bool + All bool + Global bool + Insert bool + SelectVersion bool + ShowVersion bool + ProgressBar bool + Deep bool + SkipLink bool + Pin bool + Prune bool + Checksum bool + RequireChecksum bool + EnforceChecksum bool + EnforceRequireChecksum bool + DisablePolicy bool + Detail bool + OnlyPackage bool + OnlyRegistry bool + CosignDisabled bool + SLSADisabled bool + Installed bool + PolicyConfigFilePaths []string + Commands []string } func appendExt(s, format string) string { diff --git a/pkg/controller/cp/controller.go b/pkg/controller/cp/controller.go index 05bf1c14c..cd6448215 100644 --- a/pkg/controller/cp/controller.go +++ b/pkg/controller/cp/controller.go @@ -25,7 +25,6 @@ type Controller struct { which WhichController installer Installer policyConfigReader PolicyReader - requireChecksum bool } type PackageInstaller interface { @@ -49,7 +48,6 @@ func New(param *config.Param, pkgInstaller PackageInstaller, fs afero.Fs, rt *ru which: whichCtrl, installer: installer, policyConfigReader: policyConfigReader, - requireChecksum: param.RequireChecksum, } } diff --git a/pkg/controller/cp/install.go b/pkg/controller/cp/install.go index a9e848619..432b1ef55 100644 --- a/pkg/controller/cp/install.go +++ b/pkg/controller/cp/install.go @@ -16,7 +16,7 @@ import ( func (c *Controller) install(ctx context.Context, logE *logrus.Entry, findResult *which.FindResult, policyConfigs []*policy.Config, param *config.Param) error { var checksums *checksum.Checksums - if findResult.Config.ChecksumEnabled() { + if findResult.Config.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, findResult.ConfigFilePath) if err != nil { @@ -35,7 +35,7 @@ func (c *Controller) install(ctx context.Context, logE *logrus.Entry, findResult if err := c.packageInstaller.InstallPackage(ctx, logE, &installpackage.ParamInstallPackage{ Pkg: findResult.Package, Checksums: checksums, - RequireChecksum: findResult.Config.RequireChecksum(c.requireChecksum), + RequireChecksum: findResult.Config.RequireChecksum(param.EnforceRequireChecksum, param.RequireChecksum), ConfigFileDir: filepath.Dir(findResult.ConfigFilePath), PolicyConfigs: policyConfigs, DisablePolicy: param.DisablePolicy, diff --git a/pkg/controller/exec/controller.go b/pkg/controller/exec/controller.go index dc44d61d5..cb5401d62 100644 --- a/pkg/controller/exec/controller.go +++ b/pkg/controller/exec/controller.go @@ -26,14 +26,13 @@ type Controller struct { policyConfigReader PolicyReader policyConfigFinder policy.ConfigFinder enabledXSysExec bool - requireChecksum bool } type Installer interface { InstallPackage(ctx context.Context, logE *logrus.Entry, param *installpackage.ParamInstallPackage) error } -func New(param *config.Param, pkgInstaller Installer, whichCtrl WhichController, executor Executor, osEnv osenv.OSEnv, fs afero.Fs, policyConfigReader PolicyReader, policyConfigFinder policy.ConfigFinder) *Controller { +func New(pkgInstaller Installer, whichCtrl WhichController, executor Executor, osEnv osenv.OSEnv, fs afero.Fs, policyConfigReader PolicyReader, policyConfigFinder policy.ConfigFinder) *Controller { return &Controller{ stdin: os.Stdin, stdout: os.Stdout, @@ -45,7 +44,6 @@ func New(param *config.Param, pkgInstaller Installer, whichCtrl WhichController, fs: fs, policyConfigReader: policyConfigReader, policyConfigFinder: policyConfigFinder, - requireChecksum: param.RequireChecksum, } } diff --git a/pkg/controller/exec/exec.go b/pkg/controller/exec/exec.go index 5686a9448..14ae3c1cd 100644 --- a/pkg/controller/exec/exec.go +++ b/pkg/controller/exec/exec.go @@ -66,7 +66,7 @@ func (c *Controller) Exec(ctx context.Context, logE *logrus.Entry, param *config func (c *Controller) install(ctx context.Context, logE *logrus.Entry, findResult *which.FindResult, policies []*policy.Config, param *config.Param) error { var checksums *checksum.Checksums - if findResult.Config.ChecksumEnabled() { + if findResult.Config.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, findResult.ConfigFilePath) if err != nil { @@ -85,7 +85,7 @@ func (c *Controller) install(ctx context.Context, logE *logrus.Entry, findResult if err := c.packageInstaller.InstallPackage(ctx, logE, &installpackage.ParamInstallPackage{ Pkg: findResult.Package, Checksums: checksums, - RequireChecksum: findResult.Config.RequireChecksum(c.requireChecksum), + RequireChecksum: findResult.Config.RequireChecksum(param.EnforceRequireChecksum, param.RequireChecksum), PolicyConfigs: policies, DisablePolicy: param.DisablePolicy, }); err != nil { diff --git a/pkg/controller/exec/exec_test.go b/pkg/controller/exec/exec_test.go index bbb4c824b..84d9aac34 100644 --- a/pkg/controller/exec/exec_test.go +++ b/pkg/controller/exec/exec_test.go @@ -152,7 +152,7 @@ packages: executor := &exec.Mock{} pkgInstaller := installpackage.New(d.param, downloader, d.rt, fs, linker, nil, &checksum.Calculator{}, unarchive.New(executor, fs), &cosign.MockVerifier{}, &slsa.MockVerifier{}, &installpackage.MockGoInstallInstaller{}, &installpackage.MockGoBuildInstaller{}, &installpackage.MockCargoPackageInstaller{}) policyFinder := policy.NewConfigFinder(fs) - ctrl := execCtrl.New(d.param, pkgInstaller, whichCtrl, executor, osEnv, fs, policy.NewReader(fs, policy.NewValidator(d.param, fs), policyFinder, policy.NewConfigReader(fs)), policyFinder) + ctrl := execCtrl.New(pkgInstaller, whichCtrl, executor, osEnv, fs, policy.NewReader(fs, policy.NewValidator(d.param, fs), policyFinder, policy.NewConfigReader(fs)), policyFinder) if err := ctrl.Exec(ctx, logE, d.param, d.exeName, d.args...); err != nil { if d.isErr { return @@ -246,7 +246,7 @@ packages: downloader := download.NewDownloader(nil, download.NewHTTPDownloader(http.DefaultClient)) executor := &exec.Mock{} pkgInstaller := installpackage.New(d.param, downloader, d.rt, fs, linker, nil, &checksum.Calculator{}, unarchive.New(executor, fs), &cosign.MockVerifier{}, &slsa.MockVerifier{}, &installpackage.MockGoInstallInstaller{}, &installpackage.MockGoBuildInstaller{}, &installpackage.MockCargoPackageInstaller{}) - ctrl := execCtrl.New(d.param, pkgInstaller, whichCtrl, executor, osEnv, fs, &policy.MockReader{}, policy.NewConfigFinder(fs)) + ctrl := execCtrl.New(pkgInstaller, whichCtrl, executor, osEnv, fs, &policy.MockReader{}, policy.NewConfigFinder(fs)) b.ResetTimer() for i := 0; i < b.N; i++ { func() { diff --git a/pkg/controller/generate/generate.go b/pkg/controller/generate/generate.go index c649df158..0c155ffaf 100644 --- a/pkg/controller/generate/generate.go +++ b/pkg/controller/generate/generate.go @@ -73,7 +73,7 @@ func (c *Controller) getConfigFile(param *config.Param) (string, error) { func (c *Controller) listPkgs(ctx context.Context, logE *logrus.Entry, param *config.Param, cfg *aqua.Config, cfgFilePath string, args ...string) ([]*aqua.Package, error) { var checksums *checksum.Checksums - if cfg.ChecksumEnabled() { + if cfg.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, cfgFilePath) if err != nil { diff --git a/pkg/controller/install/controller.go b/pkg/controller/install/controller.go index 53d9e31db..2ba8240c1 100644 --- a/pkg/controller/install/controller.go +++ b/pkg/controller/install/controller.go @@ -27,7 +27,6 @@ type Controller struct { policyConfigFinder policy.ConfigFinder policyConfigReader PolicyReader skipLink bool - requireChecksum bool } func New(param *config.Param, configFinder ConfigFinder, configReader ConfigReader, registInstaller RegistryInstaller, pkgInstaller Installer, fs afero.Fs, rt *runtime.Runtime, policyConfigReader PolicyReader, policyConfigFinder policy.ConfigFinder) *Controller { @@ -44,7 +43,6 @@ func New(param *config.Param, configFinder ConfigFinder, configReader ConfigRead excludedTags: param.ExcludedTags, policyConfigReader: policyConfigReader, policyConfigFinder: policyConfigFinder, - requireChecksum: param.RequireChecksum, } } diff --git a/pkg/controller/install/install.go b/pkg/controller/install/install.go index ba9b9f91c..e4f3d744f 100644 --- a/pkg/controller/install/install.go +++ b/pkg/controller/install/install.go @@ -95,7 +95,7 @@ func (c *Controller) install(ctx context.Context, logE *logrus.Entry, cfgFilePat } var checksums *checksum.Checksums - if cfg.ChecksumEnabled() { + if cfg.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, cfgFilePath) if err != nil { @@ -125,7 +125,7 @@ func (c *Controller) install(ctx context.Context, logE *logrus.Entry, cfgFilePat ExcludedTags: c.excludedTags, PolicyConfigs: policyConfigs, Checksums: checksums, - RequireChecksum: c.requireChecksum, + RequireChecksum: cfg.RequireChecksum(param.EnforceRequireChecksum, param.RequireChecksum), DisablePolicy: param.DisablePolicy, }) } diff --git a/pkg/controller/list/list.go b/pkg/controller/list/list.go index 8d45e621a..deb07e853 100644 --- a/pkg/controller/list/list.go +++ b/pkg/controller/list/list.go @@ -25,7 +25,7 @@ func (c *Controller) List(ctx context.Context, param *config.Param, logE *logrus } var checksums *checksum.Checksums - if cfg.ChecksumEnabled() { + if cfg.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, cfgFilePath) if err != nil { diff --git a/pkg/controller/remove/remove.go b/pkg/controller/remove/remove.go index 10c1bfa73..18c4971b2 100644 --- a/pkg/controller/remove/remove.go +++ b/pkg/controller/remove/remove.go @@ -53,7 +53,7 @@ func (c *Controller) Remove(ctx context.Context, logE *logrus.Entry, param *conf } var checksums *checksum.Checksums - if cfg.ChecksumEnabled() { + if cfg.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, cfgFilePath) if err != nil { diff --git a/pkg/controller/update/controller.go b/pkg/controller/update/controller.go index 2c4d2471b..000bee560 100644 --- a/pkg/controller/update/controller.go +++ b/pkg/controller/update/controller.go @@ -23,7 +23,6 @@ type Controller struct { registryInstaller RegistryInstaller fs afero.Fs runtime *runtime.Runtime - requireChecksum bool fuzzyGetter FuzzyGetter fuzzyFinder FuzzyFinder which WhichController @@ -62,7 +61,6 @@ func New(param *config.Param, gh RepositoriesService, configFinder ConfigFinder, registryInstaller: registInstaller, fs: fs, runtime: rt, - requireChecksum: param.RequireChecksum, fuzzyGetter: fuzzyGetter, fuzzyFinder: fuzzyFinder, which: whichController, diff --git a/pkg/controller/update/update.go b/pkg/controller/update/update.go index bd35e96e5..fd770676d 100644 --- a/pkg/controller/update/update.go +++ b/pkg/controller/update/update.go @@ -80,7 +80,7 @@ func (c *Controller) update(ctx context.Context, logE *logrus.Entry, param *conf } var checksums *checksum.Checksums - if cfg.ChecksumEnabled() { + if cfg.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, cfgFilePath) if err != nil { diff --git a/pkg/controller/which/which.go b/pkg/controller/which/which.go index 06c2abf59..103053abc 100644 --- a/pkg/controller/which/which.go +++ b/pkg/controller/which/which.go @@ -23,7 +23,7 @@ type FindResult struct { func (c *Controller) Which(ctx context.Context, logE *logrus.Entry, param *config.Param, exeName string) (*FindResult, error) { for _, cfgFilePath := range c.configFinder.Finds(param.PWD, param.ConfigFilePath) { - findResult, err := c.findExecFile(ctx, logE, cfgFilePath, exeName) + findResult, err := c.findExecFile(ctx, logE, param, cfgFilePath, exeName) if err != nil { return nil, err } @@ -38,7 +38,7 @@ func (c *Controller) Which(ctx context.Context, logE *logrus.Entry, param *confi if _, err := c.fs.Stat(cfgFilePath); err != nil { continue } - findResult, err := c.findExecFile(ctx, logE, cfgFilePath, exeName) + findResult, err := c.findExecFile(ctx, logE, param, cfgFilePath, exeName) if err != nil { return nil, err } @@ -67,14 +67,14 @@ func (c *Controller) getExePath(findResult *FindResult) (string, error) { return pkg.ExePath(c.rootDir, file, c.runtime) //nolint:wrapcheck } -func (c *Controller) findExecFile(ctx context.Context, logE *logrus.Entry, cfgFilePath, exeName string) (*FindResult, error) { +func (c *Controller) findExecFile(ctx context.Context, logE *logrus.Entry, param *config.Param, cfgFilePath, exeName string) (*FindResult, error) { cfg := &aqua.Config{} if err := c.configReader.Read(cfgFilePath, cfg); err != nil { return nil, err //nolint:wrapcheck } var checksums *checksum.Checksums - if cfg.ChecksumEnabled() { + if cfg.ChecksumEnabled(param.EnforceChecksum, param.Checksum) { checksums = checksum.New() checksumFilePath, err := checksum.GetChecksumFilePathFromConfigFilePath(c.fs, cfgFilePath) if err != nil { diff --git a/pkg/controller/wire_gen.go b/pkg/controller/wire_gen.go index 54c51db18..51dac4e8d 100644 --- a/pkg/controller/wire_gen.go +++ b/pkg/controller/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate go run github.com/google/wire/cmd/wire +//go:generate go run -mod=mod github.com/google/wire/cmd/wire //go:build !wireinject // +build !wireinject @@ -189,7 +189,7 @@ func InitializeExecCommandController(ctx context.Context, param *config.Param, h configFinderImpl := policy.NewConfigFinder(fs) configReaderImpl := policy.NewConfigReader(fs) policyReader := policy.NewReader(fs, validatorImpl, configFinderImpl, configReaderImpl) - execController := exec2.New(param, installer, controller, executor, osEnv, fs, policyReader, configFinderImpl) + execController := exec2.New(installer, controller, executor, osEnv, fs, policyReader, configFinderImpl) return execController } diff --git a/pkg/installpackage/installer.go b/pkg/installpackage/installer.go index be293d5e9..887aae8cc 100644 --- a/pkg/installpackage/installer.go +++ b/pkg/installpackage/installer.go @@ -205,7 +205,7 @@ func (is *Installer) InstallPackages(ctx context.Context, logE *logrus.Entry, pa if err := is.InstallPackage(ctx, logE, &ParamInstallPackage{ Pkg: pkg, Checksums: param.Checksums, - RequireChecksum: param.Config.RequireChecksum(param.RequireChecksum), + RequireChecksum: param.RequireChecksum, PolicyConfigs: param.PolicyConfigs, DisablePolicy: param.DisablePolicy, }); err != nil {