From 3d8b036485dea8f05ae6eee724e0ecb66031611c Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jun 18 2018 13:48:48 +0000 Subject: use correct fileinfo checksum field Fixes: https://pagure.io/koji/issue/966 --- diff --git a/vm/kojikamid.py b/vm/kojikamid.py index 271dcaa..65294e9 100755 --- a/vm/kojikamid.py +++ b/vm/kojikamid.py @@ -297,28 +297,37 @@ class WindowsBuild(object): """Set the buildroot object to expired on the hub.""" self.server.expireBuildroot(self.buildroot_id) - def fetchFile(self, basedir, buildinfo, fileinfo, type): + def fetchFile(self, basedir, buildinfo, fileinfo, brtype): """Download the file from buildreq, at filepath, into the basedir""" destpath = os.path.join(basedir, fileinfo['localpath']) ensuredir(os.path.dirname(destpath)) - destfile = open(destpath, 'w') - offset = 0 - checksum = hashlib.md5() - while True: - encoded = self.server.getFile(buildinfo, fileinfo, encode_int(offset), 1048576, type) - if not encoded: - break - data = base64.b64decode(encoded) - del encoded - destfile.write(data) - offset += len(data) - checksum.update(data) - destfile.close() - digest = checksum.hexdigest() + if 'checksum_type' in fileinfo: + if fileinfo['checksum_type'] == 'sha1': + checksum = hashlib.sha1() + elif fileinfo['checksum_type'] == 'sha256': + checksum = hashlib.sha256() + elif fileinfo['checksum_type'] == 'md5': + checksum = hashlib.md5() + else: + raise BuildError('Unknown checksum type %s for %f' % ( + fileinfo['checksum_type'], + os.path.basename(fileinfo['localpath']))) + with open(destpath, 'w') as destfile: + offset = 0 + while True: + encoded = self.server.getFile(buildinfo, fileinfo, encode_int(offset), 1048576, brtype) + if not encoded: + break + data = base64.b64decode(encoded) + del encoded + destfile.write(data) + offset += len(data) + if 'checksum_type' in fileinfo: + checksum.update(data) # rpms don't have a md5sum in the fileinfo, but check it for everything else - if ('md5sum' in fileinfo) and (digest != fileinfo['md5sum']): - raise BuildError('md5 checksum validation failed for %s, %s (computed) != %s (provided)' % \ - (destpath, digest, fileinfo['md5sum'])) + if 'checksum' in fileinfo and fileinfo['checksum'] != checksum.hexdigest(): + raise BuildError('checksum validation failed for %s, %s (computed) != %s (provided)' % \ + (destpath, checksum.hexdigest(), fileinfo['checksum'])) self.logger.info('Retrieved %s (%s bytes, md5: %s)', destpath, offset, digest) def fetchBuildReqs(self): diff --git a/vm/kojivmd b/vm/kojivmd index e50aad0..729c58c 100755 --- a/vm/kojivmd +++ b/vm/kojivmd @@ -25,6 +25,7 @@ import koji.util from koji.daemon import SCM, TaskManager from koji.tasks import ServerExit, ServerRestart, BaseTaskHandler, MultiPlatformTask from koji.tasks import RestartTask, RestartVerifyTask +import hashlib import sys import logging import os @@ -678,17 +679,26 @@ class VMExecTask(BaseTaskHandler): raise koji.BuildError('unsupported file type: %s' % type) koji.ensuredir(os.path.dirname(localpath)) with closing(requests.get(remote_url, stream=True)) as response: - f = open(localpath, 'wb') - length = response.headers.get('content-length') - if length is None: - f.write(response.content) - else: - for chunk in response.iter_content(chunk_size=65536): - f.write(chunk) - f.close() - + with open(localpath, 'wb') as f: + length = response.headers.get('content-length') + if length is None: + f.write(response.content) + else: + for chunk in response.iter_content(chunk_size=65536): + f.write(chunk) + if type == 'rpm': + # rpm, check sigmd5. It is enough, as if content is broken, + # rpm will fail later + hdr = koji.get_rpm_header(localpath) + payloadhash = koji.hex_string(hdr[rpm.RPMTAG_SIGMD5]) + if fileinfo['payloadhash'] != payloadhash: + raise koji.BuildError("Downloaded rpm %s doesn't match checksum (expected: %s, got %s)" % ( + os.path.basename(fileinfo['localpath']), + fileinfo['payloadhash'], payloadhash)) + else: + self.verifyChecksum(localpath, fileinfo['checksum'], koji.CHECKSUM_TYPES[fileinfo['checksum_type']], localpath) - return file(localpath, 'r') + return open(localpath, 'r') def getFile(self, buildinfo, archiveinfo, offset, length, type): """ @@ -749,19 +759,20 @@ class VMExecTask(BaseTaskHandler): raise koji.BuildError('%s does not exist' % local_path) if algo == 'sha1': - sum = koji.util.sha1_constructor() + sum = hashlib.sha1() elif algo == 'md5': - sum = koji.util.md5_constructor() + sum = hashlib.md5() + elif algo == 'sha256': + sum == hashlib.sha256() else: raise koji.BuildError('unsupported checksum algorithm: %s' % algo) - fobj = file(local_path, 'r') - while True: - data = fobj.read(1048576) - if not data: - break - sum.update(data) - fobj.close() + with file(local_path, 'r') as f: + while True: + data = f.read(1048576) + if not data: + break + sum.update(data) if sum.hexdigest() == checksum: return True else: