Skip to content
Snippets Groups Projects
Unverified Commit 1e0cfb68 authored by boklm's avatar boklm
Browse files

Bug 40077: Allow to specify sha512sum for input_files 

Also add the sha512 and sha512file template functions.

We also add tests to `test.pl` to check that we exit with an error when
sha256sum or sha512sum is wrong (and that we don't when it's the
expected one).
parent 45dcee8b
Branches
No related tags found
1 merge request!63Bug 40077: Allow to specify sha512sum for input_files
Show whitespace changes
Inline Side-by-side
doc/rbm_input_files.asc
+ 11
6
View file @ 1e0cfb68
......@@ -26,7 +26,7 @@ The following input sources are available:
The file that has been retrieved can be verified with:
- matching a specific sha256 checksum
- matching a specific sha256 or sha512 checksum
- a gpg signature file from a specific key or keyring
......@@ -104,17 +104,22 @@ enable::
refresh_input::
By default, if the file is already present, it is not downloaded
or created again, except when an sha256sum is defined and the
file present is not matching. If this option is set to a true
value, the file will be removed and created again on each run,
except when an sha256sum is defined and the file present is
matching.
or created again, except when an sha256sum or sha512sum is
defined and the file present is not matching. If this option is
set to a true value, the file will be removed and created again
on each run, except when an sha256sum or sha512sum is defined
and the file present is matching.
sha256sum::
The sha256 checksum of the file. The build will fail with an
error if the file does not match the expected sha256 checksum.
If the value is empty, the checksum is not checked.
sha512sum::
The sha512 checksum of the file. The build will fail with an
error if the file does not match the expected sha512 checksum.
If the value is empty, the checksum is not checked.
file_gpg_id::
If this option is set to 1, the file is checked for a gpg
signature. If it is set to an other non zero value, or an array
......
doc/rbm_templates.asc
+ 8
0
View file @ 1e0cfb68
......@@ -138,10 +138,18 @@ sha256::
A function returning the sha256 digest of its argument as an
hexadecimal string.
sha512::
A function returning the sha512 digest of its argument as an
hexadecimal string.
sha256file::
A function returning the sha256 digest of a file as an hexadecimal
string. If the file does not exist, an empty string is returned.
sha512file::
A function returning the sha512 digest of a file as an hexadecimal
string. If the file does not exist, an empty string is returned.
fileparse::
A function to parse a path. Returns an array containing the
filename, and the directory path. This is the fileparse routine
......
lib/RBM.pm
+ 43
25
View file @ 1e0cfb68
......@@ -19,7 +19,7 @@ use String::ShellQuote;
use Sort::Versions;
use RBM::CaptureExec qw(capture_exec);
use RBM::DefaultConfig;
use Digest::SHA qw(sha256_hex);
use Digest::SHA qw(sha256_hex sha512_hex);
use Data::UUID;
use Data::Dump qw(dd pp);
use FindBin;
......@@ -673,16 +673,22 @@ sub maketar {
return $tar_file;
}
sub sha256file {
sub shafile {
CORE::state %res;
my $type = shift;
my $f = rbm_path(shift);
my $opt = shift;
my %sha_hex = (
sha256sum => \&sha256_hex,
sha512sum => \&sha512_hex,
);
exit_error "Unknown sha type $type" unless $sha_hex{$type};
if (ref $opt eq 'HASH' && $opt->{remove_cache}) {
delete $res{$f};
delete $res{$type}{$f};
return;
}
return $res{$f} if exists $res{$f};
return $res{$f} = -f $f ? sha256_hex(path($f)->slurp_raw) : '';
return $res{$type}{$f} if exists $res{$type}{$f};
return $res{$type}{$f} = -f $f ? $sha_hex{$type}->(path($f)->slurp_raw) : '';
}
sub process_template_opt {
......@@ -731,7 +737,11 @@ sub process_template {
sha256 => sub {
return sha256_hex(encode("utf8", $_[0]));
},
sha256file => \&sha256file,
sha512 => sub {
return sha512_hex(encode("utf8", $_[0]));
},
sha256file => sub { return shafile('sha256sum', @_) },
sha512file => sub { return shafile('sha512sum', @_) },
fileparse => \&fileparse,
ENV => \%ENV,
};
......@@ -782,19 +792,23 @@ sub file_in_dir {
sub input_file_need_dl {
my ($input_file, $t, $fname, $action) = @_;
return undef if $action eq 'getfpaths';
for my $checksum (qw/sha512sum sha256sum/) {
if ($fname
&& ($input_file->{sha256sum} || $input_file->{norec}{sha256sum})
&& $t->('sha256sum')
&& $t->('sha256sum') ne sha256file($fname)) {
sha256file($fname, { remove_cache => 1 });
&& ($input_file->{$checksum} || $input_file->{norec}{$checksum})
&& $t->($checksum)
&& $t->($checksum) ne shafile($checksum, $fname)) {
shafile($checksum, $fname, { remove_cache => 1 });
$fname = undef;
}
}
if ($action eq 'input_files_id') {
return undef if $input_file->{input_file_id};
if ( ($input_file->{sha256sum} || $input_file->{norec}{sha256sum})
&& $t->('sha256sum') ) {
for my $checksum (qw/sha512sum sha256sum/) {
if ( ($input_file->{$checksum} || $input_file->{norec}{$checksum})
&& $t->($checksum) ) {
return undef;
}
}
return undef if $input_file->{exec};
return undef if ($fname && !$t->('refresh_input'));
return 1 if $input_file->{URL};
......@@ -808,8 +822,8 @@ sub input_file_need_dl {
sub input_file_id_hash {
my ($fname, $filename) = @_;
exit_error "input_file_id: file $filename is missing" unless $fname;
return $filename . ':' . sha256file($fname) if -f $fname;
return $filename . ':' . sha256file(readlink $fname) if -l $fname;
return $filename . ':' . shafile('sha256sum', $fname) if -f $fname;
return $filename . ':' . shafile('sha256sum', readlink $fname) if -l $fname;
my @subdirs = sort(map { $_->basename } path($fname)->children);
my @hashes = map { input_file_id_hash("$fname/$_", "$filename/$_") } @subdirs;
return join("\n", @hashes);
......@@ -819,9 +833,11 @@ sub input_file_id {
my ($input_file, $t, $fname, $filename) = @_;
return $t->('input_file_id') if $input_file->{input_file_id};
return $input_file->{project} . ':' . $filename if $input_file->{project};
if ( ($input_file->{sha256sum} || $input_file->{norec}{sha256sum})
&& $t->('sha256sum') ) {
return $filename . ':' . $t->('sha256sum');
for my $checksum (qw/sha512sum sha256sum/) {
if ( ($input_file->{$checksum} || $input_file->{norec}{$checksum})
&& $t->($checksum) ) {
return $filename . ':' . $t->($checksum);
}
}
my $opts = { norec => { output_dir => '/out', getting_id => 1, }};
return $filename . ':' . sha256_hex($t->('exec', $opts))
......@@ -1057,11 +1073,13 @@ sub input_files {
next;
}
exit_error "Missing file $name" unless $fname;
if ($t->('sha256sum')
&& $t->('sha256sum') ne sha256file($fname)) {
exit_error "Can't have sha256sum on directory: $fname" if -d $fname;
exit_error "Wrong sha256sum for $fname.\n" .
"Expected sha256sum: " . $t->('sha256sum');
for my $checksum (qw/sha512sum sha256sum/) {
if ($t->($checksum)
&& $t->($checksum) ne shafile($checksum, $fname)) {
exit_error "Can't have $checksum on directory: $fname" if -d $fname;
exit_error "Wrong $checksum for $fname.\n" .
"Expected $checksum: " . $t->($checksum);
}
}
if ($file_gpg_id) {
exit_error "Can't have gpg sig on directory: $fname" if -d $fname;
......
test.pl
+ 35
1
View file @ 1e0cfb68
#!/usr/bin/perl -w
use strict;
use Path::Tiny;
use Test::More tests => 41;
use Test::More tests => 45;
use lib 'lib/';
sub set_target {
......@@ -260,6 +260,28 @@ my @tests = (
"1\n2\n3\n4\n1\n2\n",
},
},
{
name => 'sha256sum input_files',
target => [ 'sha256sum' ],
build => [ 'shasum', 'build' ],
files => {},
},
{
name => 'sha512sum input_files',
target => [ 'sha512sum' ],
build => [ 'shasum', 'build' ],
files => {},
},
{
name => 'wrong sha256sum input_files',
target => [ 'wrong_sha256sum' ],
fail_build => [ 'shasum', 'build' ],
},
{
name => 'wrong sha512sum input_files',
target => [ 'wrong_sha512sum' ],
fail_build => [ 'shasum', 'build' ],
},
);
foreach my $test (@tests) {
......@@ -278,4 +300,16 @@ foreach my $test (@tests) {
my $res = grep { path($_)->slurp_utf8 ne $test->{files}{$_} } keys %{$test->{files}};
ok(!$res, $test->{name});
}
if ($test->{fail_build}) {
my $pid = fork;
if (!$pid) {
close STDOUT;
close STDERR;
RBM::build_run(@{$test->{fail_build}});
exit 0;
}
wait;
my $exit_code = $?;
ok($exit_code, $test->{name});
}
}
test/projects/shasum/config 0 → 100644
+ 28
0
View file @ 1e0cfb68
# vim: filetype=yaml sw=2
debug: 1
filename: 'shasum_project-[% c("input_files_id") %]'
build: |
#!/bin/sh
echo ok > [% dest_dir _ '/' _ c("filename") %]
targets:
sha256sum:
input_files:
- filename: sha256sums-signed-build.txt
URL: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.15/sha256sums-signed-build.txt
sha256sum: 380c611762cf02a89a5885e7182ce17fc653f6b910c00ce50295c03c488b13ac
sha512sum:
input_files:
- filename: sha256sums-signed-build.txt
URL: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.15/sha256sums-signed-build.txt
sha512sum: 5a1a5199f2135dd75bfeddafc25a62ce473083d371b13f90582b5faf3a3e7c415c4b4990d4927d8a468dca88bc8376fb55143020e7dadcc69b316f6212a7f825
wrong_sha256sum:
input_files:
- filename: sha256sums-signed-build.txt
URL: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.15/sha256sums-signed-build.txt
sha256sum: aaa
wrong_sha512sum:
input_files:
- filename: sha256sums-signed-build.txt
URL: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.15/sha256sums-signed-build.txt
sha512sum: aaa
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment