Added checksum checking in download_package

Signed-off-by: Victor Moene <[email protected]>
cfengine · Dec 12, 2024 · e40ec6e · e40ec6e
1 parent 385f9d6
commit e40ec6e
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 12 deletions.
diff --git a/cf_remote/commands.py b/cf_remote/commands.py
@@ -296,7 +296,7 @@ def _iterate_over_packages(tags=None, version=None, edition=None, download=False
     else:
         for artifact in artifacts:
             if download:
-                download_package(artifact.url, checksum=artifact.data.get("SHA256"))
+                download_package(artifact.url, checksum=artifact.checksum)
             else:
                 print(artifact.url)
     return 0

diff --git a/cf_remote/packages.py b/cf_remote/packages.py
@@ -26,6 +26,8 @@ def __init__(self, data, filename=None):
         self.tags = ["any"]
         self.create_tags()
 
+        self.checksum = data.get("SHA256")
+
     def create_tags(self):
         if self.arch:
             self.add_tag(self.arch)

diff --git a/cf_remote/remote.py b/cf_remote/remote.py
@@ -249,6 +249,7 @@ def get_info(host, *, users=None, connection=None):
 def install_package(host, pkg, data, *, connection=None):
 
     print("Installing: '{}' on '{}'".format(pkg, host))
+    output = None
     if ".deb" in pkg:
         output = ssh_sudo(connection, 'dpkg -i "{}"'.format(pkg), True)
     elif ".msi" in pkg:
@@ -391,7 +392,7 @@ def _package_from_releases(tags, extension, version, edition, remote_download):
     if remote_download:
         return artifact.url
     else:
-        return download_package(artifact.url)
+        return download_package(artifact.url, checksum=artifact.checksum)
 
 
 def get_package_from_host_info(

diff --git a/cf_remote/web.py b/cf_remote/web.py
@@ -27,11 +27,9 @@ def get_json(url):
 
 def download_package(url, path=None, checksum=None):
 
-    if not checksum :
-        user_error("No checksum found")
 
-    if not SHA256_RE.match(checksum):
-        user_error("Invalid checksum or unsupported checksum algorithm: '%s'" % checksum)
+    if checksum and not SHA256_RE.match(checksum):
+        user_error("Invalid checksum or unsupOkported checksum algorithm: '%s'" % checksum)
 
     if not path:
         filename = os.path.basename(url)
@@ -52,13 +50,14 @@ def download_package(url, path=None, checksum=None):
             print("Downloading package: '{}'".format(path))
 
             answer = urllib.request.urlopen(url).read()
-            digest = hashlib.sha256(answer).digest().hex()
 
-            if checksum == digest :
-                f.write(answer)
-                f.flush()
-            else :
-                user_error("Mismatching checksums")
+            if checksum :
+                digest = hashlib.sha256(answer).digest().hex()
+                if checksum != digest :
+                    user_error("Mismatching checksums")
+
+            f.write(answer)
+            f.flush()
 
         fcntl.flock(f.fileno(), fcntl.LOCK_UN)