| |
@@ -415,6 +415,7 @@
|
| |
self.check_rpm_sigs()
|
| |
if not self.options.no_sums:
|
| |
self.verify_rpms()
|
| |
+ self.check_rpm_sums()
|
| |
self.check_archives()
|
| |
if not self.options.no_sums:
|
| |
self.verify_archives()
|
| |
@@ -619,6 +620,42 @@
|
| |
stats.increment('signed_copy.check')
|
| |
self.verify_rpm(fn, ts, size)
|
| |
|
| |
+ def check_rpm_sums(self):
|
| |
+ '''Validate signature data on disc'''
|
| |
+ if self.options.no_sums:
|
| |
+ return
|
| |
+ build = self.build
|
| |
+ sums = {}
|
| |
+ with session.multicall(strict=False) as m:
|
| |
+ for rpminfo in self.rpms:
|
| |
+ sums[rpminfo['id']] = m.getRPMChecksums(rpm_id=rpminfo['id'], cacheonly=True)
|
| |
+ # cacheonly: no point in checking if it isn't already in the db
|
| |
+ try:
|
| |
+ sums = {i: sums[i].result for i in sums}
|
| |
+ except koji.GenericError as e:
|
| |
+ if 'Invalid method:' in str(e):
|
| |
+ logger.warning('Server does not support rpm checksums')
|
| |
+ return
|
| |
+ raise
|
| |
+ sumtype_priority = ['sha256', 'sha1', 'md5']
|
| |
+ for rpminfo in self.rpms:
|
| |
+ for sigkey in sums[rpminfo['id']]:
|
| |
+ ksums = sums[rpminfo['id']][sigkey]
|
| |
+ signed = os.path.join(self.build_dir, koji.pathinfo.signed(rpminfo, sigkey))
|
| |
+ if not os.path.exists(signed):
|
| |
+ # this is ok
|
| |
+ continue
|
| |
+ for sumtype in sumtype_priority:
|
| |
+ if sumtype not in ksums:
|
| |
+ continue
|
| |
+ start = time.time()
|
| |
+ self.verify_checksum(signed, sumtype, ksums[sumtype])
|
| |
+ elapsed = time.time() - start
|
| |
+ stats.increment('rpmchecksum.checked')
|
| |
+ stats.increment('rpmchecksum.time', elapsed)
|
| |
+ # checking a single checksum is enough
|
| |
+ break
|
| |
+
|
| |
def check_archives(self):
|
| |
build = self.build
|
| |
# first gather archives
|
| |
@@ -677,7 +714,8 @@
|
| |
|
| |
def verify_checksum(self, fn, sumtype, expect):
|
| |
try:
|
| |
- sumtype = koji.CHECKSUM_TYPES[sumtype]
|
| |
+ if isinstance(sumtype, int):
|
| |
+ sumtype = koji.CHECKSUM_TYPES[sumtype]
|
| |
except KeyError:
|
| |
logger.error('Unknown sum type %s for %s', sumtype, fn)
|
| |
stats.increment('checksum.unsupported')
|
| |
The
getRPMChecksums
call was recently added. If available, it gives us additional data for verification.