[PATCH 1/2] Verify source hashes with a fallback on md5
Pavol Babincak
pbabinca at redhat.com
Tue Feb 10 13:38:12 UTC 2015
Just for the record I'm not going to merge this one as we will work with
different approach as outlined in buildsys mailing list
https://lists.fedoraproject.org/pipermail/buildsys/2015-February/ (I
haven't found the latest e-mail via web archive yet).
On 03/17/2014 01:05 PM, Mathieu Bridon wrote:
> We are about to move away from md5 for hashes.
>
> However, at the time we move, some source tarballs might still exist
> only with a md5 hash.
>
> This allows verifying these old archives by falling back on md5.
>
> We might want to just revert this commit eventually, when are confident
> that md5 is completely gone (i.e that we have migrated the whole
> lookaside cache to the new hash).
> ---
> src/fedpkg/__init__.py | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/src/fedpkg/__init__.py b/src/fedpkg/__init__.py
> index 910e448..55ce0e6 100644
> --- a/src/fedpkg/__init__.py
> +++ b/src/fedpkg/__init__.py
> @@ -249,6 +249,15 @@ class Commands(pyrpkg.Commands):
> def build(self, *args, **kwargs):
> return(super(Commands, self).build(*args, **kwargs))
>
> + def _verify_file(self, file, hash, hashtype):
> + valid = super(Commands, self)._verify_file(file, hash, hashtype)
> +
> + if not valid:
> + # We're moving away from md5, so try falling back on md5 for some time
> + valid = super(Commands, self)._verify_file(file, hash, "md5")
> +
> + return valid
> +
> # New functionality
> def _create_curl(self):
> """Common curl setup options used for all requests to lookaside."""
>
--
Pavol Babincak
Release Engineering, Red Hat
More information about the rel-eng
mailing list