[elbe-devel] [PATCH v3 2/8] hashes: add elbepack.hashes including HashValidator and validate_sha256()
Manuel Traut
manut at linutronix.de
Fri Oct 19 12:15:27 CEST 2018
On Mon, Oct 15, 2018 at 03:18:00PM +0200, Torben Hohn wrote:
> HashValidator is a Baseclass to implement downloading and validating
> files against a list of hashes.
>
> this is used later for debian Release and SHA256SUMS files.
>
> Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
Reviewed-by: Manuel Traut <manut at linutronix.de>
> ---
> debian/python-elbe-common.install | 1 +
> debian/python3-elbe-common.install | 1 +
> elbepack/hashes.py | 67 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 69 insertions(+)
> create mode 100644 elbepack/hashes.py
>
> diff --git a/debian/python-elbe-common.install b/debian/python-elbe-common.install
> index bf51499c..1c71ab61 100644
> --- a/debian/python-elbe-common.install
> +++ b/debian/python-elbe-common.install
> @@ -16,6 +16,7 @@
> ./usr/lib/python2.*/*-packages/elbepack/elbeproject.py
> ./usr/lib/python2.*/*-packages/elbepack/filesystem.py
> ./usr/lib/python2.*/*-packages/elbepack/gpg.py
> +./usr/lib/python2.*/*-packages/elbepack/hashes.py
> ./usr/lib/python2.*/*-packages/elbepack/initvmaction.py
> ./usr/lib/python2.*/*-packages/elbepack/kvm.py
> ./usr/lib/python2.*/*-packages/elbepack/licencexml.py
> diff --git a/debian/python3-elbe-common.install b/debian/python3-elbe-common.install
> index c2a0aec7..744a3342 100644
> --- a/debian/python3-elbe-common.install
> +++ b/debian/python3-elbe-common.install
> @@ -16,6 +16,7 @@
> ./usr/lib/python3.*/*-packages/elbepack/elbeproject.py
> ./usr/lib/python3.*/*-packages/elbepack/filesystem.py
> ./usr/lib/python3.*/*-packages/elbepack/gpg.py
> +./usr/lib/python3.*/*-packages/elbepack/hashes.py
> ./usr/lib/python3.*/*-packages/elbepack/initvmaction.py
> ./usr/lib/python3.*/*-packages/elbepack/kvm.py
> ./usr/lib/python3.*/*-packages/elbepack/licencexml.py
> diff --git a/elbepack/hashes.py b/elbepack/hashes.py
> new file mode 100644
> index 00000000..47482790
> --- /dev/null
> +++ b/elbepack/hashes.py
> @@ -0,0 +1,67 @@
> +# ELBE - Debian Based Embedded Rootfilesystem Builder
> +# Copyright (c) 2018 Torben Hohn <torben.hohn at linutronix.de>
> +#
> +# SPDX-License-Identifier: GPL-3.0-or-later
> +
> +import hashlib
> +from shutil import copyfileobj
> +
> +# different module names in python 2 and 3
> +try:
> + import urllib.request
> +
> + # when running inside pylint this import fails
> + # disable no-member here
> + #
> + # pylint: disable=no-member
> +
> + urlopen = urllib.request.urlopen
> +except ImportError:
> + import urllib2
> + urlopen = urllib2.urlopen
> +
> +
> +class HashValidationFailed(Exception):
> + pass
> +
> +
> +def validate_sha256(fname, expected_hash):
> + m = hashlib.sha256()
> + with open(fname, "rb") as f:
> + buf = f.read(65536)
> + while buf:
> + m.update(buf)
> + buf = f.read(65536)
> + if m.hexdigest() != expected_hash:
> + raise HashValidationFailed(
> + 'file "%s" failed to verify ! got: "%s" expected: "%s"' %
> + (fname, m.hexdigest(), expected_hash))
> +
> +
> +class HashValidator(object):
> + def __init__(self, base_url):
> + self.hashes = {}
> + self.base_url = base_url
> +
> + def insert_fname_hash(self, algo, fname, hash_val):
> + if algo not in self.hashes:
> + self.hashes[algo] = {}
> +
> + self.hashes[algo][fname] = hash_val
> +
> + def validate_file(self, upstream_fname, local_fname):
> + if upstream_fname not in self.hashes['SHA256']:
> + raise HashValidationFailed('Value to expect for "%s" is not known')
> +
> + validate_sha256(local_fname, self.hashes['SHA256'][upstream_fname])
> +
> + def download_and_validate_file(self, upstream_fname, local_fname):
> + url = self.base_url + upstream_fname
> + try:
> + rf = urlopen(url, None, 10)
> + with open(local_fname, "w") as wf:
> + copyfileobj(rf, wf)
> + finally:
> + rf.close()
> +
> + self.validate_file(upstream_fname, local_fname)
> --
> 2.11.0
>
>
> _______________________________________________
> elbe-devel mailing list
> elbe-devel at linutronix.de
> https://lists.linutronix.de/mailman/listinfo/elbe-devel
More information about the elbe-devel
mailing list