0ad4c1be2f
Earlier on in the stubbing of this package we realized that it wasn't going to be possible to populate the authentication-related bits for all packages because the relevant metadata just isn't available for packages that are already local. However, we just moved ahead with that awkward design at the time because we needed to get other work done, and so we've been mostly producing PackageMeta values with all-zeros hashes and just ignoring them entirely as a temporary workaround. This is a first step towards what is hopefully a more intuitive model: authentication is an optional thing in a PackageMeta that is currently populated only for packages coming from a registry. So far this still just models checking a SHA256 hash, which is not a sufficient set of checks for a real release but hopefully the "real" implementation is a natural iteration of this starting point, and if not then at least this interim step is a bit more honest about the fact that Authentication will not be populated on every PackageMeta. |
||
|---|---|---|
| .. | ||
| testdata/cachedir | ||
| cached_provider.go | ||
| cached_provider_test.go | ||
| dir.go | ||
| dir_modify.go | ||
| dir_modify_test.go | ||
| dir_test.go | ||
| doc.go | ||
| installer.go | ||
| installer_events.go | ||
| lock_file.go | ||
| package_install.go | ||