use 'best' hash for source authentication

Collect all hashes we can get from the source record and put them into a HashStringList so that 'apt-get source' can use it instead of using always the MD5sum. We therefore also deprecate the MD5 struct member in favor of the list. While at it, the parsing of the Files is enhanced so that records which miss "Files" (aka MD5 checksums) are still searched for other checksums as they include just as much data, just not with a nice and catchy name. This is a cherry-pick of 1262d35 with some dirty tricks to preserve ABI. LP: 1098738
author: David Kalnischkies <kalnischkies@gmail.com> 2013-08-18 23:27:24 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2014-11-10 17:23:29 +0100
commit: 3a2b39ee602dd5a98b8fdaee2f1c8e0b13a276e2 (patch)
tree: c825fbd73efde59e405d3088361ea1771f095c02 /apt-pkg/deb/debsrcrecords.cc
parent: 3f439e2b7126fb82952cd7bc12b8d6cb01352219 (diff)
1 files changed, 118 insertions, 44 deletions
diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc
index a444cbe4d..49a348dd4 100644
--- a/apt-pkg/deb/debsrcrecords.cc
+++ b/apt-pkg/deb/debsrcrecords.cc
@@ -118,13 +118,32 @@ bool debSrcRecordParser::BuildDepends(std::vector<pkgSrcRecords::Parser::BuildDe
 // ---------------------------------------------------------------------
 /* This parses the list of files and returns it, each file is required to have
    a complete source package */
-bool debSrcRecordParser::Files(std::vector<pkgSrcRecords::File> &List)
+bool debSrcRecordParser::Files(std::vector<pkgSrcRecords::File> &F)
 {
-   List.erase(List.begin(),List.end());
-   
-   string Files = Sect.FindS("Files");
-   if (Files.empty() == true)
+   std::vector<pkgSrcRecords::File2> F2;
+   if (Files2(F2) == false)
       return false;
+   for (std::vector<pkgSrcRecords::File2>::const_iterator f2 = F2.begin(); f2 != F2.end(); ++f2)
+   {
+      pkgSrcRecords::File2 f;
+#if __GNUC__ >= 4
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+      f.MD5Hash = f2->MD5Hash;
+      f.Size = f2->Size;
+#if __GNUC__ >= 4
+	#pragma GCC diagnostic pop
+#endif
+      f.Path = f2->Path;
+      f.Type = f2->Type;
+      F.push_back(f);
+   }
+   return true;
+}
+bool debSrcRecordParser::Files2(std::vector<pkgSrcRecords::File2> &List)
+{
+   List.clear();
 
    // Stash the / terminated directory prefix
    string Base = Sect.FindS("Directory");
@@ -133,51 +152,106 @@ bool debSrcRecordParser::Files(std::vector<pkgSrcRecords::File> &List)
 
    std::vector<std::string> const compExts = APT::Configuration::getCompressorExtensions();
 
-   // Iterate over the entire list grabbing each triplet
-   const char *C = Files.c_str();
-   while (*C != 0)
-   {   
-      pkgSrcRecords::File F;
-      string Size;
-      
-      // Parse each of the elements
-      if (ParseQuoteWord(C,F.MD5Hash) == false ||
-	  ParseQuoteWord(C,Size) == false ||
-	  ParseQuoteWord(C,F.Path) == false)
-	 return _error->Error("Error parsing file record");
-      
-      // Parse the size and append the directory
-      F.Size = atoi(Size.c_str());
-      F.Path = Base + F.Path;
-      
-      // Try to guess what sort of file it is we are getting.
-      string::size_type Pos = F.Path.length()-1;
-      while (1)
+   for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type)
+   {
+      // derive field from checksum type
+      std::string checksumField("Checksums-");
+      if (strcmp(*type, "MD5Sum") == 0)
+	 checksumField = "Files"; // historic name for MD5 checksums
+      else
+	 checksumField.append(*type);
+
+      string const Files = Sect.FindS(checksumField.c_str());
+      if (Files.empty() == true)
+	 continue;
+
+      // Iterate over the entire list grabbing each triplet
+      const char *C = Files.c_str();
+      while (*C != 0)
       {
-	 string::size_type Tmp = F.Path.rfind('.',Pos);
-	 if (Tmp == string::npos)
-	    break;
-	 if (F.Type == "tar") {
-	    // source v3 has extension 'debian.tar.*' instead of 'diff.*'
-	    if (string(F.Path, Tmp+1, Pos-Tmp) == "debian")
-	       F.Type = "diff";
-	    break;
-	 }
-	 F.Type = string(F.Path,Tmp+1,Pos-Tmp);
-	 
-	 if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() ||
-	     F.Type == "tar")
+	 string hash, size, path;
+
+	 // Parse each of the elements
+	 if (ParseQuoteWord(C, hash) == false ||
+	       ParseQuoteWord(C, size) == false ||
+	       ParseQuoteWord(C, path) == false)
+	    return _error->Error("Error parsing file record in %s of source package %s", checksumField.c_str(), Package().c_str());
+
+	 HashString const hashString(*type, hash);
+	 if (Base.empty() == false)
+	    path = Base + path;
+
+	 // look if we have a record for this file already
+	 std::vector<pkgSrcRecords::File2>::iterator file = List.begin();
+	 for (; file != List.end(); ++file)
+	    if (file->Path == path)
+	       break;
+
+	 // we have it already, store the new hash and be done
+	 if (file != List.end())
 	 {
-	    Pos = Tmp-1;
+#if __GNUC__ >= 4
+	// set for compatibility only, so warn users not us
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+	    if (checksumField == "Files")
+	       file->MD5Hash = hash;
+#if __GNUC__ >= 4
+	#pragma GCC diagnostic pop
+#endif
+	    // an error here indicates that we have two different hashes for the same file
+	    if (file->Hashes.push_back(hashString) == false)
+	       return _error->Error("Error parsing checksum in %s of source package %s", checksumField.c_str(), Package().c_str());
 	    continue;
 	 }
-	 
-	 break;
+
+	 // we haven't seen this file yet
+	 pkgSrcRecords::File2 F;
+	 F.Path = path;
+	 F.FileSize = strtoull(size.c_str(), NULL, 10);
+	 F.Hashes.push_back(hashString);
+
+#if __GNUC__ >= 4
+	// set for compatibility only, so warn users not us
+	#pragma GCC diagnostic push
+	#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+	 F.Size = F.FileSize;
+	 if (checksumField == "Files")
+	    F.MD5Hash = hash;
+#if __GNUC__ >= 4
+	#pragma GCC diagnostic pop
+#endif
+
+	 // Try to guess what sort of file it is we are getting.
+	 string::size_type Pos = F.Path.length()-1;
+	 while (1)
+	 {
+	    string::size_type Tmp = F.Path.rfind('.',Pos);
+	    if (Tmp == string::npos)
+	       break;
+	    if (F.Type == "tar") {
+	       // source v3 has extension 'debian.tar.*' instead of 'diff.*'
+	       if (string(F.Path, Tmp+1, Pos-Tmp) == "debian")
+		  F.Type = "diff";
+	       break;
+	    }
+	    F.Type = string(F.Path,Tmp+1,Pos-Tmp);
+
+	    if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() ||
+		  F.Type == "tar")
+	    {
+	       Pos = Tmp-1;
+	       continue;
+	    }
+
+	    break;
+	 }
+	 List.push_back(F);
       }
-      
-      List.push_back(F);
    }
-   
+
    return true;
 }
 									/*}}}*/
author	David Kalnischkies <kalnischkies@gmail.com>	2013-08-18 23:27:24 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2014-11-10 17:23:29 +0100
commit	3a2b39ee602dd5a98b8fdaee2f1c8e0b13a276e2 (patch)
tree	c825fbd73efde59e405d3088361ea1771f095c02 /apt-pkg/deb/debsrcrecords.cc
parent	3f439e2b7126fb82952cd7bc12b8d6cb01352219 (diff)