[elbe-devel] [PATCH v3 2/8] hashes: add elbepack.hashes including HashValidator and validate_sha256()
Torben Hohn
torben.hohn at linutronix.de
Mon Oct 15 15:18:00 CEST 2018
HashValidator is a Baseclass to implement downloading and validating
files against a list of hashes.
this is used later for debian Release and SHA256SUMS files.
Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
debian/python-elbe-common.install | 1 +
debian/python3-elbe-common.install | 1 +
elbepack/hashes.py | 67 ++++++++++++++++++++++++++++++++++++++
3 files changed, 69 insertions(+)
create mode 100644 elbepack/hashes.py
diff --git a/debian/python-elbe-common.install b/debian/python-elbe-common.install
index bf51499c..1c71ab61 100644
--- a/debian/python-elbe-common.install
+++ b/debian/python-elbe-common.install
@@ -16,6 +16,7 @@
./usr/lib/python2.*/*-packages/elbepack/elbeproject.py
./usr/lib/python2.*/*-packages/elbepack/filesystem.py
./usr/lib/python2.*/*-packages/elbepack/gpg.py
+./usr/lib/python2.*/*-packages/elbepack/hashes.py
./usr/lib/python2.*/*-packages/elbepack/initvmaction.py
./usr/lib/python2.*/*-packages/elbepack/kvm.py
./usr/lib/python2.*/*-packages/elbepack/licencexml.py
diff --git a/debian/python3-elbe-common.install b/debian/python3-elbe-common.install
index c2a0aec7..744a3342 100644
--- a/debian/python3-elbe-common.install
+++ b/debian/python3-elbe-common.install
@@ -16,6 +16,7 @@
./usr/lib/python3.*/*-packages/elbepack/elbeproject.py
./usr/lib/python3.*/*-packages/elbepack/filesystem.py
./usr/lib/python3.*/*-packages/elbepack/gpg.py
+./usr/lib/python3.*/*-packages/elbepack/hashes.py
./usr/lib/python3.*/*-packages/elbepack/initvmaction.py
./usr/lib/python3.*/*-packages/elbepack/kvm.py
./usr/lib/python3.*/*-packages/elbepack/licencexml.py
diff --git a/elbepack/hashes.py b/elbepack/hashes.py
new file mode 100644
index 00000000..47482790
--- /dev/null
+++ b/elbepack/hashes.py
@@ -0,0 +1,67 @@
+# ELBE - Debian Based Embedded Rootfilesystem Builder
+# Copyright (c) 2018 Torben Hohn <torben.hohn at linutronix.de>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import hashlib
+from shutil import copyfileobj
+
+# different module names in python 2 and 3
+try:
+ import urllib.request
+
+ # when running inside pylint this import fails
+ # disable no-member here
+ #
+ # pylint: disable=no-member
+
+ urlopen = urllib.request.urlopen
+except ImportError:
+ import urllib2
+ urlopen = urllib2.urlopen
+
+
+class HashValidationFailed(Exception):
+ pass
+
+
+def validate_sha256(fname, expected_hash):
+ m = hashlib.sha256()
+ with open(fname, "rb") as f:
+ buf = f.read(65536)
+ while buf:
+ m.update(buf)
+ buf = f.read(65536)
+ if m.hexdigest() != expected_hash:
+ raise HashValidationFailed(
+ 'file "%s" failed to verify ! got: "%s" expected: "%s"' %
+ (fname, m.hexdigest(), expected_hash))
+
+
+class HashValidator(object):
+ def __init__(self, base_url):
+ self.hashes = {}
+ self.base_url = base_url
+
+ def insert_fname_hash(self, algo, fname, hash_val):
+ if algo not in self.hashes:
+ self.hashes[algo] = {}
+
+ self.hashes[algo][fname] = hash_val
+
+ def validate_file(self, upstream_fname, local_fname):
+ if upstream_fname not in self.hashes['SHA256']:
+ raise HashValidationFailed('Value to expect for "%s" is not known')
+
+ validate_sha256(local_fname, self.hashes['SHA256'][upstream_fname])
+
+ def download_and_validate_file(self, upstream_fname, local_fname):
+ url = self.base_url + upstream_fname
+ try:
+ rf = urlopen(url, None, 10)
+ with open(local_fname, "w") as wf:
+ copyfileobj(rf, wf)
+ finally:
+ rf.close()
+
+ self.validate_file(upstream_fname, local_fname)
--
2.11.0
More information about the elbe-devel
mailing list