coderepo.go

     1  // Copyright 2018 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package modfetch
     6  
     7  import (
     8  	"archive/zip"
     9  	"bytes"
    10  	"errors"
    11  	"fmt"
    12  	"io"
    13  	"io/fs"
    14  	"os"
    15  	"path"
    16  	"sort"
    17  	"strings"
    18  	"time"
    19  
    20  	"cmd/go/internal/modfetch/codehost"
    21  
    22  	"golang.org/x/mod/modfile"
    23  	"golang.org/x/mod/module"
    24  	"golang.org/x/mod/semver"
    25  	modzip "golang.org/x/mod/zip"
    26  )
    27  
    28  // A codeRepo implements modfetch.Repo using an underlying codehost.Repo.
    29  type codeRepo struct {
    30  	modPath string
    31  
    32  	// code is the repository containing this module.
    33  	code codehost.Repo
    34  	// codeRoot is the import path at the root of code.
    35  	codeRoot string
    36  	// codeDir is the directory (relative to root) at which we expect to find the module.
    37  	// If pathMajor is non-empty and codeRoot is not the full modPath,
    38  	// then we look in both codeDir and codeDir/pathMajor[1:].
    39  	codeDir string
    40  
    41  	// pathMajor is the suffix of modPath that indicates its major version,
    42  	// or the empty string if modPath is at major version 0 or 1.
    43  	//
    44  	// pathMajor is typically of the form "/vN", but possibly ".vN", or
    45  	// ".vN-unstable" for modules resolved using gopkg.in.
    46  	pathMajor string
    47  	// pathPrefix is the prefix of modPath that excludes pathMajor.
    48  	// It is used only for logging.
    49  	pathPrefix string
    50  
    51  	// pseudoMajor is the major version prefix to require when generating
    52  	// pseudo-versions for this module, derived from the module path. pseudoMajor
    53  	// is empty if the module path does not include a version suffix (that is,
    54  	// accepts either v0 or v1).
    55  	pseudoMajor string
    56  }
    57  
    58  // newCodeRepo returns a Repo that reads the source code for the module with the
    59  // given path, from the repo stored in code, with the root of the repo
    60  // containing the path given by codeRoot.
    61  func newCodeRepo(code codehost.Repo, codeRoot, path string) (Repo, error) {
    62  	if !hasPathPrefix(path, codeRoot) {
    63  		return nil, fmt.Errorf("mismatched repo: found %s for %s", codeRoot, path)
    64  	}
    65  	pathPrefix, pathMajor, ok := module.SplitPathVersion(path)
    66  	if !ok {
    67  		return nil, fmt.Errorf("invalid module path %q", path)
    68  	}
    69  	if codeRoot == path {
    70  		pathPrefix = path
    71  	}
    72  	pseudoMajor := module.PathMajorPrefix(pathMajor)
    73  
    74  	// Compute codeDir = bar, the subdirectory within the repo
    75  	// corresponding to the module root.
    76  	//
    77  	// At this point we might have:
    78  	//	path = github.com/rsc/foo/bar/v2
    79  	//	codeRoot = github.com/rsc/foo
    80  	//	pathPrefix = github.com/rsc/foo/bar
    81  	//	pathMajor = /v2
    82  	//	pseudoMajor = v2
    83  	//
    84  	// which gives
    85  	//	codeDir = bar
    86  	//
    87  	// We know that pathPrefix is a prefix of path, and codeRoot is a prefix of
    88  	// path, but codeRoot may or may not be a prefix of pathPrefix, because
    89  	// codeRoot may be the entire path (in which case codeDir should be empty).
    90  	// That occurs in two situations.
    91  	//
    92  	// One is when a go-import meta tag resolves the complete module path,
    93  	// including the pathMajor suffix:
    94  	//	path = nanomsg.org/go/mangos/v2
    95  	//	codeRoot = nanomsg.org/go/mangos/v2
    96  	//	pathPrefix = nanomsg.org/go/mangos
    97  	//	pathMajor = /v2
    98  	//	pseudoMajor = v2
    99  	//
   100  	// The other is similar: for gopkg.in only, the major version is encoded
   101  	// with a dot rather than a slash, and thus can't be in a subdirectory.
   102  	//	path = gopkg.in/yaml.v2
   103  	//	codeRoot = gopkg.in/yaml.v2
   104  	//	pathPrefix = gopkg.in/yaml
   105  	//	pathMajor = .v2
   106  	//	pseudoMajor = v2
   107  	//
   108  	codeDir := ""
   109  	if codeRoot != path {
   110  		if !hasPathPrefix(pathPrefix, codeRoot) {
   111  			return nil, fmt.Errorf("repository rooted at %s cannot contain module %s", codeRoot, path)
   112  		}
   113  		codeDir = strings.Trim(pathPrefix[len(codeRoot):], "/")
   114  	}
   115  
   116  	r := &codeRepo{
   117  		modPath:     path,
   118  		code:        code,
   119  		codeRoot:    codeRoot,
   120  		codeDir:     codeDir,
   121  		pathPrefix:  pathPrefix,
   122  		pathMajor:   pathMajor,
   123  		pseudoMajor: pseudoMajor,
   124  	}
   125  
   126  	return r, nil
   127  }
   128  
   129  func (r *codeRepo) ModulePath() string {
   130  	return r.modPath
   131  }
   132  
   133  func (r *codeRepo) Versions(prefix string) ([]string, error) {
   134  	// Special case: gopkg.in/macaroon-bakery.v2-unstable
   135  	// does not use the v2 tags (those are for macaroon-bakery.v2).
   136  	// It has no possible tags at all.
   137  	if strings.HasPrefix(r.modPath, "gopkg.in/") && strings.HasSuffix(r.modPath, "-unstable") {
   138  		return nil, nil
   139  	}
   140  
   141  	p := prefix
   142  	if r.codeDir != "" {
   143  		p = r.codeDir + "/" + p
   144  	}
   145  	tags, err := r.code.Tags(p)
   146  	if err != nil {
   147  		return nil, &module.ModuleError{
   148  			Path: r.modPath,
   149  			Err:  err,
   150  		}
   151  	}
   152  
   153  	var list, incompatible []string
   154  	for _, tag := range tags {
   155  		if !strings.HasPrefix(tag, p) {
   156  			continue
   157  		}
   158  		v := tag
   159  		if r.codeDir != "" {
   160  			v = v[len(r.codeDir)+1:]
   161  		}
   162  		if v == "" || v != module.CanonicalVersion(v) || module.IsPseudoVersion(v) {
   163  			continue
   164  		}
   165  
   166  		if err := module.CheckPathMajor(v, r.pathMajor); err != nil {
   167  			if r.codeDir == "" && r.pathMajor == "" && semver.Major(v) > "v1" {
   168  				incompatible = append(incompatible, v)
   169  			}
   170  			continue
   171  		}
   172  
   173  		list = append(list, v)
   174  	}
   175  	semver.Sort(list)
   176  	semver.Sort(incompatible)
   177  
   178  	return r.appendIncompatibleVersions(list, incompatible)
   179  }
   180  
   181  // appendIncompatibleVersions appends "+incompatible" versions to list if
   182  // appropriate, returning the final list.
   183  //
   184  // The incompatible list contains candidate versions without the '+incompatible'
   185  // prefix.
   186  //
   187  // Both list and incompatible must be sorted in semantic order.
   188  func (r *codeRepo) appendIncompatibleVersions(list, incompatible []string) ([]string, error) {
   189  	if len(incompatible) == 0 || r.pathMajor != "" {
   190  		// No +incompatible versions are possible, so no need to check them.
   191  		return list, nil
   192  	}
   193  
   194  	versionHasGoMod := func(v string) (bool, error) {
   195  		_, err := r.code.ReadFile(v, "go.mod", codehost.MaxGoMod)
   196  		if err == nil {
   197  			return true, nil
   198  		}
   199  		if !os.IsNotExist(err) {
   200  			return false, &module.ModuleError{
   201  				Path: r.modPath,
   202  				Err:  err,
   203  			}
   204  		}
   205  		return false, nil
   206  	}
   207  
   208  	if len(list) > 0 {
   209  		ok, err := versionHasGoMod(list[len(list)-1])
   210  		if err != nil {
   211  			return nil, err
   212  		}
   213  		if ok {
   214  			// The latest compatible version has a go.mod file, so assume that all
   215  			// subsequent versions do as well, and do not include any +incompatible
   216  			// versions. Even if we are wrong, the author clearly intends module
   217  			// consumers to be on the v0/v1 line instead of a higher +incompatible
   218  			// version. (See https://golang.org/issue/34189.)
   219  			//
   220  			// We know of at least two examples where this behavior is desired
   221  			// (github.com/russross/blackfriday@v2.0.0 and
   222  			// github.com/libp2p/go-libp2p@v6.0.23), and (as of 2019-10-29) have no
   223  			// concrete examples for which it is undesired.
   224  			return list, nil
   225  		}
   226  	}
   227  
   228  	var (
   229  		lastMajor         string
   230  		lastMajorHasGoMod bool
   231  	)
   232  	for i, v := range incompatible {
   233  		major := semver.Major(v)
   234  
   235  		if major != lastMajor {
   236  			rem := incompatible[i:]
   237  			j := sort.Search(len(rem), func(j int) bool {
   238  				return semver.Major(rem[j]) != major
   239  			})
   240  			latestAtMajor := rem[j-1]
   241  
   242  			var err error
   243  			lastMajor = major
   244  			lastMajorHasGoMod, err = versionHasGoMod(latestAtMajor)
   245  			if err != nil {
   246  				return nil, err
   247  			}
   248  		}
   249  
   250  		if lastMajorHasGoMod {
   251  			// The latest release of this major version has a go.mod file, so it is
   252  			// not allowed as +incompatible. It would be confusing to include some
   253  			// minor versions of this major version as +incompatible but require
   254  			// semantic import versioning for others, so drop all +incompatible
   255  			// versions for this major version.
   256  			//
   257  			// If we're wrong about a minor version in the middle, users will still be
   258  			// able to 'go get' specific tags for that version explicitly — they just
   259  			// won't appear in 'go list' or as the results for queries with inequality
   260  			// bounds.
   261  			continue
   262  		}
   263  		list = append(list, v+"+incompatible")
   264  	}
   265  
   266  	return list, nil
   267  }
   268  
   269  func (r *codeRepo) Stat(rev string) (*RevInfo, error) {
   270  	if rev == "latest" {
   271  		return r.Latest()
   272  	}
   273  	codeRev := r.revToRev(rev)
   274  	info, err := r.code.Stat(codeRev)
   275  	if err != nil {
   276  		return nil, &module.ModuleError{
   277  			Path: r.modPath,
   278  			Err: &module.InvalidVersionError{
   279  				Version: rev,
   280  				Err:     err,
   281  			},
   282  		}
   283  	}
   284  	return r.convert(info, rev)
   285  }
   286  
   287  func (r *codeRepo) Latest() (*RevInfo, error) {
   288  	info, err := r.code.Latest()
   289  	if err != nil {
   290  		return nil, err
   291  	}
   292  	return r.convert(info, "")
   293  }
   294  
   295  // convert converts a version as reported by the code host to a version as
   296  // interpreted by the module system.
   297  //
   298  // If statVers is a valid module version, it is used for the Version field.
   299  // Otherwise, the Version is derived from the passed-in info and recent tags.
   300  func (r *codeRepo) convert(info *codehost.RevInfo, statVers string) (*RevInfo, error) {
   301  	// If this is a plain tag (no dir/ prefix)
   302  	// and the module path is unversioned,
   303  	// and if the underlying file tree has no go.mod,
   304  	// then allow using the tag with a +incompatible suffix.
   305  	//
   306  	// (If the version is +incompatible, then the go.mod file must not exist:
   307  	// +incompatible is not an ongoing opt-out from semantic import versioning.)
   308  	incompatibleOk := map[string]bool{}
   309  	canUseIncompatible := func(v string) bool {
   310  		if r.codeDir != "" || r.pathMajor != "" {
   311  			// A non-empty codeDir indicates a module within a subdirectory,
   312  			// which necessarily has a go.mod file indicating the module boundary.
   313  			// A non-empty pathMajor indicates a module path with a major-version
   314  			// suffix, which must match.
   315  			return false
   316  		}
   317  
   318  		ok, seen := incompatibleOk[""]
   319  		if !seen {
   320  			_, errGoMod := r.code.ReadFile(info.Name, "go.mod", codehost.MaxGoMod)
   321  			ok = (errGoMod != nil)
   322  			incompatibleOk[""] = ok
   323  		}
   324  		if !ok {
   325  			// A go.mod file exists at the repo root.
   326  			return false
   327  		}
   328  
   329  		// Per https://go.dev/issue/51324, previous versions of the 'go' command
   330  		// didn't always check for go.mod files in subdirectories, so if the user
   331  		// requests a +incompatible version explicitly, we should continue to allow
   332  		// it. Otherwise, if vN/go.mod exists, expect that release tags for that
   333  		// major version are intended for the vN module.
   334  		if v != "" && !strings.HasSuffix(statVers, "+incompatible") {
   335  			major := semver.Major(v)
   336  			ok, seen = incompatibleOk[major]
   337  			if !seen {
   338  				_, errGoModSub := r.code.ReadFile(info.Name, path.Join(major, "go.mod"), codehost.MaxGoMod)
   339  				ok = (errGoModSub != nil)
   340  				incompatibleOk[major] = ok
   341  			}
   342  			if !ok {
   343  				return false
   344  			}
   345  		}
   346  
   347  		return true
   348  	}
   349  
   350  	// checkCanonical verifies that the canonical version v is compatible with the
   351  	// module path represented by r, adding a "+incompatible" suffix if needed.
   352  	//
   353  	// If statVers is also canonical, checkCanonical also verifies that v is
   354  	// either statVers or statVers with the added "+incompatible" suffix.
   355  	checkCanonical := func(v string) (*RevInfo, error) {
   356  		// If r.codeDir is non-empty, then the go.mod file must exist: the module
   357  		// author — not the module consumer, — gets to decide how to carve up the repo
   358  		// into modules.
   359  		//
   360  		// Conversely, if the go.mod file exists, the module author — not the module
   361  		// consumer — gets to determine the module's path
   362  		//
   363  		// r.findDir verifies both of these conditions. Execute it now so that
   364  		// r.Stat will correctly return a notExistError if the go.mod location or
   365  		// declared module path doesn't match.
   366  		_, _, _, err := r.findDir(v)
   367  		if err != nil {
   368  			// TODO: It would be nice to return an error like "not a module".
   369  			// Right now we return "missing go.mod", which is a little confusing.
   370  			return nil, &module.ModuleError{
   371  				Path: r.modPath,
   372  				Err: &module.InvalidVersionError{
   373  					Version: v,
   374  					Err:     notExistError{err: err},
   375  				},
   376  			}
   377  		}
   378  
   379  		invalidf := func(format string, args ...any) error {
   380  			return &module.ModuleError{
   381  				Path: r.modPath,
   382  				Err: &module.InvalidVersionError{
   383  					Version: v,
   384  					Err:     fmt.Errorf(format, args...),
   385  				},
   386  			}
   387  		}
   388  
   389  		// Add the +incompatible suffix if needed or requested explicitly, and
   390  		// verify that its presence or absence is appropriate for this version
   391  		// (which depends on whether it has an explicit go.mod file).
   392  
   393  		if v == strings.TrimSuffix(statVers, "+incompatible") {
   394  			v = statVers
   395  		}
   396  		base := strings.TrimSuffix(v, "+incompatible")
   397  		var errIncompatible error
   398  		if !module.MatchPathMajor(base, r.pathMajor) {
   399  			if canUseIncompatible(base) {
   400  				v = base + "+incompatible"
   401  			} else {
   402  				if r.pathMajor != "" {
   403  					errIncompatible = invalidf("module path includes a major version suffix, so major version must match")
   404  				} else {
   405  					errIncompatible = invalidf("module contains a go.mod file, so module path must match major version (%q)", path.Join(r.pathPrefix, semver.Major(v)))
   406  				}
   407  			}
   408  		} else if strings.HasSuffix(v, "+incompatible") {
   409  			errIncompatible = invalidf("+incompatible suffix not allowed: major version %s is compatible", semver.Major(v))
   410  		}
   411  
   412  		if statVers != "" && statVers == module.CanonicalVersion(statVers) {
   413  			// Since the caller-requested version is canonical, it would be very
   414  			// confusing to resolve it to anything but itself, possibly with a
   415  			// "+incompatible" suffix. Error out explicitly.
   416  			if statBase := strings.TrimSuffix(statVers, "+incompatible"); statBase != base {
   417  				return nil, &module.ModuleError{
   418  					Path: r.modPath,
   419  					Err: &module.InvalidVersionError{
   420  						Version: statVers,
   421  						Err:     fmt.Errorf("resolves to version %v (%s is not a tag)", v, statBase),
   422  					},
   423  				}
   424  			}
   425  		}
   426  
   427  		if errIncompatible != nil {
   428  			return nil, errIncompatible
   429  		}
   430  
   431  		return &RevInfo{
   432  			Name:    info.Name,
   433  			Short:   info.Short,
   434  			Time:    info.Time,
   435  			Version: v,
   436  		}, nil
   437  	}
   438  
   439  	// Determine version.
   440  
   441  	if module.IsPseudoVersion(statVers) {
   442  		if err := r.validatePseudoVersion(info, statVers); err != nil {
   443  			return nil, err
   444  		}
   445  		return checkCanonical(statVers)
   446  	}
   447  
   448  	// statVers is not a pseudo-version, so we need to either resolve it to a
   449  	// canonical version or verify that it is already a canonical tag
   450  	// (not a branch).
   451  
   452  	// Derive or verify a version from a code repo tag.
   453  	// Tag must have a prefix matching codeDir.
   454  	tagPrefix := ""
   455  	if r.codeDir != "" {
   456  		tagPrefix = r.codeDir + "/"
   457  	}
   458  
   459  	isRetracted, err := r.retractedVersions()
   460  	if err != nil {
   461  		isRetracted = func(string) bool { return false }
   462  	}
   463  
   464  	// tagToVersion returns the version obtained by trimming tagPrefix from tag.
   465  	// If the tag is invalid, retracted, or a pseudo-version, tagToVersion returns
   466  	// an empty version.
   467  	tagToVersion := func(tag string) (v string, tagIsCanonical bool) {
   468  		if !strings.HasPrefix(tag, tagPrefix) {
   469  			return "", false
   470  		}
   471  		trimmed := tag[len(tagPrefix):]
   472  		// Tags that look like pseudo-versions would be confusing. Ignore them.
   473  		if module.IsPseudoVersion(tag) {
   474  			return "", false
   475  		}
   476  
   477  		v = semver.Canonical(trimmed) // Not module.Canonical: we don't want to pick up an explicit "+incompatible" suffix from the tag.
   478  		if v == "" || !strings.HasPrefix(trimmed, v) {
   479  			return "", false // Invalid or incomplete version (just vX or vX.Y).
   480  		}
   481  		if v == trimmed {
   482  			tagIsCanonical = true
   483  		}
   484  		return v, tagIsCanonical
   485  	}
   486  
   487  	// If the VCS gave us a valid version, use that.
   488  	if v, tagIsCanonical := tagToVersion(info.Version); tagIsCanonical {
   489  		if info, err := checkCanonical(v); err == nil {
   490  			return info, err
   491  		}
   492  	}
   493  
   494  	// Look through the tags on the revision for either a usable canonical version
   495  	// or an appropriate base for a pseudo-version.
   496  	var (
   497  		highestCanonical string
   498  		pseudoBase       string
   499  	)
   500  	for _, pathTag := range info.Tags {
   501  		v, tagIsCanonical := tagToVersion(pathTag)
   502  		if statVers != "" && semver.Compare(v, statVers) == 0 {
   503  			// The tag is equivalent to the version requested by the user.
   504  			if tagIsCanonical {
   505  				// This tag is the canonical form of the requested version,
   506  				// not some other form with extra build metadata.
   507  				// Use this tag so that the resolved version will match exactly.
   508  				// (If it isn't actually allowed, we'll error out in checkCanonical.)
   509  				return checkCanonical(v)
   510  			} else {
   511  				// The user explicitly requested something equivalent to this tag. We
   512  				// can't use the version from the tag directly: since the tag is not
   513  				// canonical, it could be ambiguous. For example, tags v0.0.1+a and
   514  				// v0.0.1+b might both exist and refer to different revisions.
   515  				//
   516  				// The tag is otherwise valid for the module, so we can at least use it as
   517  				// the base of an unambiguous pseudo-version.
   518  				//
   519  				// If multiple tags match, tagToVersion will canonicalize them to the same
   520  				// base version.
   521  				pseudoBase = v
   522  			}
   523  		}
   524  		// Save the highest non-retracted canonical tag for the revision.
   525  		// If we don't find a better match, we'll use it as the canonical version.
   526  		if tagIsCanonical && semver.Compare(highestCanonical, v) < 0 && !isRetracted(v) {
   527  			if module.MatchPathMajor(v, r.pathMajor) || canUseIncompatible(v) {
   528  				highestCanonical = v
   529  			}
   530  		}
   531  	}
   532  
   533  	// If we found a valid canonical tag for the revision, return it.
   534  	// Even if we found a good pseudo-version base, a canonical version is better.
   535  	if highestCanonical != "" {
   536  		return checkCanonical(highestCanonical)
   537  	}
   538  
   539  	// Find the highest tagged version in the revision's history, subject to
   540  	// major version and +incompatible constraints. Use that version as the
   541  	// pseudo-version base so that the pseudo-version sorts higher. Ignore
   542  	// retracted versions.
   543  	allowedMajor := func(major string) func(v string) bool {
   544  		return func(v string) bool {
   545  			return ((major == "" && canUseIncompatible(v)) || semver.Major(v) == major) && !isRetracted(v)
   546  		}
   547  	}
   548  	if pseudoBase == "" {
   549  		var tag string
   550  		if r.pseudoMajor != "" || canUseIncompatible("") {
   551  			tag, _ = r.code.RecentTag(info.Name, tagPrefix, allowedMajor(r.pseudoMajor))
   552  		} else {
   553  			// Allow either v1 or v0, but not incompatible higher versions.
   554  			tag, _ = r.code.RecentTag(info.Name, tagPrefix, allowedMajor("v1"))
   555  			if tag == "" {
   556  				tag, _ = r.code.RecentTag(info.Name, tagPrefix, allowedMajor("v0"))
   557  			}
   558  		}
   559  		pseudoBase, _ = tagToVersion(tag)
   560  	}
   561  
   562  	return checkCanonical(module.PseudoVersion(r.pseudoMajor, pseudoBase, info.Time, info.Short))
   563  }
   564  
   565  // validatePseudoVersion checks that version has a major version compatible with
   566  // r.modPath and encodes a base version and commit metadata that agrees with
   567  // info.
   568  //
   569  // Note that verifying a nontrivial base version in particular may be somewhat
   570  // expensive: in order to do so, r.code.DescendsFrom will need to fetch at least
   571  // enough of the commit history to find a path between version and its base.
   572  // Fortunately, many pseudo-versions — such as those for untagged repositories —
   573  // have trivial bases!
   574  func (r *codeRepo) validatePseudoVersion(info *codehost.RevInfo, version string) (err error) {
   575  	defer func() {
   576  		if err != nil {
   577  			if _, ok := err.(*module.ModuleError); !ok {
   578  				if _, ok := err.(*module.InvalidVersionError); !ok {
   579  					err = &module.InvalidVersionError{Version: version, Pseudo: true, Err: err}
   580  				}
   581  				err = &module.ModuleError{Path: r.modPath, Err: err}
   582  			}
   583  		}
   584  	}()
   585  
   586  	rev, err := module.PseudoVersionRev(version)
   587  	if err != nil {
   588  		return err
   589  	}
   590  	if rev != info.Short {
   591  		switch {
   592  		case strings.HasPrefix(rev, info.Short):
   593  			return fmt.Errorf("revision is longer than canonical (expected %s)", info.Short)
   594  		case strings.HasPrefix(info.Short, rev):
   595  			return fmt.Errorf("revision is shorter than canonical (expected %s)", info.Short)
   596  		default:
   597  			return fmt.Errorf("does not match short name of revision (expected %s)", info.Short)
   598  		}
   599  	}
   600  
   601  	t, err := module.PseudoVersionTime(version)
   602  	if err != nil {
   603  		return err
   604  	}
   605  	if !t.Equal(info.Time.Truncate(time.Second)) {
   606  		return fmt.Errorf("does not match version-control timestamp (expected %s)", info.Time.UTC().Format(module.PseudoVersionTimestampFormat))
   607  	}
   608  
   609  	tagPrefix := ""
   610  	if r.codeDir != "" {
   611  		tagPrefix = r.codeDir + "/"
   612  	}
   613  
   614  	// A pseudo-version should have a precedence just above its parent revisions,
   615  	// and no higher. Otherwise, it would be possible for library authors to "pin"
   616  	// dependency versions (and bypass the usual minimum version selection) by
   617  	// naming an extremely high pseudo-version rather than an accurate one.
   618  	//
   619  	// Moreover, if we allow a pseudo-version to use any arbitrary pre-release
   620  	// tag, we end up with infinitely many possible names for each commit. Each
   621  	// name consumes resources in the module cache and proxies, so we want to
   622  	// restrict them to a finite set under control of the module author.
   623  	//
   624  	// We address both of these issues by requiring the tag upon which the
   625  	// pseudo-version is based to refer to some ancestor of the revision. We
   626  	// prefer the highest such tag when constructing a new pseudo-version, but do
   627  	// not enforce that property when resolving existing pseudo-versions: we don't
   628  	// know when the parent tags were added, and the highest-tagged parent may not
   629  	// have existed when the pseudo-version was first resolved.
   630  	base, err := module.PseudoVersionBase(strings.TrimSuffix(version, "+incompatible"))
   631  	if err != nil {
   632  		return err
   633  	}
   634  	if base == "" {
   635  		if r.pseudoMajor == "" && semver.Major(version) == "v1" {
   636  			return fmt.Errorf("major version without preceding tag must be v0, not v1")
   637  		}
   638  		return nil
   639  	} else {
   640  		for _, tag := range info.Tags {
   641  			versionOnly := strings.TrimPrefix(tag, tagPrefix)
   642  			if versionOnly == base {
   643  				// The base version is canonical, so if the version from the tag is
   644  				// literally equal (not just equivalent), then the tag is canonical too.
   645  				//
   646  				// We allow pseudo-versions to be derived from non-canonical tags on the
   647  				// same commit, so that tags like "v1.1.0+some-metadata" resolve as
   648  				// close as possible to the canonical version ("v1.1.0") while still
   649  				// enforcing a total ordering ("v1.1.1-0.[…]" with a unique suffix).
   650  				//
   651  				// However, canonical tags already have a total ordering, so there is no
   652  				// reason not to use the canonical tag directly, and we know that the
   653  				// canonical tag must already exist because the pseudo-version is
   654  				// derived from it. In that case, referring to the revision by a
   655  				// pseudo-version derived from its own canonical tag is just confusing.
   656  				return fmt.Errorf("tag (%s) found on revision %s is already canonical, so should not be replaced with a pseudo-version derived from that tag", tag, rev)
   657  			}
   658  		}
   659  	}
   660  
   661  	tags, err := r.code.Tags(tagPrefix + base)
   662  	if err != nil {
   663  		return err
   664  	}
   665  
   666  	var lastTag string // Prefer to log some real tag rather than a canonically-equivalent base.
   667  	ancestorFound := false
   668  	for _, tag := range tags {
   669  		versionOnly := strings.TrimPrefix(tag, tagPrefix)
   670  		if semver.Compare(versionOnly, base) == 0 {
   671  			lastTag = tag
   672  			ancestorFound, err = r.code.DescendsFrom(info.Name, tag)
   673  			if ancestorFound {
   674  				break
   675  			}
   676  		}
   677  	}
   678  
   679  	if lastTag == "" {
   680  		return fmt.Errorf("preceding tag (%s) not found", base)
   681  	}
   682  
   683  	if !ancestorFound {
   684  		if err != nil {
   685  			return err
   686  		}
   687  		rev, err := module.PseudoVersionRev(version)
   688  		if err != nil {
   689  			return fmt.Errorf("not a descendent of preceding tag (%s)", lastTag)
   690  		}
   691  		return fmt.Errorf("revision %s is not a descendent of preceding tag (%s)", rev, lastTag)
   692  	}
   693  	return nil
   694  }
   695  
   696  func (r *codeRepo) revToRev(rev string) string {
   697  	if semver.IsValid(rev) {
   698  		if module.IsPseudoVersion(rev) {
   699  			r, _ := module.PseudoVersionRev(rev)
   700  			return r
   701  		}
   702  		if semver.Build(rev) == "+incompatible" {
   703  			rev = rev[:len(rev)-len("+incompatible")]
   704  		}
   705  		if r.codeDir == "" {
   706  			return rev
   707  		}
   708  		return r.codeDir + "/" + rev
   709  	}
   710  	return rev
   711  }
   712  
   713  func (r *codeRepo) versionToRev(version string) (rev string, err error) {
   714  	if !semver.IsValid(version) {
   715  		return "", &module.ModuleError{
   716  			Path: r.modPath,
   717  			Err: &module.InvalidVersionError{
   718  				Version: version,
   719  				Err:     errors.New("syntax error"),
   720  			},
   721  		}
   722  	}
   723  	return r.revToRev(version), nil
   724  }
   725  
   726  // findDir locates the directory within the repo containing the module.
   727  //
   728  // If r.pathMajor is non-empty, this can be either r.codeDir or — if a go.mod
   729  // file exists — r.codeDir/r.pathMajor[1:].
   730  func (r *codeRepo) findDir(version string) (rev, dir string, gomod []byte, err error) {
   731  	rev, err = r.versionToRev(version)
   732  	if err != nil {
   733  		return "", "", nil, err
   734  	}
   735  
   736  	// Load info about go.mod but delay consideration
   737  	// (except I/O error) until we rule out v2/go.mod.
   738  	file1 := path.Join(r.codeDir, "go.mod")
   739  	gomod1, err1 := r.code.ReadFile(rev, file1, codehost.MaxGoMod)
   740  	if err1 != nil && !os.IsNotExist(err1) {
   741  		return "", "", nil, fmt.Errorf("reading %s/%s at revision %s: %v", r.pathPrefix, file1, rev, err1)
   742  	}
   743  	mpath1 := modfile.ModulePath(gomod1)
   744  	found1 := err1 == nil && (isMajor(mpath1, r.pathMajor) || r.canReplaceMismatchedVersionDueToBug(mpath1))
   745  
   746  	var file2 string
   747  	if r.pathMajor != "" && r.codeRoot != r.modPath && !strings.HasPrefix(r.pathMajor, ".") {
   748  		// Suppose pathMajor is "/v2".
   749  		// Either go.mod should claim v2 and v2/go.mod should not exist,
   750  		// or v2/go.mod should exist and claim v2. Not both.
   751  		// Note that we don't check the full path, just the major suffix,
   752  		// because of replacement modules. This might be a fork of
   753  		// the real module, found at a different path, usable only in
   754  		// a replace directive.
   755  		dir2 := path.Join(r.codeDir, r.pathMajor[1:])
   756  		file2 = path.Join(dir2, "go.mod")
   757  		gomod2, err2 := r.code.ReadFile(rev, file2, codehost.MaxGoMod)
   758  		if err2 != nil && !os.IsNotExist(err2) {
   759  			return "", "", nil, fmt.Errorf("reading %s/%s at revision %s: %v", r.pathPrefix, file2, rev, err2)
   760  		}
   761  		mpath2 := modfile.ModulePath(gomod2)
   762  		found2 := err2 == nil && isMajor(mpath2, r.pathMajor)
   763  
   764  		if found1 && found2 {
   765  			return "", "", nil, fmt.Errorf("%s/%s and ...%s/go.mod both have ...%s module paths at revision %s", r.pathPrefix, file1, r.pathMajor, r.pathMajor, rev)
   766  		}
   767  		if found2 {
   768  			return rev, dir2, gomod2, nil
   769  		}
   770  		if err2 == nil {
   771  			if mpath2 == "" {
   772  				return "", "", nil, fmt.Errorf("%s/%s is missing module path at revision %s", r.pathPrefix, file2, rev)
   773  			}
   774  			return "", "", nil, fmt.Errorf("%s/%s has non-...%s module path %q at revision %s", r.pathPrefix, file2, r.pathMajor, mpath2, rev)
   775  		}
   776  	}
   777  
   778  	// Not v2/go.mod, so it's either go.mod or nothing. Which is it?
   779  	if found1 {
   780  		// Explicit go.mod with matching major version ok.
   781  		return rev, r.codeDir, gomod1, nil
   782  	}
   783  	if err1 == nil {
   784  		// Explicit go.mod with non-matching major version disallowed.
   785  		suffix := ""
   786  		if file2 != "" {
   787  			suffix = fmt.Sprintf(" (and ...%s/go.mod does not exist)", r.pathMajor)
   788  		}
   789  		if mpath1 == "" {
   790  			return "", "", nil, fmt.Errorf("%s is missing module path%s at revision %s", file1, suffix, rev)
   791  		}
   792  		if r.pathMajor != "" { // ".v1", ".v2" for gopkg.in
   793  			return "", "", nil, fmt.Errorf("%s has non-...%s module path %q%s at revision %s", file1, r.pathMajor, mpath1, suffix, rev)
   794  		}
   795  		if _, _, ok := module.SplitPathVersion(mpath1); !ok {
   796  			return "", "", nil, fmt.Errorf("%s has malformed module path %q%s at revision %s", file1, mpath1, suffix, rev)
   797  		}
   798  		return "", "", nil, fmt.Errorf("%s has post-%s module path %q%s at revision %s", file1, semver.Major(version), mpath1, suffix, rev)
   799  	}
   800  
   801  	if r.codeDir == "" && (r.pathMajor == "" || strings.HasPrefix(r.pathMajor, ".")) {
   802  		// Implicit go.mod at root of repo OK for v0/v1 and for gopkg.in.
   803  		return rev, "", nil, nil
   804  	}
   805  
   806  	// Implicit go.mod below root of repo or at v2+ disallowed.
   807  	// Be clear about possibility of using either location for v2+.
   808  	if file2 != "" {
   809  		return "", "", nil, fmt.Errorf("missing %s/go.mod and ...%s/go.mod at revision %s", r.pathPrefix, r.pathMajor, rev)
   810  	}
   811  	return "", "", nil, fmt.Errorf("missing %s/go.mod at revision %s", r.pathPrefix, rev)
   812  }
   813  
   814  // isMajor reports whether the versions allowed for mpath are compatible with
   815  // the major version(s) implied by pathMajor, or false if mpath has an invalid
   816  // version suffix.
   817  func isMajor(mpath, pathMajor string) bool {
   818  	if mpath == "" {
   819  		// If we don't have a path, we don't know what version(s) it is compatible with.
   820  		return false
   821  	}
   822  	_, mpathMajor, ok := module.SplitPathVersion(mpath)
   823  	if !ok {
   824  		// An invalid module path is not compatible with any version.
   825  		return false
   826  	}
   827  	if pathMajor == "" {
   828  		// All of the valid versions for a gopkg.in module that requires major
   829  		// version v0 or v1 are compatible with the "v0 or v1" implied by an empty
   830  		// pathMajor.
   831  		switch module.PathMajorPrefix(mpathMajor) {
   832  		case "", "v0", "v1":
   833  			return true
   834  		default:
   835  			return false
   836  		}
   837  	}
   838  	if mpathMajor == "" {
   839  		// Even if pathMajor is ".v0" or ".v1", we can't be sure that a module
   840  		// without a suffix is tagged appropriately. Besides, we don't expect clones
   841  		// of non-gopkg.in modules to have gopkg.in paths, so a non-empty,
   842  		// non-gopkg.in mpath is probably the wrong module for any such pathMajor
   843  		// anyway.
   844  		return false
   845  	}
   846  	// If both pathMajor and mpathMajor are non-empty, then we only care that they
   847  	// have the same major-version validation rules. A clone fetched via a /v2
   848  	// path might replace a module with path gopkg.in/foo.v2-unstable, and that's
   849  	// ok.
   850  	return pathMajor[1:] == mpathMajor[1:]
   851  }
   852  
   853  // canReplaceMismatchedVersionDueToBug reports whether versions of r
   854  // could replace versions of mpath with otherwise-mismatched major versions
   855  // due to a historical bug in the Go command (golang.org/issue/34254).
   856  func (r *codeRepo) canReplaceMismatchedVersionDueToBug(mpath string) bool {
   857  	// The bug caused us to erroneously accept unversioned paths as replacements
   858  	// for versioned gopkg.in paths.
   859  	unversioned := r.pathMajor == ""
   860  	replacingGopkgIn := strings.HasPrefix(mpath, "gopkg.in/")
   861  	return unversioned && replacingGopkgIn
   862  }
   863  
   864  func (r *codeRepo) GoMod(version string) (data []byte, err error) {
   865  	if version != module.CanonicalVersion(version) {
   866  		return nil, fmt.Errorf("version %s is not canonical", version)
   867  	}
   868  
   869  	if module.IsPseudoVersion(version) {
   870  		// findDir ignores the metadata encoded in a pseudo-version,
   871  		// only using the revision at the end.
   872  		// Invoke Stat to verify the metadata explicitly so we don't return
   873  		// a bogus file for an invalid version.
   874  		_, err := r.Stat(version)
   875  		if err != nil {
   876  			return nil, err
   877  		}
   878  	}
   879  
   880  	rev, dir, gomod, err := r.findDir(version)
   881  	if err != nil {
   882  		return nil, err
   883  	}
   884  	if gomod != nil {
   885  		return gomod, nil
   886  	}
   887  	data, err = r.code.ReadFile(rev, path.Join(dir, "go.mod"), codehost.MaxGoMod)
   888  	if err != nil {
   889  		if os.IsNotExist(err) {
   890  			return LegacyGoMod(r.modPath), nil
   891  		}
   892  		return nil, err
   893  	}
   894  	return data, nil
   895  }
   896  
   897  // LegacyGoMod generates a fake go.mod file for a module that doesn't have one.
   898  // The go.mod file contains a module directive and nothing else: no go version,
   899  // no requirements.
   900  //
   901  // We used to try to build a go.mod reflecting pre-existing
   902  // package management metadata files, but the conversion
   903  // was inherently imperfect (because those files don't have
   904  // exactly the same semantics as go.mod) and, when done
   905  // for dependencies in the middle of a build, impossible to
   906  // correct. So we stopped.
   907  func LegacyGoMod(modPath string) []byte {
   908  	return []byte(fmt.Sprintf("module %s\n", modfile.AutoQuote(modPath)))
   909  }
   910  
   911  func (r *codeRepo) modPrefix(rev string) string {
   912  	return r.modPath + "@" + rev
   913  }
   914  
   915  func (r *codeRepo) retractedVersions() (func(string) bool, error) {
   916  	versions, err := r.Versions("")
   917  	if err != nil {
   918  		return nil, err
   919  	}
   920  
   921  	for i, v := range versions {
   922  		if strings.HasSuffix(v, "+incompatible") {
   923  			versions = versions[:i]
   924  			break
   925  		}
   926  	}
   927  	if len(versions) == 0 {
   928  		return func(string) bool { return false }, nil
   929  	}
   930  
   931  	var highest string
   932  	for i := len(versions) - 1; i >= 0; i-- {
   933  		v := versions[i]
   934  		if semver.Prerelease(v) == "" {
   935  			highest = v
   936  			break
   937  		}
   938  	}
   939  	if highest == "" {
   940  		highest = versions[len(versions)-1]
   941  	}
   942  
   943  	data, err := r.GoMod(highest)
   944  	if err != nil {
   945  		return nil, err
   946  	}
   947  	f, err := modfile.ParseLax("go.mod", data, nil)
   948  	if err != nil {
   949  		return nil, err
   950  	}
   951  	retractions := make([]modfile.VersionInterval, len(f.Retract))
   952  	for _, r := range f.Retract {
   953  		retractions = append(retractions, r.VersionInterval)
   954  	}
   955  
   956  	return func(v string) bool {
   957  		for _, r := range retractions {
   958  			if semver.Compare(r.Low, v) <= 0 && semver.Compare(v, r.High) <= 0 {
   959  				return true
   960  			}
   961  		}
   962  		return false
   963  	}, nil
   964  }
   965  
   966  func (r *codeRepo) Zip(dst io.Writer, version string) error {
   967  	if version != module.CanonicalVersion(version) {
   968  		return fmt.Errorf("version %s is not canonical", version)
   969  	}
   970  
   971  	if module.IsPseudoVersion(version) {
   972  		// findDir ignores the metadata encoded in a pseudo-version,
   973  		// only using the revision at the end.
   974  		// Invoke Stat to verify the metadata explicitly so we don't return
   975  		// a bogus file for an invalid version.
   976  		_, err := r.Stat(version)
   977  		if err != nil {
   978  			return err
   979  		}
   980  	}
   981  
   982  	rev, subdir, _, err := r.findDir(version)
   983  	if err != nil {
   984  		return err
   985  	}
   986  	dl, err := r.code.ReadZip(rev, subdir, codehost.MaxZipFile)
   987  	if err != nil {
   988  		return err
   989  	}
   990  	defer dl.Close()
   991  	subdir = strings.Trim(subdir, "/")
   992  
   993  	// Spool to local file.
   994  	f, err := os.CreateTemp("", "go-codehost-")
   995  	if err != nil {
   996  		dl.Close()
   997  		return err
   998  	}
   999  	defer os.Remove(f.Name())
  1000  	defer f.Close()
  1001  	maxSize := int64(codehost.MaxZipFile)
  1002  	lr := &io.LimitedReader{R: dl, N: maxSize + 1}
  1003  	if _, err := io.Copy(f, lr); err != nil {
  1004  		dl.Close()
  1005  		return err
  1006  	}
  1007  	dl.Close()
  1008  	if lr.N <= 0 {
  1009  		return fmt.Errorf("downloaded zip file too large")
  1010  	}
  1011  	size := (maxSize + 1) - lr.N
  1012  	if _, err := f.Seek(0, 0); err != nil {
  1013  		return err
  1014  	}
  1015  
  1016  	// Translate from zip file we have to zip file we want.
  1017  	zr, err := zip.NewReader(f, size)
  1018  	if err != nil {
  1019  		return err
  1020  	}
  1021  
  1022  	var files []modzip.File
  1023  	if subdir != "" {
  1024  		subdir += "/"
  1025  	}
  1026  	haveLICENSE := false
  1027  	topPrefix := ""
  1028  	for _, zf := range zr.File {
  1029  		if topPrefix == "" {
  1030  			i := strings.Index(zf.Name, "/")
  1031  			if i < 0 {
  1032  				return fmt.Errorf("missing top-level directory prefix")
  1033  			}
  1034  			topPrefix = zf.Name[:i+1]
  1035  		}
  1036  		if !strings.HasPrefix(zf.Name, topPrefix) {
  1037  			return fmt.Errorf("zip file contains more than one top-level directory")
  1038  		}
  1039  		name := strings.TrimPrefix(zf.Name, topPrefix)
  1040  		if !strings.HasPrefix(name, subdir) {
  1041  			continue
  1042  		}
  1043  		name = strings.TrimPrefix(name, subdir)
  1044  		if name == "" || strings.HasSuffix(name, "/") {
  1045  			continue
  1046  		}
  1047  		files = append(files, zipFile{name: name, f: zf})
  1048  		if name == "LICENSE" {
  1049  			haveLICENSE = true
  1050  		}
  1051  	}
  1052  
  1053  	if !haveLICENSE && subdir != "" {
  1054  		data, err := r.code.ReadFile(rev, "LICENSE", codehost.MaxLICENSE)
  1055  		if err == nil {
  1056  			files = append(files, dataFile{name: "LICENSE", data: data})
  1057  		}
  1058  	}
  1059  
  1060  	return modzip.Create(dst, module.Version{Path: r.modPath, Version: version}, files)
  1061  }
  1062  
  1063  type zipFile struct {
  1064  	name string
  1065  	f    *zip.File
  1066  }
  1067  
  1068  func (f zipFile) Path() string                 { return f.name }
  1069  func (f zipFile) Lstat() (fs.FileInfo, error)  { return f.f.FileInfo(), nil }
  1070  func (f zipFile) Open() (io.ReadCloser, error) { return f.f.Open() }
  1071  
  1072  type dataFile struct {
  1073  	name string
  1074  	data []byte
  1075  }
  1076  
  1077  func (f dataFile) Path() string                { return f.name }
  1078  func (f dataFile) Lstat() (fs.FileInfo, error) { return dataFileInfo{f}, nil }
  1079  func (f dataFile) Open() (io.ReadCloser, error) {
  1080  	return io.NopCloser(bytes.NewReader(f.data)), nil
  1081  }
  1082  
  1083  type dataFileInfo struct {
  1084  	f dataFile
  1085  }
  1086  
  1087  func (fi dataFileInfo) Name() string       { return path.Base(fi.f.name) }
  1088  func (fi dataFileInfo) Size() int64        { return int64(len(fi.f.data)) }
  1089  func (fi dataFileInfo) Mode() fs.FileMode  { return 0644 }
  1090  func (fi dataFileInfo) ModTime() time.Time { return time.Time{} }
  1091  func (fi dataFileInfo) IsDir() bool        { return false }
  1092  func (fi dataFileInfo) Sys() any           { return nil }
  1093  
  1094  // hasPathPrefix reports whether the path s begins with the
  1095  // elements in prefix.
  1096  func hasPathPrefix(s, prefix string) bool {
  1097  	switch {
  1098  	default:
  1099  		return false
  1100  	case len(s) == len(prefix):
  1101  		return s == prefix
  1102  	case len(s) > len(prefix):
  1103  		if prefix != "" && prefix[len(prefix)-1] == '/' {
  1104  			return strings.HasPrefix(s, prefix)
  1105  		}
  1106  		return s[len(prefix)] == '/' && s[:len(prefix)] == prefix
  1107  	}
  1108  }
  1109
View as plain text