[elbe-devel] [PATCH 3/4] Change md5 to sha256 for APTPackage
Bastian Germann
bage at linutronix.de
Mon Jul 29 18:06:53 CEST 2019
> From: Olivier Dion <dion at linutronix.de>
>
> According to
> <https://wiki.debian.org/DebianRepository/Format#A.22Release.22_files>,
> packages should be verifies with sha256.
>
> Also, in the python-apt packge (see
> https://salsa.debian.org/apt-team/python-apt), there's a nullptr
> derefence that makes the daemon crash if a sum doesn't exist. See
> 883f8ddeaa314a27b8b05bd147d486e30a7315aa.
>
> Since sha256 sums are mandatories for Buster packages, we can assume
> that it won't happen.
>
> Signed-off-by: Olivier Dion <dion at linutronix.de>
Reviewed-by: Bastian Germann <bage at linutronix.de>
> ---
> elbepack/aptpkgutils.py | 15 +++++++--------
> schema/dbsfed.xsd | 4 ++--
> 2 files changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/elbepack/aptpkgutils.py b/elbepack/aptpkgutils.py
> index 9c8b37ce..be9bafb0 100644
> --- a/elbepack/aptpkgutils.py
> +++ b/elbepack/aptpkgutils.py
> @@ -77,7 +77,7 @@ class PackageBase(object):
> # pylint: disable=too-many-instance-attributes
>
> def __init__(self, name, installed_version,
> - candidate_version, installed_md5, candidate_md5,
> + candidate_version, installed_sha256, candidate_sha256,
> state, is_auto_installed, origin, architecture):
>
> # pylint: disable=too-many-arguments
> @@ -85,8 +85,8 @@ class PackageBase(object):
> self.name = name
> self.installed_version = installed_version
> self.candidate_version = candidate_version
> - self.installed_md5 = installed_md5
> - self.candidate_md5 = candidate_md5
> + self.installed_sha256 = installed_sha256
> + self.candidate_sha256 = candidate_sha256
> self.state = state
> self.is_auto_installed = is_auto_installed
> self.origin = origin
> @@ -107,11 +107,10 @@ class APTPackage(PackageBase):
> def __init__(self, pkg, cache=None):
> if isinstance(pkg, str):
> pkg = cache[pkg]
> -
> iver = pkg.installed and pkg.installed.version
> cver = pkg.candidate and pkg.candidate.version
> - imd5 = pkg.installed and pkg.installed.md5
> - cmd5 = pkg.candidate and pkg.candidate.md5
> + isha256 = pkg.installed and pkg.installed.sha256
> + csha256 = pkg.candidate and pkg.candidate.sha256
> self.state = pkgstate(pkg)
> self.is_auto_installed = pkg.is_auto_installed
> origin = pkgorigin(pkg)
> @@ -128,7 +127,7 @@ class APTPackage(PackageBase):
> self.installed_deb = None
>
> PackageBase.__init__(self, pkg.name, iver,
> - cver, imd5, cmd5,
> + cver, isha256, csha256,
> pkgstate(pkg), pkg.is_auto_installed,
> origin, arch)
>
> @@ -136,6 +135,6 @@ class APTPackage(PackageBase):
> class XMLPackage(PackageBase):
> def __init__(self, node, arch):
> PackageBase.__init__(self, node.et.text, node.et.get('version'),
> - None, node.et.get('md5'), None,
> + None, node.et.get('sha256'), None,
> INSTALLED, node.et.get('auto') == 'true',
> None, arch)
> diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
> index fbed8e98..7e2eb1da 100644
> --- a/schema/dbsfed.xsd
> +++ b/schema/dbsfed.xsd
> @@ -2248,10 +2248,10 @@
> </documentation>
> </annotation>
> </attribute>
> - <attribute name="md5" type="string" use="optional">
> + <attribute name="sha256" type="string" use="optional">
> <annotation>
> <documentation>
> - md5 sum of the package.
> + sha256 sum of the package.
> </documentation>
> </annotation>
> </attribute>
>
More information about the elbe-devel
mailing list