Merge pull request #13 from criteo/fix/checksum-accept-sha256-hex

mazurov · web-flow · commit 2064bbce8bed · 2026-01-29T18:18:18.000+01:00
fix(checksum): accept raw SHA256 hex and update docs/tests
diff --git a/README.md b/README.md
@@ -108,7 +108,7 @@ export COLA_REGISTRY_SESSION_TOKEN=admin:admin
 
 # Publish a version
 ./bin/cola-regctl version create my-tools my-cli 1.0.0 \
-  --checksum "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" \
+  --checksum "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" \
   --url "https://downloads.example.com/my-cli-1.0.0.zip" \
   --start-partition 0 \
   --end-partition 9
@@ -175,7 +175,7 @@ curl -X POST http://localhost:8080/api/v1/registry/build/package/hotfix/version
   -d '{
     "name":"hotfix",
     "version":"1.0.0",
-    "checksum":"sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+    "checksum":"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
     "url":"https://example.com/hotfix-1.0.0.zip",
     "startPartition":0,
     "endPartition":9
@@ -540,7 +540,7 @@ cola-regctl package delete <registry> <package>
 ```bash
 # Publish a version
 cola-regctl version create <registry> <package> <version> \
-  --checksum "sha256:abc123..." \
+  --checksum "abc123..." \
   --url "https://downloads.example.com/package-1.0.0.zip" \
   --start-partition 0 \
   --end-partition 9
@@ -589,14 +589,14 @@ cola-regctl package create build-tools deployer \
 
 # Publish version 1.0.0 (for partitions 0-4 = 50% rollout)
 cola-regctl version create build-tools deployer 1.0.0 \
-  --checksum "sha256:abc123..." \
+  --checksum "abc123..." \
   --url "https://cdn.example.com/deployer-1.0.0.tar.gz" \
   --start-partition 0 \
   --end-partition 4
 
 # Publish version 1.1.0 (for partitions 5-9 = 50% rollout)
 cola-regctl version create build-tools deployer 1.1.0 \
-  --checksum "sha256:def456..." \
+  --checksum "def456..." \
   --url "https://cdn.example.com/deployer-1.1.0.tar.gz" \
   --start-partition 5 \
   --end-partition 9
diff --git a/docs/openapi.yaml b/docs/openapi.yaml
@@ -610,9 +610,9 @@ components:
           example: '1.0.0'
         checksum:
           type: string
-          description: SHA256 checksum with prefix
-          pattern: '^sha256:[a-f0-9]{64}$'
-          example: 'sha256:abc123def456...'
+          description: SHA256 checksum (64 hex characters)
+          pattern: '^[a-f0-9]{64}$'
+          example: 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
         url:
           type: string
           format: uri
@@ -803,8 +803,8 @@ components:
           example: '1.0.0'
         checksum:
           type: string
-          pattern: '^sha256:[a-f0-9]{64}$'
-          example: 'sha256:abc123def456789...'
+          pattern: '^[a-f0-9]{64}$'
+          example: 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
         url:
           type: string
           format: uri
@@ -832,8 +832,8 @@ components:
           example: '1.0.0'
         checksum:
           type: string
-          pattern: '^sha256:[a-f0-9]{64}$'
-          example: 'sha256:abc123def456789...'
+          pattern: '^[a-f0-9]{64}$'
+          example: 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
         url:
           type: string
           format: uri
diff --git a/docs/presentation-registry-client.md b/docs/presentation-registry-client.md
@@ -325,7 +325,7 @@ cola-regctl version push mypackage 1.2.0 \
 cola-regctl version push mypackage 1.2.0 \
     --platform darwin --arch arm64 \
     --artifact ./build/mypackage-darwin-arm64 \
-    --checksum sha256:abc123...
+    --checksum e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 ```
 
 ---
diff --git a/docs/presentation-registry-server.md b/docs/presentation-registry-server.md
@@ -119,7 +119,7 @@ Registry (Organization/Team Level)
         │
         └── Version (Release Level)
               ├── version: "1.2.0"
-              ├── checksum: "sha256:abc..."
+              ├── checksum: "e3b0c44298fc..."
               ├── url: "https://cdn/deployer-1.2.0.tar.gz"
               ├── startPartition: 0
               └── endPartition: 9
@@ -366,7 +366,7 @@ curl -X POST http://localhost:8080/api/v1/registry -u admin:password \
 curl http://localhost:8080/api/v1/registry/devops-tools/index.json
 ```
 ```json
-[{"name": "deployer", "version": "1.0.0", "checksum": "sha256:...",
+[{"name": "deployer", "version": "1.0.0", "checksum": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
   "url": "https://cdn/deployer-1.0.0.tar.gz", "startPartition": 0, "endPartition": 9}]
 ```
 
@@ -388,7 +388,7 @@ curl -X POST http://localhost:8080/api/v1/registry/devops-tools/package -u admin
 curl -X POST http://localhost:8080/api/v1/registry/devops-tools/package/deployer/version \
   -u admin:password -H "Content-Type: application/json" \
   -d '{"name": "deployer", "version": "1.2.0",
-       "checksum": "sha256:e3b0c44298fc1c149afbf4c8996fb924...",
+       "checksum": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
        "url": "https://cdn.company.com/deployer-1.2.0-linux-amd64.tar.gz",
        "startPartition": 0, "endPartition": 9}'
 ```
@@ -524,8 +524,8 @@ Valid:   1.0.0, 2.1.3-alpha, 3.0.0-beta.1+build.123
 
 ### Checksum Format
 ```go
-Pattern: sha256:[64 hex characters]
-Example: sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+Pattern: [64 hex characters]
+Example: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 ```
 
 ### Custom Values
diff --git a/docs/quickstart.md b/docs/quickstart.md
@@ -267,7 +267,7 @@ export COLA_REGISTRY_SESSION_TOKEN=admin:admin  # If auth enabled
 
 ```bash
 ./bin/cola-regctl version create my-tools deployment-cli 1.0.0 \
-  --checksum "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" \
+  --checksum "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" \
   --url "https://releases.example.com/deployment-cli-1.0.0.tar.gz" \
   --start-partition 0 \
   --end-partition 9
@@ -285,7 +285,7 @@ Output:
   {
     "name": "deployment-cli",
     "version": "1.0.0",
-    "checksum": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+    "checksum": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
     "url": "https://releases.example.com/deployment-cli-1.0.0.tar.gz",
     "startPartition": 0,
     "endPartition": 9
diff --git a/internal/client/commands/version.go b/internal/client/commands/version.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"strings"
 
 	"github.com/criteo/command-launcher-registry/internal/client/errors"
 	"github.com/criteo/command-launcher-registry/internal/client/output"
@@ -65,7 +64,7 @@ func init() {
 	versionCmd.AddCommand(versionDeleteCmd)
 
 	// Create flags
-	versionCreateCmd.Flags().StringVar(&versionChecksum, "checksum", "", "Checksum in format 'sha256:hash' (required)")
+	versionCreateCmd.Flags().StringVar(&versionChecksum, "checksum", "", "SHA256 checksum (64 hex characters) (required)")
 	versionCreateCmd.Flags().StringVar(&versionURL, "url", "", "Download URL (required)")
 	versionCreateCmd.Flags().IntVar(&versionStartPart, "start-partition", 0, "Start partition (0-9)")
 	versionCreateCmd.Flags().IntVar(&versionEndPart, "end-partition", 9, "End partition (0-9)")
@@ -78,18 +77,13 @@ func init() {
 }
 
 func validateChecksum(checksum string) error {
-	if !strings.HasPrefix(checksum, "sha256:") {
-		return fmt.Errorf("checksum must start with 'sha256:'")
+	if len(checksum) != 64 {
+		return fmt.Errorf("checksum must be exactly 64 hexadecimal characters")
 	}
 
-	hash := strings.TrimPrefix(checksum, "sha256:")
-	if len(hash) != 64 {
-		return fmt.Errorf("sha256 hash must be exactly 64 hexadecimal characters")
-	}
-
-	for _, c := range hash {
+	for _, c := range checksum {
 		if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')) {
-			return fmt.Errorf("sha256 hash must contain only hexadecimal characters")
+			return fmt.Errorf("checksum must contain only hexadecimal characters")
 		}
 	}
 
diff --git a/internal/client/validation/validators.go b/internal/client/validation/validators.go
@@ -5,10 +5,15 @@ import (
 	"strings"
 )
 
-// ValidateChecksum validates checksum format (must start with "sha256:")
+// ValidateChecksum validates checksum format (must be 64 hex characters)
 func ValidateChecksum(checksum string) error {
-	if !strings.HasPrefix(checksum, "sha256:") {
-		return fmt.Errorf("invalid checksum format. Expected 'sha256:hash', got: '%s'", checksum)
+	if len(checksum) != 64 {
+		return fmt.Errorf("invalid checksum format. Expected 64 hexadecimal characters (SHA256), got: '%s'", checksum)
+	}
+	for _, c := range checksum {
+		if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')) {
+			return fmt.Errorf("checksum must contain only hexadecimal characters, got: '%s'", checksum)
+		}
 	}
 	return nil
 }
diff --git a/internal/models/models.go b/internal/models/models.go
@@ -22,7 +22,7 @@ type Package struct {
 type Version struct {
 	Name           string `json:"name"` // Package name (denormalized for index.json)
 	Version        string `json:"version"`
-	Checksum       string `json:"checksum"`       // SHA256 with "sha256:" prefix
+	Checksum       string `json:"checksum"`       // SHA256 hash (64 hex characters)
 	URL            string `json:"url"`            // Download URL
 	StartPartition int    `json:"startPartition"` // 0-9
 	EndPartition   int    `json:"endPartition"`   // 0-9
diff --git a/internal/models/validation.go b/internal/models/validation.go
@@ -14,8 +14,8 @@ var (
 	// Semantic version pattern (simplified - supports major.minor.patch with optional pre-release and build metadata)
 	versionPattern = regexp.MustCompile(`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`)
 
-	// Checksum pattern: sha256: followed by 64 hex characters
-	checksumPattern = regexp.MustCompile(`^sha256:[a-f0-9]{64}$`)
+	// Checksum pattern: 64 hex characters (SHA256)
+	checksumPattern = regexp.MustCompile(`^[a-f0-9]{64}$`)
 
 	// Custom values key pattern
 	customKeyPattern = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_-]{0,63}$`)
@@ -70,7 +70,7 @@ func ValidateChecksum(checksum string) error {
 		return &ValidationError{Field: "checksum", Message: "checksum is required"}
 	}
 	if !checksumPattern.MatchString(checksum) {
-		return &ValidationError{Field: "checksum", Message: "checksum must match format sha256:[64 hex characters]"}
+		return &ValidationError{Field: "checksum", Message: "checksum must be 64 hexadecimal characters (SHA256)"}
 	}
 	return nil
 }
diff --git a/scripts/populate-test-data-cli.sh b/scripts/populate-test-data-cli.sh
@@ -76,7 +76,7 @@ echo
 # Create version 1.0.0 for deployment-cli
 echo "Creating version 1.0.0 for deployment-cli..."
 ${CLI} version create company-tools deployment-cli 1.0.0 \
-    --checksum "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" \
+    --checksum "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" \
     --url "https://downloads.example.com/deployment-cli/1.0.0/deployment-cli.zip" \
     --start-partition 0 \
     --end-partition 4
@@ -85,7 +85,7 @@ echo
 # Create version 1.1.0 for deployment-cli
 echo "Creating version 1.1.0 for deployment-cli..."
 ${CLI} version create company-tools deployment-cli 1.1.0 \
-    --checksum "sha256:fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210" \
+    --checksum "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210" \
     --url "https://downloads.example.com/deployment-cli/1.1.0/deployment-cli.zip" \
     --start-partition 5 \
     --end-partition 9
@@ -103,7 +103,7 @@ echo
 # Create version 2.0.0 for data-sync
 echo "Creating version 2.0.0 for data-sync..."
 ${CLI} version create company-tools data-sync 2.0.0 \
-    --checksum "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789" \
+    --checksum "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789" \
     --url "https://downloads.example.com/data-sync/2.0.0/data-sync.pkg" \
     --start-partition 0 \
     --end-partition 9
@@ -119,7 +119,7 @@ echo
 # Create version 3.5.2 for monitoring-agent
 echo "Creating version 3.5.2 for monitoring-agent..."
 ${CLI} version create company-tools monitoring-agent 3.5.2 \
-    --checksum "sha256:9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba" \
+    --checksum "9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba" \
     --url "https://downloads.example.com/monitoring-agent/3.5.2/monitoring-agent.pkg" \
     --start-partition 0 \
     --end-partition 9
diff --git a/scripts/populate-test-data.sh b/scripts/populate-test-data.sh
@@ -74,7 +74,7 @@ echo "Creating version 1.0.0 for deployment-cli..."
 api_call POST "/registry/company-tools/package/deployment-cli/version" '{
   "name": "deployment-cli",
   "version": "1.0.0",
-  "checksum": "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+  "checksum": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
   "url": "https://downloads.example.com/deployment-cli/1.0.0/deployment-cli",
   "startPartition": 0,
   "endPartition": 4
@@ -85,7 +85,7 @@ echo "Creating version 1.1.0 for deployment-cli..."
 api_call POST "/registry/company-tools/package/deployment-cli/version" '{
   "name": "deployment-cli",
   "version": "1.1.0",
-  "checksum": "sha256:fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210",
+  "checksum": "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210",
   "url": "https://downloads.example.com/deployment-cli/1.1.0/deployment-cli",
   "startPartition": 5,
   "endPartition": 9
@@ -110,7 +110,7 @@ echo "Creating version 2.0.0 for data-sync..."
 api_call POST "/registry/company-tools/package/data-sync/version" '{
   "name": "data-sync",
   "version": "2.0.0",
-  "checksum": "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
+  "checksum": "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
   "url": "https://downloads.example.com/data-sync/2.0.0/data-sync",
   "startPartition": 0,
   "endPartition": 9
@@ -131,7 +131,7 @@ echo "Creating version 3.5.2 for monitoring-agent..."
 api_call POST "/registry/company-tools/package/monitoring-agent/version" '{
   "name": "monitoring-agent",
   "version": "3.5.2",
-  "checksum": "sha256:9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba",
+  "checksum": "9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba",
   "url": "https://downloads.example.com/monitoring-agent/3.5.2/monitoring-agent",
   "startPartition": 0,
   "endPartition": 9
diff --git a/tests/integration/oci_storage_test.go b/tests/integration/oci_storage_test.go
@@ -75,7 +75,7 @@ func TestOCIStorage_Integration(t *testing.T) {
 		ver := &models.Version{
 			Name:           "oci-test-pkg",
 			Version:        "1.0.0",
-			Checksum:       "abc123",
+			Checksum:       "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 			URL:            "https://example.com/pkg.zip",
 			StartPartition: 0,
 			EndPartition:   9,
diff --git a/tests/integration/s3_storage_test.go b/tests/integration/s3_storage_test.go
@@ -121,7 +121,7 @@ func TestS3Storage_FullCRUDLifecycle(t *testing.T) {
 	version := &models.Version{
 		Name:           "test-package",
 		Version:        "1.0.0",
-		Checksum:       "sha256:abc123",
+		Checksum:       "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 		URL:            "https://example.com/test-package-1.0.0.tar.gz",
 		StartPartition: 0,
 		EndPartition:   9,
@@ -134,7 +134,7 @@ func TestS3Storage_FullCRUDLifecycle(t *testing.T) {
 	retrievedVer, err := store.GetVersion(ctx, "test-registry", "test-package", "1.0.0")
 	require.NoError(t, err, "Failed to get version")
 	assert.Equal(t, "1.0.0", retrievedVer.Version)
-	assert.Equal(t, "sha256:abc123", retrievedVer.Checksum)
+	assert.Equal(t, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", retrievedVer.Checksum)
 
 	// Test: List registries
 	registries, err := store.ListRegistries(ctx)

Original file line number	Diff line number	Diff line change
`@@ -5,10 +5,15 @@ import (`
`5`	`5`	`"strings"`
`6`	`6`	`)`
`7`	`7`
`8`		`-// ValidateChecksum validates checksum format (must start with "sha256:")`
	`8`	`+// ValidateChecksum validates checksum format (must be 64 hex characters)`
`9`	`9`	`func ValidateChecksum(checksum string) error {`
`10`		`- if !strings.HasPrefix(checksum, "sha256:") {`
`11`		`- return fmt.Errorf("invalid checksum format. Expected 'sha256:hash', got: '%s'", checksum)`
	`10`	`+ if len(checksum) != 64 {`
	`11`	`+ return fmt.Errorf("invalid checksum format. Expected 64 hexadecimal characters (SHA256), got: '%s'", checksum)`
	`12`	`+ }`
	`13`	`+ for _, c := range checksum {`
	`14`	`+ if !((c >= '0' && c <= '9') \|\| (c >= 'a' && c <= 'f') \|\| (c >= 'A' && c <= 'F')) {`
	`15`	`+ return fmt.Errorf("checksum must contain only hexadecimal characters, got: '%s'", checksum)`
	`16`	`+ }`
`12`	`17`	`}`
`13`	`18`	`return nil`
`14`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,8 +14,8 @@ var (`
`14`	`14`	`// Semantic version pattern (simplified - supports major.minor.patch with optional pre-release and build metadata)`
`15`	`15`	versionPattern = regexp.MustCompile(`^(0\|[1-9]\d)\.(0\|[1-9]\d)\.(0\|[1-9]\d)(?:-((?:0\|[1-9]\d\|\d[a-zA-Z-][0-9a-zA-Z-])(?:\.(?:0\|[1-9]\d\|\d[a-zA-Z-][0-9a-zA-Z-]))))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`)
`16`	`16`
`17`		`- // Checksum pattern: sha256: followed by 64 hex characters`
`18`		- checksumPattern = regexp.MustCompile(`^sha256:[a-f0-9]{64}$`)
	`17`	`+ // Checksum pattern: 64 hex characters (SHA256)`
	`18`	+ checksumPattern = regexp.MustCompile(`^[a-f0-9]{64}$`)
`19`	`19`
`20`	`20`	`// Custom values key pattern`
`21`	`21`	customKeyPattern = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_-]{0,63}$`)
`@@ -70,7 +70,7 @@ func ValidateChecksum(checksum string) error {`
`70`	`70`	`return &ValidationError{Field: "checksum", Message: "checksum is required"}`
`71`	`71`	`}`
`72`	`72`	`if !checksumPattern.MatchString(checksum) {`
`73`		`- return &ValidationError{Field: "checksum", Message: "checksum must match format sha256:[64 hex characters]"}`
	`73`	`+ return &ValidationError{Field: "checksum", Message: "checksum must be 64 hexadecimal characters (SHA256)"}`
`74`	`74`	`}`
`75`	`75`	`return nil`
`76`	`76`	`}`