[elbe-devel] [PATCH v2 3/6] hashes: add elbepack.hashes including HashValidator and validate_sha256()

Torben Hohn torben.hohn at linutronix.de
Wed Sep 26 12:13:49 CEST 2018 

HashValidator is a Baseclass to implement downloading and validating
files against a list of hashes.

this is used later for debian Release and SHA256SUMS files.

Signed-off-by: Torben Hohn <torben.hohn at linutronix.de>
---
 elbepack/hashes.py | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 elbepack/hashes.py

diff --git a/elbepack/hashes.py b/elbepack/hashes.py
new file mode 100644
index 00000000..092be97f
--- /dev/null
+++ b/elbepack/hashes.py
@@ -0,0 +1,53 @@
+# ELBE - Debian Based Embedded Rootfilesystem Builder
+# Copyright (c) 2018 Torben Hohn <torben.hohn at linutronix.de>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import hashlib
+from urllib2 import urlopen
+from shutil import copyfileobj
+
+
+class HashValidationFailed(Exception):
+    pass
+
+def validate_sha256(fname, expected_hash):
+    m = hashlib.sha256()
+    with open(fname, "rb") as f:
+        buf = f.read(65536)
+        while buf:
+            m.update(buf)
+            buf = f.read(65536)
+    if m.hexdigest() != expected_hash:
+        raise HashValidationFailed(
+                'file "%s" failed to verify ! got: "%s" expected: "%s"' %
+                (fname, m.hexdigest(), expected_hash))
+
+
+class HashValidator(object):
+    def __init__(self, base_url):
+        self.hashes = {}
+        self.base_url = base_url
+
+    def insert_fname_hash(self, algo, fname, hash_val):
+        if not algo in self.hashes:
+            self.hashes[algo] = {}
+
+        self.hashes[algo][fname] = hash_val
+
+    def validate_file(self, upstream_fname, local_fname):
+        if upstream_fname not in self.hashes['SHA256']:
+            raise HashValidationFailed('Value to expect for "%s" is not known')
+
+        validate_sha256(local_fname, self.hashes['SHA256'][upstream_fname])
+
+    def download_and_validate_file(self, upstream_fname, local_fname):
+        url = self.base_url + upstream_fname
+        try:
+            rf = urlopen(url, None, 10)
+            with open(local_fname, "w") as wf:
+                copyfileobj(rf, wf)
+        finally:
+            rf.close()
+
+        self.validate_file(upstream_fname, local_fname)
-- 
2.11.0

More information about the elbe-devel mailing list