verify buildrequires after downloading them

2010-07-26 12:53:28 -04:00 · 2010-07-26 12:53:28 -04:00 · ebf9aaaf1b
commit ebf9aaaf1b
parent 7a6b44c4a9
2 changed files with 22 additions and 3 deletions
--- a/vm/kojikamid
+++ b/vm/kojikamid
@ -39,6 +39,7 @@ import base64
 import hashlib
 import traceback
 import base64
+import hashlib

 MANAGER_PORT = 7000

@ -393,6 +394,7 @@ class WindowsBuild(object):
        ensuredir(os.path.dirname(destpath))
        destfile = file(destpath, 'w')
        offset = 0
+        checksum = hashlib.sha1()
        while True:
            encoded = self.server.getFile(buildinfo, fileinfo, encode_int(offset), 1048576, type)
            if not encoded:
@ -401,8 +403,11 @@ class WindowsBuild(object):
            del encoded
            destfile.write(data)
            offset += len(data)
+            checksum.update(data)
        destfile.close()
-        self.logfile.write('Retrieved %s (%s bytes)\n' % (destpath, offset))
+        digest = checksum.hexdigest()
+        self.server.verifyBuildReq(buildinfo, fileinfo, type, digest, 'sha1')
+        self.logfile.write('Retrieved %s (%s bytes, sha1: %s)\n' % (destpath, offset, digest))

    def fetchBuildReqs(self):
        """Retrieve buildrequires listed in the spec file"""
--- a/vm/kojivmd
+++ b/vm/kojivmd
@ -283,6 +283,7 @@ class TaskXMLRPCServer(DaemonXMLRPCServer):
        self.register_function(task_handler.getLatestBuild)
        self.register_function(task_handler.getFileList)
        self.register_function(task_handler.getFile)
+        self.register_function(task_handler.verifyBuildReq)
        self.register_function(task_handler.upload)
        self.register_function(task_handler.verifyChecksum)

@ -534,6 +535,15 @@ class VMExecTask(BaseTaskHandler):
        finally:
            fileobj.close()

+    def verifyBuildReq(self, buildinfo, archiveinfo, type, checksum, algo='sha1'):
+        """
+        Verify the checksum of a build requirement.  The in-VM daemon calls this
+        method to verify that the file it has downloaded is valid.
+        """
+        fileobj = self.localCache(buildinfo, archiveinfo, type)
+        fileobj.close()
+        return self.verifyChecksum(fileobj.name, checksum, algo)
+
    def upload(self, path, offset, contents):
        local_path = os.path.abspath(os.path.join(self.output_dir, path))
        if not local_path.startswith(self.output_dir):
@ -560,8 +570,12 @@ class VMExecTask(BaseTaskHandler):
        return len(data)

    def verifyChecksum(self, path, checksum, algo='sha1'):
-        local_path = os.path.abspath(os.path.join(self.output_dir, path))
-        if not local_path.startswith(self.output_dir):
+        if path.startswith('/'):
+            # Only happens when called by verifyBuildReq()
+            local_path = path
+        else:
+            local_path = os.path.abspath(os.path.join(self.output_dir, path))
+        if not local_path.startswith(self.workdir):
            raise koji.BuildError, 'invalid path: %s' % path
        if not os.path.isfile(local_path):
            raise koji.BuildError, '%s does not exist' % local_path