/snapcraft forked from snapcore/snapcraft

Permalink
Browse files

Add really broken start of a fix for bug 1585913

  • Loading branch information...
1 parent 1470009 commit 273c8fde9f59dfb3f66f8a68a86911d6aac0b84b @tsimonq2 committed Jun 29, 2016
View
10 snapcraft/_baseplugin.py
@@ -46,6 +46,10 @@ def schema(cls):
'type': 'string',
'default': '',
},
+ 'source-checksum': {
+ 'type': 'string',
+ 'default': '',
+ },
'source-branch': {
'type': 'string',
'default': '',
@@ -62,8 +66,9 @@ def schema(cls):
'required': [
'source',
],
- 'pull-properties': ['source', 'source-type', 'source-branch',
- 'source-tag', 'source-subdir'],
+ 'pull-properties': ['source', 'source-type', 'source-checksum',
+ 'source-branch', 'source-tag',
+ 'source-subdir'],
'build-properties': []
}
@@ -108,6 +113,7 @@ def pull(self):
part properties to retrieve source code:
- source
+ - source-checksum
- source-branch
- source-tag
- source-type
View
62 snapcraft/internal/sources.py
@@ -33,6 +33,12 @@
control system or compression algorithim. The source-type key can tell
snapcraft exactly how to treat that content.
+ - source-checksum: checksum-of-file
+
+ Snapcraft will use either a file, URL, or raw checksum specified here to
+ verify the integrity of the source. The source-type needs to be either tar
+ or zip.
+
- source-branch: <branch-name>
Snapcraft will checkout a specific branch from the source tree. This
@@ -69,6 +75,7 @@
import subprocess
import tempfile
import zipfile
+import urllib3
from snapcraft.internal import common
@@ -82,11 +89,18 @@ def __init__(self, message):
self.message = message
+class NonMatchingChecksum(Exception):
+
+ def __init__(self, message):
+ self.message = message
+
+
class Base:
- def __init__(self, source, source_dir, source_tag=None,
- source_branch=None):
+ def __init__(self, source, source_checksum, source_dir,
+ source_tag=None, source_branch=None):
self.source = source
+ self.source_checksum = source_checksum
self.source_dir = source_dir
self.source_tag = source_tag
self.source_branch = source_branch
@@ -122,6 +136,9 @@ def __init__(self, source, source_dir, source_tag=None,
if source_branch:
raise IncompatibleOptionsError(
'can\'t specify a source-branch for a bzr source')
+ elif source_checksum:
+ raise IncompatibleOptionsError(
+ 'can\'t specify source-checksum for a git source')
def pull(self):
tag_opts = []
@@ -147,6 +164,9 @@ def __init__(self, source, source_dir, source_tag=None,
raise IncompatibleOptionsError(
'can\'t specify both source-tag and source-branch for '
'a git source')
+ elif source_checksum:
+ raise IncompatibleOptionsError(
+ 'can\'t specify source-checksum for a git source')
def pull(self):
if os.path.exists(os.path.join(self.source_dir, '.git')):
@@ -183,6 +203,9 @@ def __init__(self, source, source_dir, source_tag=None,
raise IncompatibleOptionsError(
'can\'t specify both source-tag and source-branch for a '
'mercurial source')
+ elif source_checksum:
+ raise IncompatibleOptionsError(
+ 'can\'t specify source-checksum for a mercurial source')
def pull(self):
if os.path.exists(os.path.join(self.source_dir, '.hg')):
@@ -217,6 +240,9 @@ def __init__(self, source, source_dir, source_tag=None,
elif source_branch:
raise IncompatibleOptionsError(
"Can't specify source-branch for a Subversion source")
+ elif source_checksum:
+ raise IncompatibleOptionsError(
+ 'can\'t specify source-checksum for a Subversion source')
def pull(self):
if os.path.exists(os.path.join(self.source_dir, '.svn')):
@@ -245,10 +271,39 @@ def __init__(self, source, source_dir, source_tag=None,
raise IncompatibleOptionsError(
'can\'t specify a source-branch for a tar source')
+ def check_checksum(self, source_checksum):
+ if source_checksum.startswith('http'):
+ checksum = urllib2.urlopen(source_checksum)
+ source_checksum = checksum.read()
+ self.check_checksum()
+ elif os.path.isfile(source_checksum):
+ with open (source_checksum, "r") as source_file:
+ source_checksum = str(source_file.read()).rstrip()
+ self.check_checksum()
+ elif len(source_checksum) == 32:
+ md5 = ((subprocess.check_output(['md5sum', tarball])).split())[0]
+ if md5 != source_checksum:
+ raise NonMatchingChecksum(
+ 'the checksum doesn\'t match the downloaded file')
+ elif len(source_checksum) == 64:
+ sha256 = (
+ (subprocess.check_output(['sha256sum', tarball])).split())[0]
+ if sha256 != source_checksum:
+ raise NonMatchingChecksum(
+ 'the checksum doesn\'t match the downloaded file')
+ elif len(source_checksum) == 128:
+ sha512 = (
+ (subprocess.check_output(['sha512sum', tarball])).split())[0]
+ if sha512 != source_checksum:
+ raise NonMatchingChecksum(
+ 'the checksum doesn\'t match the downloaded file')
+
def provision(self, dst, clean_target=True, keep_tarball=False):
# TODO add unit tests.
tarball = os.path.join(self.source_dir, os.path.basename(self.source))
+ self.check_checksum(self, source_checksum)
+
if clean_target:
tmp_tarball = tempfile.NamedTemporaryFile().name
shutil.move(tarball, tmp_tarball)
@@ -307,6 +362,9 @@ def __init__(self, source, source_dir, source_tag=None,
elif source_branch:
raise IncompatibleOptionsError(
'can\'t specify a source-branch for a zip source')
+ elif source_checksum:
+ raise IncompatibleOptionsError(
+ 'can\'t specify source-checksum for a zip source right now')
def provision(self, dst, clean_target=True, keep_zip=False):
zip = os.path.join(self.source_dir, os.path.basename(self.source))
View
5 snapcraft/tests/__init__.py
@@ -28,10 +28,11 @@
class MockOptions:
- def __init__(self, source=None, source_type=None, source_branch=None,
- source_tag=None, source_subdir=None):
+ def __init__(self, source=None, source_type=None, source_checksum=None,
+ source_branch=None, source_tag=None, source_subdir=None):
self.source = source
self.source_type = source_type
+ self.source_checksum = source_checksum
self.source_branch = source_branch
self.source_tag = source_tag
self.source_subdir = source_subdir
View
6 snapcraft/tests/test_plugin_gulp.py
@@ -125,11 +125,13 @@ def test_schema(self):
'node-engine': {'default': '4.4.4', 'type': 'string'},
'source': {'type': 'string'},
'source-branch': {'default': '', 'type': 'string'},
+ 'source-checksum': {'default': '', 'type': 'string'},
'source-subdir': {'default': None, 'type': 'string'},
'source-tag': {'default': '', 'type:': 'string'},
'source-type': {'default': '', 'type': 'string'}},
- 'pull-properties': ['source', 'source-type', 'source-branch',
- 'source-tag', 'source-subdir', 'node-engine'],
+ 'pull-properties': ['source', 'source-type', 'source-checksum',
+ 'source-branch', 'source-tag',
+ 'source-subdir', 'node-engine'],
'build-properties': ['gulp-tasks'],
'required': ['source', 'gulp-tasks'],
'type': 'object'}
View
6 snapcraft/tests/test_plugin_nodejs.py
@@ -141,11 +141,13 @@ def test_schema(self):
'uniqueItems': True},
'source': {'type': 'string'},
'source-branch': {'default': '', 'type': 'string'},
+ 'source-checksum': {'default': '', 'type': 'string'},
'source-subdir': {'default': None, 'type': 'string'},
'source-tag': {'default': '', 'type:': 'string'},
'source-type': {'default': '', 'type': 'string'}},
- 'pull-properties': ['source', 'source-type', 'source-branch',
- 'source-tag', 'source-subdir', 'node-engine'],
+ 'pull-properties': ['source', 'source-type', 'source-checksum',
+ 'source-branch', 'source-tag',
+ 'source-subdir', 'node-engine'],
'build-properties': ['node-packages'],
'type': 'object'}

0 comments on commit 273c8fd

Please sign in to comment.