http: Compare retrieved files against a checksum

If the checksum does not match, the file is redownloaded from
another mirror server until all mirrors have been tried.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/pakfire/http.py b/src/pakfire/http.py
index be4619320844666c6f989a6ed340fa2e40c4cd12..7222cf5cb64de47dee980685d2b776d88421d8ae 100644 (file)
--- a/src/pakfire/http.py
+++ b/src/pakfire/http.py
@@ -20,6 +20,7 @@
 ###############################################################################
 
 import base64
+import hashlib
 import json
 import logging
 import shutil
@@ -296,7 +297,7 @@ class Client(object):
 
                raise MaxTriesExceededError
 
-       def retrieve(self, url, filename=None, message=None, **kwargs):
+       def retrieve(self, url, filename=None, message=None, checksum=None, checksum_algo=None, **kwargs):
                p = None
                skipped_mirrors = []
 
@@ -329,17 +330,25 @@ class Client(object):
                                                                l = self._get_content_length(res)
                                                                p.value_max = l
 
+                                                               # Compute a checksum of each downloaded file
+                                                               h = hashlib.new(checksum_algo or "sha512")
+
                                                                while True:
                                                                        buf = res.read(BUFFER_SIZE)
                                                                        if not buf:
                                                                                break
 
                                                                        # Write downloaded data to file
+                                                                       h.update(buf)
                                                                        f.write(buf)
 
                                                                        l = len(buf)
                                                                        p.increment(l)
 
+                                                               # Check integrity of the downloaded file
+                                                               if checksum and not checksum == h.hexdigest():
+                                                                       raise DownloadError(_("Invalid checksum"))
+
                                                                # If the download succeeded, we will
                                                                # break the loop
                                                                break