Import python modules by their hash.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.4 KiB

Aliases: from a local file, kinda like requirements.txt, maps name to hash, either package/module name, or an author/public key name.

This has to be treated specially.  If two aliases appear to be the same, but one is fetched a "secure" IPFS hash, it MUST be compared w/ what ever secure hash the two aliases had in common.  Otherwise a malicious package could "pretend" that it hash the sha256 that's the same, but provide a bad IPFS hash, and then we'd load the malicous package instead.

Example: from cas.a.jmg.utils import aiter, anext

How to handle inventory? wrapper that keeps track of what hashes got loaded? write out to a mapping file? Or maybe a command given a url or ipfs, generates the necessary aliases + urls for it?

Features: add: file git(?)hub?

This will be needed for cas imported packages that use cas themselves:

Loaders that wish to support resource reading should implement a get_resource_reader(fullname) method as specified by importlib.abc.ResourceReader.

Hash options: urn old ietf draft: https://datatracker.ietf.org/doc/draft-thiemann-hash-urn/ - not up to date hash-uri: https://github.com/hash-uri/hash-uri - this looks best multihash: https://github.com/multiformats/multihash - no URI specification ipfs uri: https://github.com/ipfs/in-web-browsers/blob/master/ADDRESSING.md - not a hash, but useful for IPFS names ni: https://tools.ietf.org/html/rfc6920 - complicated, not well supported