linaro-pkg team mailing list archive
-
linaro-pkg team
-
Mailing list archive
-
Message #02131
Bug#820454: linaro-image-tools: enable sha256 hash check support
Package: linaro-image-tools
Version: 2014.11-1
Severity: important
Tags: patch
Dear maintainers,
With recent APT (>= 1.1~exp12) md5sum is no longer considered a usable hash,
when creating a hwpack, the Packages file only includes support for md5sum,
which turns out to fail on the image building part due to checksum mismatch
Get:1 file:/tmp/tmp.XXXXdSXHcN/unpacked/pkgs ./ sensible-utils 0.0.9 [11.0 kB]
Err:1 file:/tmp/tmp.XXXXdSXHcN/unpacked/pkgs ./ sensible-utils 0.0.9
Hash Sum mismatch
If sha256 hash is added to hwpack Packages files, then everything runs back
as it used to.
I am attaching a patch that solves this issue for me.
Regards
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (900, 'unstable'), (500, 'buildd-unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 4.4.0-1-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages linaro-image-tools depends on:
ii apt-utils 1.2.9
ii dosfstools 3.0.28-2
ii gdisk 1.0.1-1
ii libpython2.7-stdlib [python-argparse] 2.7.11-7
ii parted 3.2-15
ii python 2.7.11-1
ii python-dbus 1.2.4-1
ii python-debian 0.1.27
ii python-linaro-image-tools 2014.11-1
ii python-parted 3.10.7-2+b1
ii python-yaml 3.11-3+b1
ii sudo 1.8.15-1.1
ii u-boot-tools 2016.03+dfsg1-2
Versions of packages linaro-image-tools recommends:
ii btrfs-tools 4.4-1
ii command-not-found 0.2.38-3
ii qemu-user-static 1:2.5+dfsg-5
ii udisks 1.0.5-1+b1
linaro-image-tools suggests no packages.
-- no debconf information
Description: add support for sha256 hashes in Packages file
Since APT disabled MD5sum support, linaro-hwpack-install fails with
checksum mismatch errors as it is unable to verify package integrity
using md5 hash. The following implements sha256 hash support.
.
linaro-image-tools (2014.11-1.1) UNRELEASED; urgency=medium
.
* Allow sha256 hashes on Packages file.
Author: Héctor Orón Martínez <zumbi@xxxxxxxxxx>
--- linaro-image-tools-2014.11.orig/linaro_image_tools/hwpack/packages.py
+++ linaro-image-tools-2014.11/linaro_image_tools/hwpack/packages.py
@@ -87,6 +87,7 @@ def get_packages_file(packages, extra_te
if package.breaks:
parts.append('Breaks: %s' % package.breaks)
parts.append('MD5sum: %s' % package.md5)
+ parts.append('SHA256: %s' % package.sha256)
content += "\n".join(parts)
content += "\n\n"
return content
@@ -295,6 +296,9 @@ class FetchedPackage(object):
:ivar md5: the hex representation of the md5sum of the contents of
the package.
:type md5: str
+ :ivar sha256: the hex representation of the sha256sum of the contents of
+ the package.
+ :type sha256: str
:ivar architecture: the architecture that the package is for, may be
'all'.
:type architecture: str
@@ -331,7 +335,7 @@ class FetchedPackage(object):
:type breaks: str or None
"""
- def __init__(self, name, version, filename, size, md5,
+ def __init__(self, name, version, filename, size, md5, sha256,
architecture, depends=None, pre_depends=None,
multi_arch=None, conflicts=None, recommends=None,
provides=None, replaces=None, breaks=None):
@@ -344,6 +348,7 @@ class FetchedPackage(object):
self.filename = filename
self.size = size
self.md5 = md5
+ self.sha256 = sha256
self.architecture = architecture
self.depends = depends
self.pre_depends = pre_depends
@@ -389,7 +394,7 @@ class FetchedPackage(object):
provides = ", ".join([a[0] for a in pkg._cand.provides_list]) or None
pkg = cls(
pkg.package.name, pkg.version, filename, pkg.size,
- pkg.md5, pkg.architecture, depends=depends,
+ pkg.md5, pkg.sha256, pkg.architecture, depends=depends,
pre_depends=pre_depends, multi_arch=multi_arch,
conflicts=conflicts, recommends=recommends, provides=provides,
replaces=replaces, breaks=breaks)
@@ -406,6 +411,7 @@ class FetchedPackage(object):
filename = os.path.basename(deb_file_path)
size = os.path.getsize(deb_file_path)
md5sum = hashlib.md5(open(deb_file_path).read()).hexdigest()
+ sha256sum = hashlib.sha256(open(deb_file_path).read()).hexdigest()
architecture = debcontrol['Architecture']
depends = debcontrol.get('Depends')
pre_depends = debcontrol.get('Pre-Depends')
@@ -416,8 +422,8 @@ class FetchedPackage(object):
replaces = debcontrol.get('Replaces')
breaks = debcontrol.get('Breaks')
pkg = cls(
- name, version, filename, size, md5sum, architecture, depends,
- pre_depends, multi_arch, conflicts, recommends, provides,
+ name, version, filename, size, md5sum, sha256sum, architecture,
+ depends, pre_depends, multi_arch, conflicts, recommends, provides,
replaces, breaks)
pkg.content = open(deb_file_path)
pkg._file_path = deb_file_path
@@ -434,6 +440,7 @@ class FetchedPackage(object):
'filename',
'size',
'md5',
+ 'sha256',
'architecture',
'depends',
'pre_depends',
@@ -774,7 +781,7 @@ class PackageFetcher(object):
result_package = fetched[package.name]
destfile = os.path.join(self.cache.tempdir, base)
acqfile = apt_pkg.AcquireFile(
- acq, candidate.uri, candidate.md5, candidate.size,
+ acq, candidate.uri, candidate.sha256, candidate.size,
base, destfile=destfile)
acqfiles.append((acqfile, result_package, destfile))
# check if we have a private key in the pkg url