~bigbes/sourcehut-root

ref: 50df4c291341762cdb47437014ff157a91914add sourcehut-root/patches/core-go-checksum.patch -rw-r--r-- 1.6 KiB
50df4c29 — Eugene Blikh Add sourcehut-custom-service skill 26 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
diff --git a/objects/middleware.go b/objects/middleware.go
index efdb4b5..b14330e 100644
--- a/objects/middleware.go
+++ b/objects/middleware.go
@@ -7,9 +7,11 @@ import (
 	"net/http"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
+	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	"github.com/aws/aws-sdk-go-v2/credentials"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/aws/smithy-go/endpoints"
+	smithymw "github.com/aws/smithy-go/middleware"
 	"github.com/vaughan0/go-ini"
 
 	"git.sr.ht/~sircmpwn/core-go/config"
@@ -87,7 +89,19 @@ func NewClient(conf ini.File) (*s3.Client, error) {
 	return s3.NewFromConfig(aws.Config{
 		Region:      region,
 		Credentials: creds,
-	}, func(opts *s3.Options) {
+	}, s3.WithSigV4SigningRegion(region), func(opts *s3.Options) {
+		// Patched (phoebe-lab): pages Publish + builds artifact upload pass
+		// non-seekable bodies (tar.Reader, io.LimitReader) to PutObject. The
+		// SDK's default dynamic-payload middleware only uses UnsignedPayload
+		// over HTTPS; over HTTP (s3-insecure=true to internal Garage) it
+		// falls through to ComputePayloadSHA256, which seeks the body and
+		// fails. Force UnsignedPayload unconditionally. The above
+		// WithSigV4SigningRegion pins the sigv4 region so the V1 endpoint
+		// resolver doesn't override it back to "default".
+		opts.APIOptions = append(opts.APIOptions, func(stack *smithymw.Stack) error {
+			_, err := stack.Finalize.Swap("ComputePayloadHash", &v4.UnsignedPayload{})
+			return err
+		})
 		opts.BaseEndpoint = aws.String(scheme + upstream)
 		opts.EndpointResolverV2 = &S3Resolver{
 			conf,