jmg
/
casimport
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

remove things that have been implemented, add new comments..

main
John-Mark Gurney 4 years ago
parent
f5106fe590
commit
bb31baaeca
1 changed files with 6 additions and 15 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -15
      NOTES.md

+ 6
- 15
NOTES.md View File

@@ -2,31 +2,22 @@ Aliases:
from a local file, kinda like requirements.txt, maps name to hash,
either package/module name, or an author/public key name.

This has to be treated specially. If two aliases appear to be the same, but one is fetched a "secure" IPFS hash, it MUST be compared w/ what ever secure hash the two aliases had in common. Otherwise a malicious package could "pretend" that it hash the sha256 that's the same, but provide a bad IPFS hash, and then we'd load the malicous package instead
This has to be treated specially. If two aliases appear to be the same, but one is fetched a "secure" IPFS hash, it MUST be compared w/ what ever secure hash the two aliases had in common. Otherwise a malicious package could "pretend" that it hash the sha256 that's the same, but provide a bad IPFS hash, and then we'd load the malicous package instead.

Example:
from cas.a.jmg.utils import aiter, anext

Make sure that when an alias is used, that the same module is returned when a
direct hash import is used.

Local cache:
if a directory like ~/.cas_cache exists, use it's contents automatically,
and if it's writable, write any network fetched imported data to it.
How to handle inventory?
wrapper that keeps track of what hashes got loaded? write out to a mapping file?
Or maybe a command given a url or ipfs, generates the necessary aliases + urls for it?

Features:
add:
file
url
ipfs hash
git(?)hub?

init cache:

Loading resources from yourself (package):
sys.modules[__name__] returns a valid module while your are being initalized, even for __main__, though may not work due to it not being a package, but probably can be emulated via __file__
use importlib.resources: https://docs.python.org/3.7/library/importlib.html#module-importlib.resources
> Loaders that wish to support resource reading should implement a get_resource_reader(fullname) method as specified by importlib.abc.ResourceReader.
This will be needed for cas imported packages that use cas themselves:
> Loaders that wish to support resource reading should implement a get_resource_reader(fullname) method as specified by importlib.abc.ResourceReader.


Hash options:


Write Preview
Loading…
Cancel
Save