[elbe-devel] [PATCH 3/6] hashes: add elbepack.hashes including HashValidator and validate_sha256()
Torben Hohn
torben.hohn at linutronix.de
Tue Aug 28 18:41:27 CEST 2018
HashValidator is a Baseclass to implement downloading and validating
files against a list of hashes.
this is used later for debian Release and SHA256SUMS files.
Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
elbepack/hashes.py | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
create mode 100644 elbepack/hashes.py
diff --git a/elbepack/hashes.py b/elbepack/hashes.py
new file mode 100644
index 00000000..2805178b
--- /dev/null
+++ b/elbepack/hashes.py
@@ -0,0 +1,53 @@
+# ELBE - Debian Based Embedded Rootfilesystem Builder
+# Copyright (c) 2018 Torben Hohn <torben.hohn at linutronix.de>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import hashlib
+from urllib2 import urlopen
+from shutil import copyfileobj
+
+
+class HashValidationFailed(Exception):
+ pass
+
+def validate_sha256(fname, expected_hash):
+ m = hashlib.sha256()
+ with open(fname, "rb") as f:
+ buf = f.read(65536)
+ while len(buf) > 0:
+ m.update(buf)
+ buf = f.read(65536)
+ if m.hexdigest() != expected_hash:
+ raise HashValidationFailed(
+ 'file "%s" failed to verify ! got: "%s" expected: "%s"' %
+ (fname, m.hexdigest(), expected_hash))
+
+
+class HashValidator(object):
+ def __init__(self, base_url):
+ self.hashes = {}
+ self.base_url = base_url
+
+ def insert_fname_hash(self, algo, fname, hash_val):
+ if not algo in self.hashes:
+ self.hashes[algo] = {}
+
+ self.hashes[algo][fname] = hash_val
+
+ def validate_file(self, upstream_fname, local_fname):
+ if upstream_fname not in self.hashes['SHA256']:
+ raise HashValidationFailed('Value to expect for "%s" is not known')
+
+ validate_sha256(local_fname, self.hashes['SHA256'][upstream_fname])
+
+ def download_and_validate_file(self, upstream_fname, local_fname):
+ url = self.base_url + upstream_fname
+ try:
+ rf = urlopen(url, None, 10)
+ with open(local_fname, "w") as wf:
+ copyfileobj(rf, wf)
+ finally:
+ rf.close()
+
+ self.validate_file(upstream_fname, local_fname)
--
2.11.0
More information about the elbe-devel
mailing list