mamba-org · AntoinePrv · Dec 7, 2023 · Dec 7, 2023 · Dec 8, 2023 · Dec 8, 2023
diff --git a/libmamba/CMakeLists.txt b/libmamba/CMakeLists.txt
@@ -193,6 +193,7 @@ set(
     ${LIBMAMBA_SOURCE_DIR}/core/activation.cpp
     ${LIBMAMBA_SOURCE_DIR}/core/channel_context.cpp
     ${LIBMAMBA_SOURCE_DIR}/core/context.cpp
+    ${LIBMAMBA_SOURCE_DIR}/core/repo_checker_store.cpp
     ${LIBMAMBA_SOURCE_DIR}/core/download.cpp
     ${LIBMAMBA_SOURCE_DIR}/core/download_progress_bar.cpp
     ${LIBMAMBA_SOURCE_DIR}/core/environments_manager.cpp
@@ -301,6 +302,7 @@ set(
     ${LIBMAMBA_INCLUDE_DIR}/mamba/core/channel_context.hpp
     ${LIBMAMBA_INCLUDE_DIR}/mamba/core/palette.hpp
     ${LIBMAMBA_INCLUDE_DIR}/mamba/core/context.hpp
+    ${LIBMAMBA_INCLUDE_DIR}/mamba/core/repo_checker_store.hpp
     ${LIBMAMBA_INCLUDE_DIR}/mamba/core/download.hpp
     ${LIBMAMBA_INCLUDE_DIR}/mamba/core/download_progress_bar.hpp
     ${LIBMAMBA_INCLUDE_DIR}/mamba/core/environments_manager.hpp

diff --git a/libmamba/include/mamba/core/context.hpp b/libmamba/include/mamba/core/context.hpp
@@ -35,7 +35,8 @@ namespace mamba
     {
         VerificationLevel safety_checks = VerificationLevel::Warn;
         bool extra_safety_checks = false;
-        bool verify_artifacts = false;
+        VerificationLevel verify_artifacts = VerificationLevel::Disabled;
+        std::vector<std::string> trusted_channels = {};
     };
 
 
@@ -83,7 +84,7 @@ namespace mamba
             int max_retries{ 3 };    // max number of retries
 
             std::map<std::string, std::string> proxy_servers;
-        };
+        } remote_fetch_params;
 
         struct OutputParams
         {
@@ -95,41 +96,43 @@ namespace mamba
 
             std::string log_pattern{ "%^%-9!l%-8n%$ %v" };
             std::size_t log_backtrace{ 0 };
-        };
+        } output_params;
 
         struct GraphicsParams
         {
             bool no_progress_bars{ false };
             Palette palette;
-        };
+        } graphics_params;
 
         struct SrcParams
         {
             bool no_rc{ false };
             bool no_env{ false };
-        };
+        } src_params;
 
         struct CommandParams
         {
             std::string caller_version{ "" };
             std::string conda_version{ "3.8.0" };
             std::string current_command{ "mamba" };
             bool is_micromamba{ false };
-        };
+        } command_params;
 
         struct ThreadsParams
         {
             std::size_t download_threads{ 5 };
             int extract_threads{ 0 };
-        };
+        } threads_params;
 
         struct PrefixParams
         {
             fs::u8path target_prefix;
             fs::u8path root_prefix;
             fs::u8path conda_prefix;
             fs::u8path relocate_prefix;
-        };
+        } prefix_params;
+
+        ValidationOptions validation_params;
 
         // Configurable
         bool experimental = false;
@@ -168,8 +171,6 @@ namespace mamba
         // add start menu shortcuts on Windows (not implemented on Linux / macOS)
         bool shortcuts = true;
 
-        ValidationOptions validation_params;
-
         // debug helpers
         bool keep_temp_files = false;
         bool keep_temp_directories = false;
@@ -180,14 +181,6 @@ namespace mamba
         // micromamba only
         bool shell_completion = true;
 
-        RemoteFetchParams remote_fetch_params;
-        OutputParams output_params;
-        GraphicsParams graphics_params;
-        SrcParams src_params;
-        CommandParams command_params;
-        ThreadsParams threads_params;
-        PrefixParams prefix_params;
-
         std::size_t lock_timeout = 0;
         bool use_lockfiles = true;
 

diff --git a/libmamba/include/mamba/core/repo_checker_store.hpp b/libmamba/include/mamba/core/repo_checker_store.hpp
@@ -0,0 +1,49 @@
+// Copyright (c) 2023, QuantStack and Mamba Contributors
+//
+// Distributed under the terms of the BSD 3-Clause License.
+//
+// The full license is in the file LICENSE, distributed with this software.
+
+#ifndef MAMBA_CORE_REPO_CHECKER_STORE_HPP
+#define MAMBA_CORE_REPO_CHECKER_STORE_HPP
+
+#include <utility>
+#include <vector>
+
+#include "mamba/specs/channel.hpp"
+#include "mamba/validation/repo_checker.hpp"
+
+namespace mamba
+{
+    class Context;
+    class ChannelContext;
+    class MultiPackageCache;
+
+    class RepoCheckerStore
+    {
+    public:
+
+        using Channel = specs::Channel;
+        using RepoChecker = validation::RepoChecker;
+        using repo_checker_list = std::vector<std::pair<Channel, RepoChecker>>;
+
+        [[nodiscard]] static auto make(  //
+            const Context& ctx,
+            ChannelContext& cc,
+            MultiPackageCache& caches
+        ) -> RepoCheckerStore;
+
+        explicit RepoCheckerStore(repo_checker_list checkers);
+
+        [[nodiscard]] auto find_checker(const Channel& chan) const -> const RepoChecker*;
+
+        [[nodiscard]] auto contains_checker(const Channel& chan) const -> bool;
+
+        [[nodiscard]] auto at_checker(const Channel& chan) const -> const RepoChecker&;
+
+    private:
+
+        repo_checker_list m_repo_checkers = {};
+    };
+}
+#endif
diff --git a/libmamba/include/mamba/fs/filesystem.hpp b/libmamba/include/mamba/fs/filesystem.hpp
@@ -94,8 +94,8 @@ namespace mamba::fs
         u8path& operator=(const u8path& other) = default;
 
         // Move is allowed.
-        u8path(u8path&& other) = default;
-        u8path& operator=(u8path&& other) = default;
+        u8path(u8path&& other) noexcept = default;
+        u8path& operator=(u8path&& other) noexcept = default;
 
         //---- Construction ----
 

diff --git a/libmamba/include/mamba/validation/repo_checker.hpp b/libmamba/include/mamba/validation/repo_checker.hpp
@@ -7,6 +7,7 @@
 #ifndef MAMBA_VALIDATION_REPO_CHECKER_HPP
 #define MAMBA_VALIDATION_REPO_CHECKER_HPP
 
+#include <functional>
 #include <memory>
 #include <string>
 
@@ -41,9 +42,18 @@ namespace mamba::validation
          * @param ref_path Path to the reference directory, hosting trusted root metadata
          * @param cache_path Path to the cache directory
          */
-        RepoChecker(Context& context, std::string base_url, fs::u8path ref_path, fs::u8path cache_path = "");
+        RepoChecker(
+            const Context& context,
+            std::string base_url,
+            fs::u8path ref_path,
+            fs::u8path cache_path = ""
+        );
+
         ~RepoChecker();
 
+        RepoChecker(RepoChecker&&) noexcept;
+        auto operator=(RepoChecker&&) noexcept -> RepoChecker&;
+
         // Forwarding to a ``RepoIndexChecker`` implementation
         void verify_index(const nlohmann::json& j) const;
         void verify_index(const fs::u8path& p) const;
@@ -62,16 +72,15 @@ namespace mamba::validation
         std::size_t m_root_version = 0;
         fs::u8path m_ref_path;
         fs::u8path m_cache_path;
-        Context& m_context;
+        std::unique_ptr<RepoIndexChecker> p_index_checker;
+        std::reference_wrapper<const Context> m_context;
 
         auto initial_trusted_root() -> fs::u8path;
         auto ref_root() -> fs::u8path;
         auto cached_root() -> fs::u8path;
 
         void persist_file(const fs::u8path& file_path);
 
-        std::unique_ptr<RepoIndexChecker> p_index_checker;
-
         auto get_root_role(const TimeRef& time_reference) -> std::unique_ptr<RootRole>;
     };
 }

diff --git a/libmamba/include/mamba/validation/update_framework.hpp b/libmamba/include/mamba/validation/update_framework.hpp
@@ -175,7 +175,7 @@ namespace mamba::validation
         auto possible_update_files() -> std::vector<fs::u8path>;
 
         virtual auto build_index_checker(
-            Context& context,
+            const Context& context,
             const TimeRef& time_reference,
             const std::string& url,
             const fs::u8path& cache_path

diff --git a/libmamba/include/mamba/validation/update_framework_v0_6.hpp b/libmamba/include/mamba/validation/update_framework_v0_6.hpp
@@ -74,7 +74,7 @@ namespace mamba::validation::v0_6
          * Return a ``RepoIndexChecker`` implementation (derived class) from repository base URL.
          */
         auto build_index_checker(
-            Context& context,
+            const Context& context,
             const TimeRef& time_reference,
             const std::string& url,
             const fs::u8path& cache_path
@@ -131,7 +131,7 @@ namespace mamba::validation::v0_6
          * Return a ``RepoIndexChecker`` implementation (derived class) from repository base URL.
          */
         auto build_index_checker(
-            Context& context,
+            const Context& context,
             const TimeRef& time_reference,
             const std::string& url,
             const fs::u8path& cache_path

diff --git a/libmamba/include/mamba/validation/update_framework_v1.hpp b/libmamba/include/mamba/validation/update_framework_v1.hpp
@@ -54,7 +54,7 @@ namespace mamba::validation::v1
         [[nodiscard]] auto self_keys() const -> RoleFullKeys override;
 
         auto build_index_checker(
-            Context& context,
+            const Context& context,
             const TimeRef& time_reference,
             const std::string& url,
             const fs::u8path& cache_path

diff --git a/libmamba/src/core/repo_checker_store.cpp b/libmamba/src/core/repo_checker_store.cpp
@@ -0,0 +1,86 @@
+// Copyright (c) 2023, QuantStack and Mamba Contributors
+//
+// Distributed under the terms of the BSD 3-Clause License.
+//
+// The full license is in the file LICENSE, distributed with this software.
+
+#include "mamba/core/channel_context.hpp"
+#include "mamba/core/context.hpp"
+#include "mamba/core/package_cache.hpp"
+#include "mamba/core/repo_checker_store.hpp"
+#include "mamba/core/subdirdata.hpp"
+
+namespace mamba
+{
+
+    auto RepoCheckerStore::make(  //
+        const Context& ctx,
+        ChannelContext& cc,
+        MultiPackageCache& caches
+    ) -> RepoCheckerStore
+    {
+        if (ctx.validation_params.verify_artifacts ==
+
+            VerificationLevel::Disabled)
+        {
+            return RepoCheckerStore({});
+        }
+
+        auto repo_checkers = repo_checker_list();
+        repo_checkers.reserve(ctx.validation_params.trusted_channels.size());
+        for (const auto& location : ctx.validation_params.trusted_channels)
+        {
+            for (auto& chan : cc.make_channel(location))
+            {
+                // Parametrization
+                auto url = chan.url().str(specs::CondaURL::Credentials::Show);
+                auto url_id = cache_name_from_url(url);
+                auto ref_path = ctx.prefix_params.root_prefix / "etc" / "trusted-repos" / url_id;
+                auto checker = RepoChecker(
+                    ctx,
+                    std::move(url),
+                    std::move(ref_path),
+                    caches.first_writable_path() / "cache" / url_id
+                );
+
+                // Initialization
+                fs::create_directories(checker.cache_path());
+                checker.generate_index_checker();
+
+                repo_checkers.emplace_back(std::move(chan), std::move(checker));
+            }
+        }
+        return RepoCheckerStore(std::move(repo_checkers));
+    }
+
+    RepoCheckerStore::RepoCheckerStore(repo_checker_list checkers)
+        : m_repo_checkers(std::move(checkers))
+    {
+    }
+
+    auto RepoCheckerStore::find_checker(const Channel& chan) const -> const RepoChecker*
+    {
+        for (auto& [candidate_chan, checker] : m_repo_checkers)
+        {
+            if (candidate_chan.contains_equivalent(chan))
+            {
+                return &checker;
+            }
+        }
+        return nullptr;
+    }
+
+    auto RepoCheckerStore::contains_checker(const Channel& chan) const -> bool
+    {
+        return find_checker(chan) != nullptr;
+    }
+
+    auto RepoCheckerStore::at_checker(const Channel& chan) const -> const RepoChecker&
+    {
+        if (auto ptr = find_checker(chan))
+        {
+            return *ptr;
+        }
+        throw std::range_error("Checker not found");
+    }
+}
diff --git a/libmamba/src/core/transaction.cpp b/libmamba/src/core/transaction.cpp
@@ -848,10 +848,10 @@ namespace mamba
             auto& channel_context = pool.channel_context();
             auto& ctx = pool.context();
 
-            if (ctx.experimental && ctx.validation_params.verify_artifacts)
-            {
-                LOG_INFO << "Content trust is enabled, package(s) signatures will be verified";
-            }
+            // if (ctx.experimental && ctx.validation_params.verify_artifacts)
+            // {
+            //     LOG_INFO << "Content trust is enabled, package(s) signatures will be verified";
+            // }
             for_each_to_install(
                 solution.actions,
                 [&](const auto& pkg)
@@ -914,16 +914,16 @@ namespace mamba
                 }
             );
 
-            if (ctx.experimental && ctx.validation_params.verify_artifacts)
-            {
-                auto out = Console::stream();
-                fmt::print(
-                    out,
-                    "Content trust verifications successful, {} ",
-                    fmt::styled("package(s) are trusted", ctx.graphics_params.palette.safe)
-                );
-                LOG_INFO << "All package(s) are trusted";
-            }
+            // if (ctx.experimental && ctx.validation_params.verify_artifacts)
+            // {
+            //     auto out = Console::stream();
+            //     fmt::print(
+            //         out,
+            //         "Content trust verifications successful, {} ",
+            //         fmt::styled("package(s) are trusted", ctx.graphics_params.palette.safe)
+            //     );
+            //     LOG_INFO << "All package(s) are trusted";
+            // }
             return fetchers;
         }