From bf6a52c9368d0d04167a84635e8dd0bf49fe23a1 Mon Sep 17 00:00:00 2001
From: Ken Dreyer <kdreyer@redhat.com>
Date: Tue, 8 Nov 2022 17:12:03 -0500
Subject: [PATCH] kojivmd: check for HTTP errors in getFile()

kojivmd proxies files from Koji's topurl through the getFile() RPC.
In some cases (misconfigurations), kojivmd can fail to download files
from topurl.

Prior to this change, if kojivmd failed to download a file (for example,
a 404 error), it would silently cache the 404 error HTTP body contents
and pass those on to verifyChecksum(). As a result, kojivmd would verify
the checksum of an HTML error page, rather than checksuming the intended
Koji archive file. In this scenario, it's difficult for administrators
to diagnose why checksums are not matching.

Check the HTTP response for errors before doing anything with the
response contents. With this change, winbuild tasks will fail with an
easier-to-understand "HTTP 404 not found" HTTPError, rather than a Koji
BuildError about checksums.
---
 vm/kojivmd | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vm/kojivmd b/vm/kojivmd
index 0642c9cd..0853bf52 100755
--- a/vm/kojivmd
+++ b/vm/kojivmd
@@ -715,6 +715,7 @@ class VMExecTask(BaseTaskHandler):
             koji.ensuredir(os.path.dirname(localpath))
             # closing needs to be used for requests < 2.18.0
             with closing(requests.get(remote_url, stream=True)) as response:
+                response.raise_for_status()
                 with open(localpath, 'wb') as f:
                     for chunk in response.iter_content(chunk_size=65536):
                         f.write(chunk)