-spec fingerprint(binary()) -> string().

Computes a SHA256 fingerprint of a PEM-encoded public key.

Returns a string in the format "SHA256:" followed by base64, which can be used to verify public keys out-of-band.

Examples:

  > hex_repo:fingerprint(PublicKeyPem).
  "SHA256:abc123..."

-spec fingerprint_equal(binary(), iodata()) -> boolean().

Compares a PEM-encoded public key against an expected fingerprint.

Uses constant-time comparison to prevent timing attacks.

Examples:

  > hex_repo:fingerprint_equal(PublicKeyPem, "SHA256:abc123...").
  true

Gets docs tarball from the repository.

Examples:

  > {ok, {200, _, Docs}} = hex_repo:get_docs(hex_core:default_config(), <<"package1">>, <<"1.0.0">>),
  > hex_tarball:unpack_docs(Docs, "/tmp/docs")
  ok

Gets docs tarball from the repository and writes it to a file.

Examples:

  > {ok, {200, _}} = hex_repo:get_docs_to_file(hex_core:default_config(), <<"package1">>, <<"1.0.0">>, "/tmp/docs.tar.gz"),
  > ok = hex_tarball:unpack_docs({file, "/tmp/docs.tar.gz"}, "/tmp/docs").

Gets Hex installation versions CSV from repository.

Examples:

  > hex_repo:get_hex_installs(hex_core:default_config()).
  {ok, {200, ..., <<"1.0.0,abc123,1.13.0\n1.1.0,def456,1.14.0\n...">>}}

Gets names resource from the repository.

Examples:

  > hex_repo:get_names(hex_core:default_config()).
  {ok,{200, ...,
       #{packages => [
             #{name => <<"package1">>},
             #{name => <<"package2">>},
             ...]}}}

Gets package resource from the repository.

Examples:

  > hex_repo:get_package(hex_core:default_config(), <<"package1">>).
  {ok, {200, ...,
        #{name => <<"package1">>,
          releases => [
              #{checksum => ..., version => <<"0.5.0">>, dependencies => []},
              #{checksum => ..., version => <<"1.0.0">>, dependencies => [
                    #{package => <<"package2">>, optional => true, requirement => <<"~> 0.1">>}
              ]},
      ]}}}

Gets the public key from the repository.

Examples:

  > hex_repo:get_public_key(hex_core:default_config())
  {ok, {200, _, PublicKey}}

Gets tarball from the repository.

Examples:

  > {ok, {200, _, Tarball}} = hex_repo:get_tarball(hex_core:default_config(), <<"package1">>, <<"1.0.0">>),
  > {ok, #{metadata := Metadata}} = hex_tarball:unpack(Tarball, "/tmp/package").

Gets tarball from the repository and writes it to a file.

Examples:

  > {ok, {200, _}} = hex_repo:get_tarball_to_file(hex_core:default_config(), <<"package1">>, <<"1.0.0">>, "/tmp/package.tar"),
  > {ok, #{metadata := Metadata}} = hex_tarball:unpack({file, "/tmp/package.tar"}, "/tmp/package").

Gets versions resource from the repository.

Examples:

  > hex_repo:get_versions(Config).
  {ok, {200, ...,
        #{packages => [
              #{name => <<"package1">>, retired => [],
                versions => [<<"1.0.0">>]},
              #{name => <<"package2">>, retired => [<<"0.5.0>>"],
                versions => [<<"0.5.0">>, <<"1.0.0">>]},
              ...]}}}