[dak/security] let's store the known_hashes information centrally

To: debian-dak@lists.debian.org
Subject: [dak/security] let's store the known_hashes information centrally
From: Mark Hymers <mhy@debian.org>
Date: Fri, 8 Aug 2008 19:40:22 +0000
Message-id: <[🔎] E1KwLhn-0000S5-RJ@ries.debian.org>

Signed-off-by: Mark Hymers <mhy@debian.org>
---
 dak/process_unchecked.py |   24 ++++++++----------------
 daklib/utils.py          |    4 ++++
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py
index 04afb7b..5df4485 100755
--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -929,33 +929,25 @@ def check_hashes ():
     check_hash(".changes", files, "md5sum", apt_pkg.md5sum)
     check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum)
 
-    # (hashname, function, originate)
-    # If originate is true, we have to calculate it because
-    # the changes file version is too early for it to be
-    # included
-    hashes = [("sha1", apt_pkg.sha1sum, False),
-              ("sha256", apt_pkg.sha256sum, False)]
-
-    if format <= (1,8):
-        hashes["sha1"] = True
-        hashes["sha256"] = True
-
     for x in changes:
         if x.startswith("checksum-"):
             h = x.split("-",1)[1]
-            if h not in dict(hashes):
+            if h not in dict(utils.known_hashes):
                 reject("Unsupported checksum field in .changes" % (h))
 
     for x in dsc:
         if x.startswith("checksum-"):
             h = x.split("-",1)[1]
-            if h not in dict(hashes):
+            if h not in dict(utils.known_hashes):
                 reject("Unsupported checksum field in .dsc" % (h))
 
-    for h,f,o in hashes:
+    # We have to calculate the hash if we have an earlier changes version than
+    # the hash appears in rather than require it exist in the changes file
+    # I hate backwards compatibility
+    for h,f,v in utils.known_hashes:
         try:
             fs = utils.build_file_list(changes, 0, "checksums-%s" % h, h)
-            if o:
+            if format < v:
                 create_hash(fs, h, f, files)
             else:
                 check_hash(".changes %s" % (h), fs, h, f, files)
@@ -970,7 +962,7 @@ def check_hashes ():
 
         try:
             fs = utils.build_file_list(dsc, 1, "checksums-%s" % h, h)
-            if o:
+            if format < v:
                 create_hash(fs, h, f, dsc_files)
             else:
                 check_hash(".dsc %s" % (h), fs, h, f, dsc_files)
diff --git a/daklib/utils.py b/daklib/utils.py
index ec82782..665a8e1 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -55,6 +55,10 @@ default_apt_config = "/etc/dak/apt.conf"
 alias_cache = None
 key_uid_email_cache = {}
 
+# (hashname, function, earliest_changes_version)
+known_hashes = [("sha1", apt_pkg.sha1sum, (1, 8)),
+                ("sha256", apt_pkg.sha256sum, (1, 8))]
+
 ################################################################################
 
 def open_file(filename, mode='r'):
-- 
1.5.6.5

Reply to:

Prev by Date: [dak/security] indicate to britney whether or not the Packages update was successful
Next by Date: [dak/security] add sha1sum and sha256sum columns
Previous by thread: [dak/security] indicate to britney whether or not the Packages update was successful
Next by thread: [dak/security] add sha1sum and sha256sum columns
Index(es):
- Date
- Thread