Skip to content

Commit

Permalink
Added checksum checking in download_package
Browse files Browse the repository at this point in the history
Signed-off-by: Victor Moene <[email protected]>
  • Loading branch information
victormlg committed Dec 12, 2024
1 parent ba72361 commit 2c726e3
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 5 deletions.
2 changes: 1 addition & 1 deletion cf_remote/commands.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ def _iterate_over_packages(tags=None, version=None, edition=None, download=False
else:
for artifact in artifacts:
if download:
download_package(artifact.url)
download_package(artifact.url, checksum=artifact.checksum)
else:
print(artifact.url)
return 0
Expand Down
2 changes: 2 additions & 0 deletions cf_remote/packages.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ def __init__(self, data, filename=None):
self.tags = ["any"]
self.create_tags()

self.checksum = data.get("SHA256")

def create_tags(self):
if self.arch:
self.add_tag(self.arch)
Expand Down
3 changes: 2 additions & 1 deletion cf_remote/remote.py
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@ def get_info(host, *, users=None, connection=None):
def install_package(host, pkg, data, *, connection=None):

print("Installing: '{}' on '{}'".format(pkg, host))
output = None
if ".deb" in pkg:
output = ssh_sudo(connection, 'dpkg -i "{}"'.format(pkg), True)
elif ".msi" in pkg:
Expand Down Expand Up @@ -391,7 +392,7 @@ def _package_from_releases(tags, extension, version, edition, remote_download):
if remote_download:
return artifact.url
else:
return download_package(artifact.url)
return download_package(artifact.url, checksum=artifact.checksum)


def get_package_from_host_info(
Expand Down
23 changes: 20 additions & 3 deletions cf_remote/web.py
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
import hashlib
import os
import fcntl
import re
import urllib.request
import json
from collections import OrderedDict
from cf_remote.utils import write_json, mkdir, parse_json
from cf_remote.utils import user_error, write_json, mkdir, parse_json
from cf_remote import log
from cf_remote.paths import cf_remote_dir, cf_remote_packages_dir

SHA256_RE = re.compile(r"^[0-9a-f]{64}$")

def get_json(url):
with urllib.request.urlopen(url) as r:
Expand All @@ -22,7 +25,12 @@ def get_json(url):
return data


def download_package(url, path=None):
def download_package(url, path=None, checksum=None):


if checksum and not SHA256_RE.match(checksum):
user_error("Invalid checksum or unsupported checksum algorithm: '%s'" % checksum)

if not path:
filename = os.path.basename(url)
directory = cf_remote_packages_dir()
Expand All @@ -40,8 +48,17 @@ def download_package(url, path=None):
log.debug("Package '{}' already downloaded".format(path))
else:
print("Downloading package: '{}'".format(path))
f.write(urllib.request.urlopen(url).read())

answer = urllib.request.urlopen(url).read()

if checksum:
digest = hashlib.sha256(answer).digest().hex()
if checksum != digest:
user_error("Downloaded file '{}' does not match expected checksum '{}'".format(filename, checksum))

f.write(answer)
f.flush()

fcntl.flock(f.fileno(), fcntl.LOCK_UN)

return path

0 comments on commit 2c726e3

Please sign in to comment.