[PATCH 1/2] Verify source hashes with a fallback on md5

Mathieu Bridon bochecha at fedoraproject.org
Mon Mar 17 12:05:33 UTC 2014


We are about to move away from md5 for hashes.

However, at the time we move, some source tarballs might still exist
only with a md5 hash.

This allows verifying these old archives by falling back on md5.

We might want to just revert this commit eventually, when are confident
that md5 is completely gone (i.e that we have migrated the whole
lookaside cache to the new hash).
---
 src/fedpkg/__init__.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/fedpkg/__init__.py b/src/fedpkg/__init__.py
index 910e448..55ce0e6 100644
--- a/src/fedpkg/__init__.py
+++ b/src/fedpkg/__init__.py
@@ -249,6 +249,15 @@ class Commands(pyrpkg.Commands):
     def build(self, *args, **kwargs):
         return(super(Commands, self).build(*args, **kwargs))
 
+    def _verify_file(self, file, hash, hashtype):
+        valid = super(Commands, self)._verify_file(file, hash, hashtype)
+
+        if not valid:
+            # We're moving away from md5, so try falling back on md5 for some time
+            valid = super(Commands, self)._verify_file(file, hash, "md5")
+
+        return valid
+
     # New functionality
     def _create_curl(self):
         """Common curl setup options used for all requests to lookaside."""
-- 
1.8.5.3



More information about the rel-eng mailing list