[elbe-devel] [PATCH 07/11] aptpkgutils: Add support for sha256

Holger Dengler dengler at linutronix.de
Mon Mar 14 15:16:03 CET 2022 

On 14.03.22 14:48, Torben Hohn wrote:
> Since buster, sha256 checksums in package indices are mandatory
> and md5 sums are only optional.
> On security.debian.org md5 sums are already dropped for bullseye.
> This breaks the fullpackagelist validation.
> 
> Prepare to migrate the validation to sha256 by adding support to the
> lower layer datastructures.
> 
> Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>

Reviewed-by: Holger Dengler <dengler at linutronix.de>

> ---
>  elbepack/aptpkgutils.py | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/elbepack/aptpkgutils.py b/elbepack/aptpkgutils.py
> index 3ac2692d9..181ccb1e0 100644
> --- a/elbepack/aptpkgutils.py
> +++ b/elbepack/aptpkgutils.py
> @@ -39,6 +39,16 @@ def apt_pkg_md5(pkg):
>              return h.split(':')[1]
>      return ""
>  
> +def apt_pkg_sha256(pkg):
> +    # pylint: disable=protected-access
> +    hashes = pkg._records.hashes
> +    # pylint: disable=consider-using-enumerate
> +    for i in range(len(hashes)):
> +        h = str(hashes[i])
> +        if h.startswith("SHA256"):
> +            return h.split(':')[1]
> +    return ""
> +
>  def getdeps(pkg):
>      for dd in pkg.dependencies:
>          for d in dd:
> @@ -147,6 +157,7 @@ class PackageBase:
>      def __init__(self, name,
>                   installed_version, candidate_version,
>                   installed_md5, candidate_md5,
> +                 installed_sha256, candidate_sha256,
>                   installed_prio, candidate_prio,
>                   state, is_auto_installed, origin, architecture):
>  
> @@ -157,6 +168,8 @@ class PackageBase:
>          self.candidate_version = candidate_version
>          self.installed_md5 = installed_md5
>          self.candidate_md5 = candidate_md5
> +        self.installed_sha256 = installed_sha256
> +        self.candidate_sha256 = candidate_sha256
>          self.installed_prio = installed_prio
>          self.candidate_prio = candidate_prio
>          self.state = state
> @@ -184,6 +197,8 @@ class APTPackage(PackageBase):
>          cver = pkg.candidate and pkg.candidate.version
>          imd5 = pkg.installed and apt_pkg_md5(pkg.installed)
>          cmd5 = pkg.candidate and apt_pkg_md5(pkg.candidate)
> +        isha256 = pkg.installed and apt_pkg_sha256(pkg.installed)
> +        csha256 = pkg.candidate and apt_pkg_sha256(pkg.candidate)
>          iprio = pkg.installed and pkg.installed.priority
>          cprio = pkg.candidate and pkg.candidate.priority
>  
> @@ -205,6 +220,7 @@ class APTPackage(PackageBase):
>          PackageBase.__init__(self, pkg.name,
>                               iver, cver,
>                               imd5, cmd5,
> +                             isha256, csha256,
>                               iprio, cprio,
>                               pkgstate(pkg), pkg.is_auto_installed,
>                               origin, arch)
> @@ -215,6 +231,7 @@ class XMLPackage(PackageBase):
>          PackageBase.__init__(self, node.et.text,
>                               node.et.get('version'), None,
>                               node.et.get('md5'), None,
> +                             node.et.get('sha256'), None,
>                               node.et.get('prio'), None,
>                               INSTALLED, node.et.get('auto') == 'true',
>                               None, arch)

-- 
Gruß,
Holger Dengler
--
phone: +49 7556 25 999 14; fax: +49 7556 25 999 99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linutronix.de/pipermail/elbe-devel/attachments/20220314/b109b34f/attachment-0001.sig>

More information about the elbe-devel mailing list