Forcola.Precompiled (forcola v0.1.0)

Copy Markdown View Source

Downloads and verifies precompiled forcola_shim binaries.

The release workflow (.github/workflows/release.yml) builds the shim for each supported target and attaches forcola_shim-v<version>-<target>.tar.gz to the GitHub Release for the tag. mix forcola.checksum fetches every tarball for the current version, computes SHA256 digests locally, and writes checksum-forcola_shim.exs; that file ships in the hex package (it is gitignored in the repo).

At compile time the :forcola_shim Mix compiler calls install/2, which detects the current target, downloads the matching tarball (cached under the user cache dir), verifies its SHA256 against the checksum file, and extracts the binary into priv/. Any checksum mismatch is an error; nothing is installed from an unverified tarball.

Summary

Functions

Release asset name for a version and target.

Name of the checksum file shipped in the hex package.

Downloads url over HTTPS with peer verification.

GitHub Release download URL for a version and target.

Fetches, verifies, and installs the shim binary into priv_dir.

Reads the checksum file: a map of artifact name to hex SHA256 digest.

Lowercase hex SHA256 digest of a binary.

Maps an Erlang :system_architecture string to a release target.

All targets the release workflow builds.

Verifies body against a lowercase hex SHA256 digest.

Functions

artifact_name(version, target)

@spec artifact_name(String.t(), String.t()) :: String.t()

Release asset name for a version and target.

checksum_file()

@spec checksum_file() :: String.t()

Name of the checksum file shipped in the hex package.

download(url)

@spec download(String.t()) :: {:ok, binary()} | {:error, String.t()}

Downloads url over HTTPS with peer verification.

Follows redirects (GitHub release assets redirect to object storage).

download_url(version, target)

@spec download_url(String.t(), String.t()) :: String.t()

GitHub Release download URL for a version and target.

install(version, priv_dir \\ "priv")

@spec install(String.t(), Path.t()) :: {:ok, Path.t()} | {:error, String.t()}

Fetches, verifies, and installs the shim binary into priv_dir.

Returns the path to the installed binary. The tarball is cached under the user cache dir; a cached copy is used only if its checksum still matches, otherwise it is re-downloaded.

read_checksums(path \\ "checksum-forcola_shim.exs")

@spec read_checksums(Path.t()) :: {:ok, map()} | {:error, String.t()}

Reads the checksum file: a map of artifact name to hex SHA256 digest.

sha256(body)

@spec sha256(binary()) :: String.t()

Lowercase hex SHA256 digest of a binary.

target(system_architecture \\ system_architecture())

@spec target(String.t()) :: {:ok, String.t()} | {:error, String.t()}

Maps an Erlang :system_architecture string to a release target.

Returns {:error, message} for architectures the release workflow does not build; callers fall back to a local cargo build via FORCOLA_BUILD=1.

targets()

@spec targets() :: [String.t()]

All targets the release workflow builds.

verify(body, expected_sha256)

@spec verify(binary(), String.t()) :: :ok | {:error, String.t()}

Verifies body against a lowercase hex SHA256 digest.