Cryptographic technology in Craft Parts¶
Craft Parts uses cryptographic technologies to obtain and process data from remote sources. It does not directly implement its own cryptography, but it does depend on external libraries to do so.
Communication with local processes¶
Craft Parts uses the Requests and requests-unixsockets2 libraries to communicate over Unix sockets with the local snap daemon (snapd). These requests are used to fetch information about required snaps. If the snap is missing, Craft Parts will install it through snapd. This is done by querying the snapd API with URLs built dynamically and sanitized by urllib.
Overlays¶
When overlays are enabled, Craft Parts calculates a checksum for each part’s overlay layer to track when changes are made. The checksums are generated using the SHA1 algorithm from the hashlib library.
Sources¶
Downloading repositories¶
When a part sources a remote Git repository, Craft Parts uses Git to clone it. Depending on the URL provided, Git uses either SSH or HTTPS as the secure communication protocol.
Downloading source files¶
When a part sources a .deb, .rpm, .snap, .tar, .zip, or .7z
file, Craft Parts calls the Requests library to download it.
The integrity of these files can be verified using a checksum. The checksum is verified using hashlib, so all algorithms available to the hashlib library can be used.
Dependencies¶
Downloading system packages¶
System dependencies are downloaded and verified using snapd, Apt, DNF, and Yum.
Downloading build dependencies¶
Plugins use build tools to download and verify build dependencies. Some plugins can provision their own build tools, while others require the build tools to be available on the system. The table below summarizes how plugins provision build tools and which build tools are used to download and verify dependencies.
Plugin |
Build tools used |
Method of provisioning the build tools |
|---|---|---|
not provisioned |
||
not provisioned |
||
not provisioned |
||
not provisioned |
||
Requests library and curl |
||
not provisioned |
||
not provisioned |
||
not provisioned |