[dak/security] let's store the known_hashes information centrally
Signed-off-by: Mark Hymers <mhy@debian.org>
---
dak/process_unchecked.py | 24 ++++++++----------------
daklib/utils.py | 4 ++++
2 files changed, 12 insertions(+), 16 deletions(-)
diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py
index 04afb7b..5df4485 100755
--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -929,33 +929,25 @@ def check_hashes ():
check_hash(".changes", files, "md5sum", apt_pkg.md5sum)
check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum)
- # (hashname, function, originate)
- # If originate is true, we have to calculate it because
- # the changes file version is too early for it to be
- # included
- hashes = [("sha1", apt_pkg.sha1sum, False),
- ("sha256", apt_pkg.sha256sum, False)]
-
- if format <= (1,8):
- hashes["sha1"] = True
- hashes["sha256"] = True
-
for x in changes:
if x.startswith("checksum-"):
h = x.split("-",1)[1]
- if h not in dict(hashes):
+ if h not in dict(utils.known_hashes):
reject("Unsupported checksum field in .changes" % (h))
for x in dsc:
if x.startswith("checksum-"):
h = x.split("-",1)[1]
- if h not in dict(hashes):
+ if h not in dict(utils.known_hashes):
reject("Unsupported checksum field in .dsc" % (h))
- for h,f,o in hashes:
+ # We have to calculate the hash if we have an earlier changes version than
+ # the hash appears in rather than require it exist in the changes file
+ # I hate backwards compatibility
+ for h,f,v in utils.known_hashes:
try:
fs = utils.build_file_list(changes, 0, "checksums-%s" % h, h)
- if o:
+ if format < v:
create_hash(fs, h, f, files)
else:
check_hash(".changes %s" % (h), fs, h, f, files)
@@ -970,7 +962,7 @@ def check_hashes ():
try:
fs = utils.build_file_list(dsc, 1, "checksums-%s" % h, h)
- if o:
+ if format < v:
create_hash(fs, h, f, dsc_files)
else:
check_hash(".dsc %s" % (h), fs, h, f, dsc_files)
diff --git a/daklib/utils.py b/daklib/utils.py
index ec82782..665a8e1 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -55,6 +55,10 @@ default_apt_config = "/etc/dak/apt.conf"
alias_cache = None
key_uid_email_cache = {}
+# (hashname, function, earliest_changes_version)
+known_hashes = [("sha1", apt_pkg.sha1sum, (1, 8)),
+ ("sha256", apt_pkg.sha256sum, (1, 8))]
+
################################################################################
def open_file(filename, mode='r'):
--
1.5.6.5
Reply to: