From cec935bb192b271bf743853e1db5276a85cdb5c7 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 26 Feb 2011 00:34:07 +0100 Subject: [PATCH] Check hashsum of download package database file. --- pakfire/index.py | 7 +++++-- pakfire/packages/util.py | 17 +++++++++++------ 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/pakfire/index.py b/pakfire/index.py index 4082fc669..7b9efb1a9 100644 --- a/pakfire/index.py +++ b/pakfire/index.py @@ -269,7 +269,11 @@ class DatabaseIndex(InstalledIndex): data = grabber.urlread(filename) - # XXX check the hashsum of the downloaded file + # check the hashsum of the downloaded file + if not util.calc_hash1(data=data) == self.metadata.database_hash1: + # XXX an exception is not a very good idea because this file could + # be downloaded from another mirror. need a better way to handle this. + raise Exception, "Downloaded file did not match the hashsum. Need to re-download it." with cache.open(filename, "w") as o: o.write(data) @@ -323,7 +327,6 @@ class DatabaseIndex(InstalledIndex): self._update_database(force) # XXX this code needs lots of work: - # XXX * make checks for downloads (hashsums) # XXX * check the metadata content def save(self, path=None, compress="xz"): diff --git a/pakfire/packages/util.py b/pakfire/packages/util.py index 071dbdd79..3254b4c76 100644 --- a/pakfire/packages/util.py +++ b/pakfire/packages/util.py @@ -68,16 +68,21 @@ def format_size(s): return "%d%s" % (int(s), units[unit]) -def calc_hash1(filename): +def calc_hash1(filename=None, data=None): h = hashlib.sha1() - f = open(filename) - buf = f.read(BUFFER_SIZE) - while buf: - h.update(buf) + if filename: + f = open(filename) buf = f.read(BUFFER_SIZE) + while buf: + h.update(buf) + buf = f.read(BUFFER_SIZE) + + f.close() + + elif data: + h.update(data) - f.close() return h.hexdigest() def parse_pkg_expr(s): -- 2.39.5