Fix race condition when concurrently downloading packages (#584)

This fixes a possible race condition where multiple processes download
the same package into the same temp dir.
This commit is contained in:
Daniel Chao
2024-07-18 09:11:25 -07:00
committed by GitHub
parent 24cc95abcc
commit 176ede0002
2 changed files with 16 additions and 10 deletions
@@ -455,10 +455,9 @@ final class PackageResolvers {
private byte[] downloadUriToPathAndComputeChecksum(URI downloadUri, Path path)
throws IOException, SecurityManagerException {
Files.createDirectories(path.getParent());
var inputStream = openExternalUri(downloadUri);
try (var digestInputStream = newDigestInputStream(inputStream)) {
Files.copy(digestInputStream, path);
Files.copy(digestInputStream, path, StandardCopyOption.REPLACE_EXISTING);
return digestInputStream.getMessageDigest().digest();
}
}
@@ -472,7 +471,7 @@ final class PackageResolvers {
}
try (var in = inputStream) {
Files.createDirectories(path.getParent());
Files.copy(in, path);
Files.copy(in, path, StandardCopyOption.REPLACE_EXISTING);
if (checksums != null) {
var digestInputStream = (DigestInputStream) inputStream;
var checksumBytes = digestInputStream.getMessageDigest().digest();
@@ -490,7 +489,10 @@ final class PackageResolvers {
if (Files.exists(cachePath)) {
return cachePath;
}
var tmpPath = tmpDir.resolve(metadataRelativePath);
Files.createDirectories(tmpDir);
var tmpPath =
Files.createTempFile(
tmpDir, IoUtils.encodePath(packageUri.toString().replaceAll("/", "-")), ".json");
try {
downloadMetadata(packageUri, requestUri, tmpPath, checksums);
Files.createDirectories(cachePath.getParent());
@@ -539,7 +541,10 @@ final class PackageResolvers {
if (Files.exists(cachePath)) {
return cachePath;
}
var tmpPath = tmpDir.resolve(relativePath);
Files.createDirectories(tmpDir);
var tmpPath =
Files.createTempFile(
tmpDir, IoUtils.encodePath(packageUri.toString().replaceAll("/", "-")), ".zip");
try {
var checksumBytes =
downloadUriToPathAndComputeChecksum(dependencyMetadata.getPackageZipUrl(), tmpPath);