Redist.Targz (Hyper v0.1.0)

Copy Markdown View Source

Fetches a gzipped tarball from a URL, verifies its SHA-256, and extracts it into a directory.

Refusal behaviour:

  • A wrong checksum returns {:error, {:checksum_mismatch, …}} before dest_dir is created.
  • A non-200 HTTP response returns {:error, {:download_failed, status}} before dest_dir is created.
  • A path-traversal (../) tar entry causes :erl_tar to refuse the archive before writing any entry; nothing escapes dest_dir. An empty dest_dir may be created as a side-effect, but no content is extracted.

Summary

Functions

Download url, verify its SHA-256 equals sha256 (lowercase hex), and extract the archive into dest_dir.

Functions

install(url, sha256, dest_dir)

@spec install(String.t(), String.t(), Path.t()) ::
  :ok
  | {:error,
     {:download_failed, non_neg_integer()}
     | {:download_error, term()}
     | {:checksum_mismatch, String.t(), String.t()}
     | {:unsafe_tar_entry, String.t()}
     | {:extract_failed, term()}}

Download url, verify its SHA-256 equals sha256 (lowercase hex), and extract the archive into dest_dir.