fix: handle missing sources files + sources files with md5 hashes (#415)

Author: Antonio Salinas

internal/providers/sourceproviders/fedorasource/fedorasource.go

@@ -17,7 +17,6 @@ import (
 	"github.com/gim-home/azldev-preview/internal/global/opctx"
 	"github.com/gim-home/azldev-preview/internal/utils/downloader"
 	"github.com/gim-home/azldev-preview/internal/utils/fileutils"
-	"github.com/spf13/afero"
 )
 
 type FedoraSourceDownloader interface {
@@ -43,7 +42,16 @@ var _ FedoraSourceDownloader = (*FedoraSourceDownloaderImpl)(nil)
 //	1: Hash algorithm (e.g., "SHA512")
 //	2: Filename (e.g., "example-1.0.tar.gz")
 //	3: Hash value (e.g., "a1b2c3d4e5f6...")
-var sourcesFilePattern = regexp.MustCompile(`^([A-Z0-9]+)\s+\(([^)]+)\)\s+=\s+([a-f0-9]+)$`)
+var sourcesFilePattern = regexp.MustCompile(`^([A-Z0-9]+)\s+\(([^)]+)\)\s+=\s+([a-fA-F0-9]+)$`)
+
+// sourcesFileLegacyPattern matches lines in the legacy sources file format.
+// This is the older format used by some packages, typically with MD5 hashes.
+// Example line: "7b74551e63f8ee6aab6fbc86676c0d37  zip30.tar.gz"
+// Capture groups:
+//
+//	1: Hash value (e.g., "7b74551e63f8ee6aab6fbc86676c0d37")
+//	2: Filename (e.g., "zip30.tar.gz")
+var sourcesFileLegacyPattern = regexp.MustCompile(`^([a-fA-F0-9]+)\s+(\S+)$`)
 
 // Capture group indexes for sourcesFilePattern.
 const (
@@ -52,6 +60,12 @@ const (
 	sourcesPatternHashValueIndex = 3
 )
 
+// Capture group indexes for sourcesFileLegacyPattern.
+const (
+	sourcesLegacyPatternHashValueIndex = 1
+	sourcesLegacyPatternFilenameIndex  = 2
+)
+
 // sourceFileInfo contains metadata about a source file to be downloaded.
 type sourceFileInfo struct {
 	fileName     string
@@ -114,9 +128,24 @@ func (g *FedoraSourceDownloaderImpl) ExtractSourcesFromRepo(
 
 	sourcesFilePath := filepath.Join(repoDir, "sources")
 
-	sourceFiles, err := g.extractSourcesInfo(sourcesFilePath, packageName, lookasideBaseURI)
+	sourcesExists, err := fileutils.Exists(g.fileSystem, sourcesFilePath)
 	if err != nil {
-		return fmt.Errorf("failed to extract sources info from sources file at %#q:\n%w", sourcesFilePath, err)
+		return fmt.Errorf("failed to check if sources file exists at %#q:\n%w", sourcesFilePath, err)
+	}
+
+	// If the sources file does not exist, there are no external sources to download
+	if !sourcesExists {
+		return nil
+	}
+
+	sourcesContent, err := fileutils.ReadFile(g.fileSystem, sourcesFilePath)
+	if err != nil {
+		return fmt.Errorf("failed to read sources file at %#q:\n%w", sourcesFilePath, err)
+	}
+
+	sourceFiles, err := parseSourcesFile(string(sourcesContent), packageName, lookasideBaseURI)
+	if err != nil {
+		return fmt.Errorf("failed to parse sources file at %#q:\n%w", sourcesFilePath, err)
 	}
 
 	err = g.downloadAndVerifySources(ctx, sourceFiles, repoDir)
@@ -168,36 +197,48 @@ func (g *FedoraSourceDownloaderImpl) validateDownloadedFile(
 	return nil
 }
 
-func (g *FedoraSourceDownloaderImpl) extractSourcesInfo(
-	sourcesFilePath string,
-	packageName string,
-	lookasideBaseURI string,
-) ([]sourceFileInfo, error) {
-	sourcesContent, err := afero.ReadFile(g.fileSystem, sourcesFilePath)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read sources file at %#q:\n%w", sourcesFilePath, err)
-	}
-
+// parseSourcesFile parses the content of a Fedora/RHEL sources file and returns
+// the list of source files to download. It supports both the modern format
+// (e.g., "SHA512 (file.tar.gz) = abc123...") and the legacy MD5 format
+// (e.g., "abc123...  file.tar.gz").
+func parseSourcesFile(content string, packageName string, lookasideBaseURI string) ([]sourceFileInfo, error) {
 	sourceFiles := []sourceFileInfo{}
 
 	// Parse and validate each line in the sources file
-	lines := strings.Split(string(sourcesContent), "\n")
+	lines := strings.Split(content, "\n")
 	for lineNum, line := range lines {
 		line = strings.TrimSpace(line)
 
 		if line == "" || strings.HasPrefix(line, "#") {
 			continue
 		}
 
+		var (
+			hashType string
+			fileName string
+			hash     string
+		)
+
+		// Try modern format first
 		matches := sourcesFilePattern.FindStringSubmatch(line)
-		if matches == nil {
-			return nil, fmt.Errorf("invalid format in sources file at line %d: %#q", lineNum+1, line)
+		if matches != nil {
+			hashType = matches[sourcesPatternHashTypeIndex]
+			fileName = matches[sourcesPatternFilenameIndex]
+			hash = matches[sourcesPatternHashValueIndex]
+		} else {
+			// Try legacy format before failing
+			legacyMatches := sourcesFileLegacyPattern.FindStringSubmatch(line)
+			if legacyMatches == nil {
+				return nil, fmt.Errorf("invalid format in sources file at line %d: %#q", lineNum+1, line)
+			}
+
+			hash = legacyMatches[sourcesLegacyPatternHashValueIndex]
+			fileName = legacyMatches[sourcesLegacyPatternFilenameIndex]
+
+			// Legacy format historically only used MD5
+			hashType = "MD5"
 		}
 
-		hashType := matches[sourcesPatternHashTypeIndex]
-		fileName := matches[sourcesPatternFilenameIndex]
-		hash := matches[sourcesPatternHashValueIndex]
-
 		sourceURI := lookasideBaseURI
 		sourceURI = strings.ReplaceAll(sourceURI, "$pkg", packageName)
 		sourceURI = strings.ReplaceAll(sourceURI, "$filename", fileName)

internal/providers/sourceproviders/fedorasource/fedorasource_test.go

@@ -1,16 +1,17 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package fedorasource_test
+//nolint:testpackage // Allow to test private functions
+package fedorasource
 
 import (
 	"context"
 	"path/filepath"
 	"testing"
 
 	"github.com/gim-home/azldev-preview/internal/global/testctx"
-	"github.com/gim-home/azldev-preview/internal/providers/sourceproviders/fedorasource"
 	"github.com/gim-home/azldev-preview/internal/utils/downloader/downloader_test"
+	"github.com/gim-home/azldev-preview/internal/utils/fileutils"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -22,18 +23,13 @@ const (
 	testPackageName  = "test-package"
 	testRepoDir      = "/test/repo"
 	testEmptyRepoDir = "/test/empty-repo"
-	testInvalidDir   = "/test/invalid-formats"
 	testFilePerms    = 0o644
 	testDirPerms     = 0o755
 
 	// Test source file data.
 	testSourcesContent = `SHA512 (example-1.0.tar.gz) = af5ae0eb4ad9c3f07b7d78ec9dfd03f6a00c257df6b829b21051d4ba2d106bf` +
 		`9d2f7563c0373b45e0ce5b1ad8a3bad9c05a2769547e67f4bc53692950db0ba37
 SHA256 (patch-1.patch) = 67899aaa0f2f55e55e715cb65596449cb29bb0a76a764fe8f1e51bf4d0af648f
-`
-	testInvalidSourcesContent = `SHA512 (example.tar.gz)
-this is not a valid line
-SHA512 example.tar.gz = abc123
 `
 	testSingleSourceContent = `SHA512 (example-1.0.tar.gz) = abc123def456
 `
@@ -55,7 +51,7 @@ func TestNewFedoraRepoExtractorImpl(t *testing.T) {
 	ctx := testctx.NewCtx()
 	mockDownloader := downloader_test.NewMockDownloader(ctrl)
 
-	extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
+	extractor, err := NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
 
 	require.NoError(t, err)
 	require.NotNil(t, extractor)
@@ -67,17 +63,17 @@ func TestNewFedoraRepoExtractorImplValidation(t *testing.T) {
 	mockDownloader := downloader_test.NewMockDownloader(ctrl)
 
 	t.Run("nil dryRunnable should fail", func(t *testing.T) {
-		extractor, err := fedorasource.NewFedoraRepoExtractorImpl(nil, ctx.FS(), mockDownloader)
+		extractor, err := NewFedoraRepoExtractorImpl(nil, ctx.FS(), mockDownloader)
 		require.Error(t, err)
 		require.Nil(t, extractor)
 	})
 	t.Run("nil filesystem should fail", func(t *testing.T) {
-		extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, nil, mockDownloader)
+		extractor, err := NewFedoraRepoExtractorImpl(ctx, nil, mockDownloader)
 		require.Error(t, err)
 		require.Nil(t, extractor)
 	})
 	t.Run("nil downloader should fail", func(t *testing.T) {
-		extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), nil)
+		extractor, err := NewFedoraRepoExtractorImpl(ctx, ctx.FS(), nil)
 		require.Error(t, err)
 		require.Nil(t, extractor)
 	})
@@ -88,7 +84,7 @@ func TestExtractSourcesFromRepo(t *testing.T) {
 	ctx := testctx.NewCtx()
 	mockDownloader := downloader_test.NewMockDownloader(ctrl)
 
-	extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
+	extractor, err := NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
 	require.NoError(t, err)
 
 	require.NoError(t, ctx.FS().MkdirAll(testRepoDir, testDirPerms))
@@ -122,7 +118,7 @@ func TestExtractSourcesFromRepoValidation(t *testing.T) {
 	ctx := testctx.NewCtx()
 	mockDownloader := downloader_test.NewMockDownloader(ctrl)
 
-	extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
+	extractor, err := NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
 	require.NoError(t, err)
 
 	t.Run("empty repo dir", func(t *testing.T) {
@@ -137,43 +133,21 @@ func TestExtractSourcesFromRepoValidation(t *testing.T) {
 		assert.Contains(t, err.Error(), "lookaside base URI cannot be empty")
 	})
 
-	t.Run("lookaside URI missing placeholders", func(t *testing.T) {
-		err := extractor.ExtractSourcesFromRepo(context.Background(), testRepoDir, testPackageName, "missing-placeholders")
-		require.Error(t, err)
-		assert.Contains(t, err.Error(), "lookaside base URI is missing required placeholder")
-	})
-
 	t.Run("missing sources file", func(t *testing.T) {
 		require.NoError(t, ctx.FS().MkdirAll(testEmptyRepoDir, 0o755))
 
+		// Missing sources file is valid - it means no external sources to download
 		err := extractor.ExtractSourcesFromRepo(context.Background(), testEmptyRepoDir, testPackageName, testLookasideURI)
-		require.Error(t, err)
-		assert.Contains(t, err.Error(), "failed to read sources file")
+		require.NoError(t, err)
 	})
 }
 
-func TestExtractSourcesFromRepoInvalidFormats(t *testing.T) {
-	ctrl := gomock.NewController(t)
-	ctx := testctx.NewCtx()
-	mockDownloader := downloader_test.NewMockDownloader(ctrl)
-
-	extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
-	require.NoError(t, err)
-
-	require.NoError(t, ctx.FS().MkdirAll(testInvalidDir, testDirPerms))
-	setupSourcesFile(t, ctx.FS(), testInvalidDir, testInvalidSourcesContent)
-
-	err = extractor.ExtractSourcesFromRepo(context.Background(), testInvalidDir, testPackageName, testLookasideURI)
-	require.Error(t, err)
-	assert.Contains(t, err.Error(), "invalid format in sources file at line")
-}
-
 func TestExtractSourcesFromRepoDownloadFailure(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	ctx := testctx.NewCtx()
 	mockDownloader := downloader_test.NewMockDownloader(ctrl)
 
-	extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
+	extractor, err := NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
 	require.NoError(t, err)
 
 	require.NoError(t, ctx.FS().MkdirAll(testRepoDir, testDirPerms))
@@ -194,7 +168,7 @@ func TestExtractSourcesFromRepoHashMismatch(t *testing.T) {
 	ctx := testctx.NewCtx()
 	mockDownloader := downloader_test.NewMockDownloader(ctrl)
 
-	extractor, err := fedorasource.NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
+	extractor, err := NewFedoraRepoExtractorImpl(ctx, ctx.FS(), mockDownloader)
 	require.NoError(t, err)
 
 	require.NoError(t, ctx.FS().MkdirAll(testRepoDir, testDirPerms))
@@ -219,3 +193,101 @@ func setupSourcesFile(t *testing.T, fs afero.Fs, repoDir string, content string)
 	sourcesPath := filepath.Join(repoDir, testSourcesFile)
 	require.NoError(t, afero.WriteFile(fs, sourcesPath, []byte(content), testFilePerms))
 }
+
+func TestParseSourcesFile(t *testing.T) {
+	t.Run("modern format parses hash type and filename", func(t *testing.T) {
+		content := "SHA512 (file.tar.gz) = abc123\n"
+
+		sources, err := parseSourcesFile(content, "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.NoError(t, err)
+		require.Len(t, sources, 1)
+		assert.Equal(t, "file.tar.gz", sources[0].fileName)
+		assert.Equal(t, fileutils.HashType("SHA512"), sources[0].hashType)
+		assert.Equal(t, "abc123", sources[0].expectedHash)
+		assert.Equal(t, "https://example.com/sha512/abc123/pkg/file.tar.gz", sources[0].uri)
+	})
+
+	t.Run("legacy format defaults to MD5", func(t *testing.T) {
+		content := "abc123def456  legacy.tar.gz\n"
+
+		sources, err := parseSourcesFile(content, "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.NoError(t, err)
+		require.Len(t, sources, 1)
+		assert.Equal(t, "legacy.tar.gz", sources[0].fileName)
+		assert.Equal(t, fileutils.HashType("MD5"), sources[0].hashType)
+		assert.Equal(t, "abc123def456", sources[0].expectedHash)
+	})
+
+	t.Run("mixed case hex values are preserved", func(t *testing.T) {
+		content := "SHA256 (file.tar.gz) = AbCdEf123456\n"
+
+		sources, err := parseSourcesFile(content, "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.NoError(t, err)
+		assert.Equal(t, "AbCdEf123456", sources[0].expectedHash)
+	})
+
+	t.Run("skips empty lines and comments", func(t *testing.T) {
+		content := "\n# this is a comment\nSHA256 (file.tar.gz) = abc123\n\n"
+
+		sources, err := parseSourcesFile(content, "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.NoError(t, err)
+		require.Len(t, sources, 1)
+	})
+
+	t.Run("multiple entries", func(t *testing.T) {
+		content := "SHA512 (first.tar.gz) = aabbcc112233\nSHA256 (second.patch) = ddeeff445566\n"
+
+		sources, err := parseSourcesFile(content, "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.NoError(t, err)
+		require.Len(t, sources, 2)
+		assert.Equal(t, "first.tar.gz", sources[0].fileName)
+		assert.Equal(t, "second.patch", sources[1].fileName)
+	})
+
+	t.Run("invalid format returns error with line number", func(t *testing.T) {
+		content := "SHA512 (valid.tar.gz) = abc123\nnot a valid line\n"
+
+		_, err := parseSourcesFile(content, "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "line 2")
+	})
+
+	t.Run("empty content returns empty slice", func(t *testing.T) {
+		sources, err := parseSourcesFile("", "pkg", "https://example.com/$hashtype/$hash/$pkg/$filename")
+
+		require.NoError(t, err)
+		assert.Empty(t, sources)
+	})
+}
+
+func TestVerifyFedoraLookasideBaseURI(t *testing.T) {
+	t.Run("valid URI with all placeholders", func(t *testing.T) {
+		err := verifyFedoraLookasideBaseURI("https://example.com/$hashtype/$hash/$pkg/$filename")
+		require.NoError(t, err)
+	})
+
+	t.Run("missing placeholder returns error", func(t *testing.T) {
+		tests := []struct {
+			uri     string
+			missing string
+		}{
+			{"https://example.com/$hash/$pkg/$filename", "$hashtype"},
+			{"https://example.com/$hashtype/$hash/$filename", "$pkg"},
+			{"https://example.com/$hashtype/$hash/$pkg/", "$filename"},
+		}
+
+		for _, tc := range tests {
+			t.Run(tc.missing, func(t *testing.T) {
+				err := verifyFedoraLookasideBaseURI(tc.uri)
+				require.Error(t, err, "URI %q should fail for missing %s", tc.uri, tc.missing)
+				assert.Contains(t, err.Error(), tc.missing)
+			})
+		}
+	})
+}