diff options
-rw-r--r-- | apt-pkg/acquire-item.cc | 133 | ||||
-rw-r--r-- | apt-pkg/acquire-item.h | 76 | ||||
-rw-r--r-- | apt-pkg/acquire-method.cc | 9 | ||||
-rw-r--r-- | apt-pkg/acquire-method.h | 1 | ||||
-rw-r--r-- | apt-pkg/acquire-worker.cc | 17 | ||||
-rw-r--r-- | apt-pkg/contrib/hashes.cc | 84 | ||||
-rw-r--r-- | apt-pkg/contrib/hashes.h | 30 | ||||
-rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 2 | ||||
-rw-r--r-- | apt-pkg/deb/debrecords.cc | 8 | ||||
-rw-r--r-- | apt-pkg/deb/debrecords.h | 1 | ||||
-rw-r--r-- | apt-pkg/indexcopy.cc | 13 | ||||
-rw-r--r-- | apt-pkg/indexrecords.cc | 48 | ||||
-rw-r--r-- | apt-pkg/indexrecords.h | 3 | ||||
-rw-r--r-- | apt-pkg/pkgrecords.h | 1 | ||||
-rw-r--r-- | apt-pkg/tagfile.h | 4 | ||||
-rw-r--r-- | cmdline/apt-get.cc | 6 | ||||
-rw-r--r-- | debian/changelog | 5 |
17 files changed, 289 insertions, 152 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 4f5d644ab..f3784a58b 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -95,7 +95,7 @@ void pkgAcquire::Item::Start(string /*Message*/,unsigned long Size) // Acquire::Item::Done - Item downloaded OK /*{{{*/ // --------------------------------------------------------------------- /* */ -void pkgAcquire::Item::Done(string Message,unsigned long Size,string, +void pkgAcquire::Item::Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cnf) { // We just downloaded something.. @@ -142,8 +142,9 @@ void pkgAcquire::Item::Rename(string From,string To) */ pkgAcqDiffIndex::pkgAcqDiffIndex(pkgAcquire *Owner, string URI,string URIDesc,string ShortDesc, - string ExpectedMD5) - : Item(Owner), RealURI(URI), ExpectedMD5(ExpectedMD5), Description(URIDesc) + HashString ExpectedHash) + : Item(Owner), RealURI(URI), ExpectedHash(ExpectedHash), + Description(URIDesc) { Debug = _config->FindB("Debug::pkgAcquire::Diffs",false); @@ -271,11 +272,11 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) if(found) { // queue the diffs - unsigned int last_space = Description.rfind(" "); + string::size_type last_space = Description.rfind(" "); if(last_space != string::npos) Description.erase(last_space, Description.size()-last_space); new pkgAcqIndexDiffs(Owner, RealURI, Description, Desc.ShortDesc, - ExpectedMD5, available_patches); + ExpectedHash, available_patches); Complete = false; Status = StatDone; Dequeue(); @@ -298,7 +299,7 @@ void pkgAcqDiffIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) << "Falling back to normal index file aquire" << std::endl; new pkgAcqIndex(Owner, RealURI, Description, Desc.ShortDesc, - ExpectedMD5); + ExpectedHash); Complete = false; Status = StatDone; @@ -344,8 +345,9 @@ void pkgAcqDiffIndex::Done(string Message,unsigned long Size,string Md5Hash, */ pkgAcqIndexDiffs::pkgAcqIndexDiffs(pkgAcquire *Owner, string URI,string URIDesc,string ShortDesc, - string ExpectedMD5, vector<DiffInfo> diffs) - : Item(Owner), RealURI(URI), ExpectedMD5(ExpectedMD5), + HashString ExpectedMD5, + vector<DiffInfo> diffs) + : Item(Owner), RealURI(URI), ExpectedHash(ExpectedHash), available_patches(diffs) { @@ -378,7 +380,7 @@ void pkgAcqIndexDiffs::Failed(string Message,pkgAcquire::MethodConfig *Cnf) std::clog << "pkgAcqIndexDiffs failed: " << Desc.URI << std::endl << "Falling back to normal index file aquire" << std::endl; new pkgAcqIndex(Owner, RealURI, Description,Desc.ShortDesc, - ExpectedMD5); + ExpectedHash); Finish(); } @@ -393,14 +395,7 @@ void pkgAcqIndexDiffs::Finish(bool allDone) DestFile = _config->FindDir("Dir::State::lists"); DestFile += URItoFileName(RealURI); - // do the final md5sum checking - MD5Summation sum; - FileFd Fd(DestFile, FileFd::ReadOnly); - sum.AddFD(Fd.Fd(), Fd.Size()); - Fd.Close(); - string MD5 = (string)sum.Result(); - - if (!ExpectedMD5.empty() && MD5 != ExpectedMD5) + if(!ExpectedHash.empty() && !ExpectedHash.VerifyFile(DestFile)) { Status = StatAuthError; ErrorText = _("MD5Sum mismatch"); @@ -542,7 +537,7 @@ void pkgAcqIndexDiffs::Done(string Message,unsigned long Size,string Md5Hash, // see if there is more to download if(available_patches.size() > 0) { new pkgAcqIndexDiffs(Owner, RealURI, Description, Desc.ShortDesc, - ExpectedMD5, available_patches); + ExpectedHash, available_patches); return Finish(); } else return Finish(true); @@ -556,8 +551,8 @@ void pkgAcqIndexDiffs::Done(string Message,unsigned long Size,string Md5Hash, instantiated to fetch the revision file */ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, string URI,string URIDesc,string ShortDesc, - string ExpectedMD5, string comprExt) - : Item(Owner), RealURI(URI), ExpectedMD5(ExpectedMD5) + HashString ExpectedHash, string comprExt) + : Item(Owner), RealURI(URI), ExpectedHash(ExpectedHash) { Decompression = false; Erase = false; @@ -608,7 +603,7 @@ void pkgAcqIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) // retry with a gzip one new pkgAcqIndex(Owner, RealURI, Desc.Description,Desc.ShortDesc, - ExpectedMD5, string(".gz")); + ExpectedHash, string(".gz")); Status = StatDone; Complete = false; Dequeue(); @@ -633,32 +628,23 @@ void pkgAcqIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) to the uncompressed version of the file. If this is so the file is copied into the partial directory. In all other cases the file is decompressed with a gzip uri. */ -void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5, +void pkgAcqIndex::Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cfg) { - Item::Done(Message,Size,MD5,Cfg); + Item::Done(Message,Size,Hash,Cfg); if (Decompression == true) { if (_config->FindB("Debug::pkgAcquire::Auth", false)) { - std::cerr << std::endl << RealURI << ": Computed MD5: " << MD5; - std::cerr << " Expected MD5: " << ExpectedMD5 << std::endl; + std::cerr << std::endl << RealURI << ": Computed Hash: " << Hash; + std::cerr << " Expected Hash: " << ExpectedHash.toStr() << std::endl; } - if (MD5.empty()) - { - MD5Summation sum; - FileFd Fd(DestFile, FileFd::ReadOnly); - sum.AddFD(Fd.Fd(), Fd.Size()); - Fd.Close(); - MD5 = (string)sum.Result(); - } - - if (!ExpectedMD5.empty() && MD5 != ExpectedMD5) + if (!ExpectedHash.empty() && ExpectedHash.toStr() != Hash) { Status = StatAuthError; - ErrorText = _("MD5Sum mismatch"); + ErrorText = _("Hash Sum mismatch"); Rename(DestFile,DestFile + ".FAILED"); return; } @@ -742,8 +728,8 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5, // --------------------------------------------------------------------- /* The Translation file is added to the queue */ pkgAcqIndexTrans::pkgAcqIndexTrans(pkgAcquire *Owner, - string URI,string URIDesc,string ShortDesc) : - pkgAcqIndex(Owner, URI, URIDesc, ShortDesc, "", "") + string URI,string URIDesc,string ShortDesc) + : pkgAcqIndex(Owner, URI, URIDesc, ShortDesc, HashString(), "") { } @@ -920,10 +906,10 @@ string pkgAcqMetaIndex::Custom600Headers() return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime); } -void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string MD5, +void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cfg) { - Item::Done(Message,Size,MD5,Cfg); + Item::Done(Message,Size,Hash,Cfg); // MetaIndexes are done in two passes: one to download the // metaindex with an appropriate method, and a second to verify it @@ -1041,7 +1027,7 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify) Target != IndexTargets->end(); Target++) { - string ExpectedIndexMD5; + HashString ExpectedIndexHash; if (verify) { const indexRecords::checkSum *Record = MetaIndexParser->Lookup((*Target)->MetaKey); @@ -1052,16 +1038,16 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify) + (*Target)->MetaKey + " in Meta-index file (malformed Release file?)"; return; } - ExpectedIndexMD5 = Record->MD5Hash; + ExpectedIndexHash = Record->Hash; if (_config->FindB("Debug::pkgAcquire::Auth", false)) { std::cerr << "Queueing: " << (*Target)->URI << std::endl; - std::cerr << "Expected MD5: " << ExpectedIndexMD5 << std::endl; + std::cerr << "Expected Hash: " << ExpectedIndexHash.toStr() << std::endl; } - if (ExpectedIndexMD5.empty()) + if (ExpectedIndexHash.empty()) { Status = StatAuthError; - ErrorText = "Unable to find MD5 sum for " + ErrorText = "Unable to find hash sum for " + (*Target)->MetaKey + " in Meta-index file"; return; } @@ -1071,10 +1057,10 @@ void pkgAcqMetaIndex::QueueIndexes(bool verify) // on the users option) if(_config->FindB("Acquire::PDiffs",true) == true) new pkgAcqDiffIndex(Owner, (*Target)->URI, (*Target)->Description, - (*Target)->ShortDesc, ExpectedIndexMD5); + (*Target)->ShortDesc, ExpectedIndexHash); else new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description, - (*Target)->ShortDesc, ExpectedIndexMD5); + (*Target)->ShortDesc, ExpectedIndexHash); } } @@ -1314,7 +1300,12 @@ bool pkgAcqArchive::QueueNext() return false; string PkgFile = Parse.FileName(); - MD5 = Parse.MD5Hash(); + if(Parse.SHA256Hash() != "") + ExpectedHash = HashString("SHA256", Parse.SHA256Hash()); + else if (Parse.SHA1Hash() != "") + ExpectedHash = HashString("SHA1", Parse.SHA1Hash()); + else + ExpectedHash = HashString("MD5Sum", Parse.MD5Hash()); if (PkgFile.empty() == true) return _error->Error(_("The package index files are corrupted. No Filename: " "field for package %s."), @@ -1394,10 +1385,10 @@ bool pkgAcqArchive::QueueNext() // AcqArchive::Done - Finished fetching /*{{{*/ // --------------------------------------------------------------------- /* */ -void pkgAcqArchive::Done(string Message,unsigned long Size,string Md5Hash, +void pkgAcqArchive::Done(string Message,unsigned long Size,string CalcHash, pkgAcquire::MethodConfig *Cfg) { - Item::Done(Message,Size,Md5Hash,Cfg); + Item::Done(Message,Size,CalcHash,Cfg); // Check the size if (Size != Version->Size) @@ -1407,17 +1398,14 @@ void pkgAcqArchive::Done(string Message,unsigned long Size,string Md5Hash, return; } - // Check the md5 - if (Md5Hash.empty() == false && MD5.empty() == false) + // Check the hash + if(ExpectedHash.toStr() != CalcHash) { - if (Md5Hash != MD5) - { - Status = StatError; - ErrorText = _("MD5Sum mismatch"); - if(FileExists(DestFile)) - Rename(DestFile,DestFile + ".FAILED"); - return; - } + Status = StatError; + ErrorText = _("Hash Sum mismatch"); + if(FileExists(DestFile)) + Rename(DestFile,DestFile + ".FAILED"); + return; } // Grab the output filename @@ -1509,10 +1497,10 @@ void pkgAcqArchive::Finished() // AcqFile::pkgAcqFile - Constructor /*{{{*/ // --------------------------------------------------------------------- /* The file is added to the queue */ -pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI,string MD5, +pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI,string Hash, unsigned long Size,string Dsc,string ShortDesc, const string &DestDir, const string &DestFilename) : - Item(Owner), Md5Hash(MD5) + Item(Owner), ExpectedHash(Hash) { Retries = _config->FindI("Acquire::Retries",0); @@ -1549,23 +1537,20 @@ pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI,string MD5, // AcqFile::Done - Item downloaded OK /*{{{*/ // --------------------------------------------------------------------- /* */ -void pkgAcqFile::Done(string Message,unsigned long Size,string MD5, +void pkgAcqFile::Done(string Message,unsigned long Size,string CalcHash, pkgAcquire::MethodConfig *Cnf) { - // Check the md5 - if (Md5Hash.empty() == false && MD5.empty() == false) + Item::Done(Message,Size,CalcHash,Cnf); + + // Check the hash + if(!ExpectedHash.empty() && ExpectedHash.toStr() != CalcHash) { - if (Md5Hash != MD5) - { - Status = StatError; - ErrorText = "MD5Sum mismatch"; - Rename(DestFile,DestFile + ".FAILED"); - return; - } + Status = StatError; + ErrorText = "Hash Sum mismatch"; + Rename(DestFile,DestFile + ".FAILED"); + return; } - Item::Done(Message,Size,MD5,Cnf); - string FileName = LookupTag(Message,"Filename"); if (FileName.empty() == true) { diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index f5272ed86..edd910230 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -12,7 +12,7 @@ Three item classes are provided to provide functionality for downloading of Index, Translation and Packages files. - A Archive class is provided for downloading .deb files. It does Md5 + A Archive class is provided for downloading .deb files. It does Hash checking and source location as well as a retry algorithm. ##################################################################### */ @@ -26,7 +26,7 @@ #include <apt-pkg/sourcelist.h> #include <apt-pkg/pkgrecords.h> #include <apt-pkg/indexrecords.h> - +#include <apt-pkg/hashes.h> /** \addtogroup acquire * @{ @@ -187,12 +187,12 @@ class pkgAcquire::Item * \param Message Data from the acquire method. Use LookupTag() * to parse it. * \param Size The size of the object that was fetched. - * \param Md5Hash The MD5Sum of the object that was fetched. + * \param Hash The HashSum of the object that was fetched. * \param Cnf The method via which the object was fetched. * * \sa pkgAcqMethod */ - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cnf); /** \brief Invoked when the worker starts to fetch this object. @@ -230,12 +230,12 @@ class pkgAcquire::Item /** \brief Invoked by the worker when the download is completely done. */ virtual void Finished() {}; - /** \brief MD5Sum. + /** \brief HashSum * - * \return the MD5Sum of this object, if applicable; otherwise, an + * \return the HashSum of this object, if applicable; otherwise, an * empty string. */ - virtual string MD5Sum() {return string();}; + virtual string HashSum() {return string();}; /** \return the acquire process with which this item is associated. */ pkgAcquire *GetOwner() {return Owner;}; @@ -297,10 +297,10 @@ class pkgAcqDiffIndex : public pkgAcquire::Item */ string RealURI; - /** \brief The MD5Sum that the real index file should have after + /** \brief The Hash that the real index file should have after * all patches have been applied. */ - string ExpectedMD5; + HashString ExpectedHash; /** \brief The index file which will be patched to generate the new * file. @@ -343,10 +343,10 @@ class pkgAcqDiffIndex : public pkgAcquire::Item * * \param ShortDesc A short description of the list file to download. * - * \param ExpectedMD5 The list file's MD5 signature. + * \param ExpectedHash The list file's MD5 signature. */ pkgAcqDiffIndex(pkgAcquire *Owner,string URI,string URIDesc, - string ShortDesc, string ExpectedMD5); + string ShortDesc, HashString ExpectedHash); }; /** \brief An item that is responsible for fetching all the patches @@ -379,7 +379,7 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item * finishes downloading. * * Dequeues the item and checks the resulting file's md5sum - * against ExpectedMD5 after the last patch was applied. + * against ExpectedHash after the last patch was applied. * There is no need to check the md5/sha1 after a "normal" * patch because QueueNextDiff() will check the sha1 later. * @@ -405,10 +405,10 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item */ string RealURI; - /** \brief The MD5Sum of the package index file that is being + /** \brief The HashSum of the package index file that is being * reconstructed. */ - string ExpectedMD5; + HashString ExpectedHash; /** A description of the file being downloaded. */ string Description; @@ -465,7 +465,7 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item * * \param ShortDesc A brief description of this item. * - * \param ExpectedMD5 The expected md5sum of the completely + * \param ExpectedHash The expected md5sum of the completely * reconstructed package index file; the index file will be tested * against this value when it is entirely reconstructed. * @@ -474,7 +474,7 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item * that depends on it. */ pkgAcqIndexDiffs(pkgAcquire *Owner,string URI,string URIDesc, - string ShortDesc, string ExpectedMD5, + string ShortDesc, HashString ExpectedHash, vector<DiffInfo> diffs=vector<DiffInfo>()); }; @@ -507,8 +507,8 @@ class pkgAcqIndex : public pkgAcquire::Item */ string RealURI; - /** \brief The expected md5sum of the decompressed index file. */ - string ExpectedMD5; + /** \brief The expected hashsum of the decompressed index file. */ + HashString ExpectedHash; /** \brief The compression-related file extension that is being * added to the downloaded file (e.g., ".gz" or ".bz2"). @@ -523,6 +523,7 @@ class pkgAcqIndex : public pkgAcquire::Item pkgAcquire::MethodConfig *Cnf); virtual string Custom600Headers(); virtual string DescURI() {return RealURI + CompressionExtension;}; + virtual string HashSum() {return ExpectedHash.toStr(); }; /** \brief Create a pkgAcqIndex. * @@ -535,14 +536,14 @@ class pkgAcqIndex : public pkgAcquire::Item * * \param ShortDesc A brief description of this index file. * - * \param ExpectedMD5 The expected md5sum of this index file. + * \param ExpectedHash The expected hashsum of this index file. * * \param compressExt The compression-related extension with which * this index file should be downloaded, or "" to autodetect * (".bz2" is used if bzip2 is installed, ".gz" otherwise). */ pkgAcqIndex(pkgAcquire *Owner,string URI,string URIDesc, - string ShortDesc, string ExpectedMD5, string compressExt=""); + string ShortDesc, HashString ExpectedHash, string compressExt=""); }; /** \brief An acquire item that is responsible for fetching a @@ -569,7 +570,7 @@ class pkgAcqIndexTrans : public pkgAcqIndex * * \param ShortDesc A brief description of this index file. * - * \param ExpectedMD5 The expected md5sum of this index file. + * \param ExpectedHash The expected hashsum of this index file. * * \param compressExt The compression-related extension with which * this index file should be downloaded, or "" to autodetect @@ -661,9 +662,9 @@ class pkgAcqMetaSig : public pkgAcquire::Item * * Once the download and verification are complete, the downloads of * the individual index files are queued up using pkgAcqDiffIndex. - * If the meta-index file had a valid signature, the expected md5sums + * If the meta-index file had a valid signature, the expected hashsums * of the index files will be the md5sums listed in the meta-index; - * otherwise, the expected md5sums will be "" (causing the + * otherwise, the expected hashsums will be "" (causing the * authentication of the index files to be bypassed). */ class pkgAcqMetaIndex : public pkgAcquire::Item @@ -727,11 +728,11 @@ class pkgAcqMetaIndex : public pkgAcquire::Item /** \brief Starts downloading the individual index files. * - * \param verify If \b true, only indices whose expected md5sum + * \param verify If \b true, only indices whose expected hashsum * can be determined from the meta-index will be downloaded, and - * the md5sums of indices will be checked (reporting + * the hashsums of indices will be checked (reporting * #StatAuthError if there is a mismatch). If verify is \b false, - * no md5sum checking will be performed. + * no hashsum checking will be performed. */ void QueueIndexes(bool verify); @@ -739,7 +740,7 @@ class pkgAcqMetaIndex : public pkgAcquire::Item // Specialized action members virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size, string Hash, pkgAcquire::MethodConfig *Cnf); virtual string Custom600Headers(); virtual string DescURI() {return RealURI; }; @@ -776,8 +777,8 @@ class pkgAcqArchive : public pkgAcquire::Item */ pkgRecords *Recs; - /** \brief The md5sum of this package. */ - string MD5; + /** \brief The hashsum of this package. */ + HashString ExpectedHash; /** \brief A location in which the actual filename of the package * should be stored. @@ -805,13 +806,12 @@ class pkgAcqArchive : public pkgAcquire::Item public: virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cnf); - virtual string MD5Sum() {return MD5;}; virtual string DescURI() {return Desc.URI;}; virtual string ShortDesc() {return Desc.ShortDesc;}; virtual void Finished(); - + virtual string HashSum() {return ExpectedHash.toStr(); }; virtual bool IsTrusted(); /** \brief Create a new pkgAcqArchive. @@ -848,8 +848,8 @@ class pkgAcqFile : public pkgAcquire::Item /** \brief The currently active download process. */ pkgAcquire::ItemDesc Desc; - /** \brief The md5sum of the file to download, if it is known. */ - string Md5Hash; + /** \brief The hashsum of the file to download, if it is known. */ + HashString ExpectedHash; /** \brief How many times to retry the download, set from * Acquire::Retries. @@ -860,10 +860,10 @@ class pkgAcqFile : public pkgAcquire::Item // Specialized action members virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size,string CalcHash, pkgAcquire::MethodConfig *Cnf); - virtual string MD5Sum() {return Md5Hash;}; virtual string DescURI() {return Desc.URI;}; + virtual string HashSum() {return ExpectedHash.toStr(); }; /** \brief Create a new pkgAcqFile object. * @@ -872,7 +872,7 @@ class pkgAcqFile : public pkgAcquire::Item * * \param URI The URI to download. * - * \param MD5 The md5sum of the file to download, if it is known; + * \param Hash The hashsum of the file to download, if it is known; * otherwise "". * * \param Size The size of the file to download, if it is known; @@ -894,7 +894,7 @@ class pkgAcqFile : public pkgAcquire::Item * is the absolute name to which the file should be downloaded. */ - pkgAcqFile(pkgAcquire *Owner, string URI, string MD5, unsigned long Size, + pkgAcqFile(pkgAcquire *Owner, string URI, string Hash, unsigned long Size, string Desc, string ShortDesc, const string &DestDir="", const string &DestFilename=""); }; diff --git a/apt-pkg/acquire-method.cc b/apt-pkg/acquire-method.cc index 3360a8eae..bc29417f7 100644 --- a/apt-pkg/acquire-method.cc +++ b/apt-pkg/acquire-method.cc @@ -176,9 +176,14 @@ void pkgAcqMethod::URIDone(FetchResult &Res, FetchResult *Alt) TimeRFC1123(Res.LastModified).c_str()); if (Res.MD5Sum.empty() == false) + { End += snprintf(End,sizeof(S)-50 - (End - S),"MD5-Hash: %s\n",Res.MD5Sum.c_str()); + End += snprintf(End,sizeof(S)-50 - (End - S),"MD5Sum-Hash: %s\n",Res.MD5Sum.c_str()); + } if (Res.SHA1Sum.empty() == false) End += snprintf(End,sizeof(S)-50 - (End - S),"SHA1-Hash: %s\n",Res.SHA1Sum.c_str()); + if (Res.SHA256Sum.empty() == false) + End += snprintf(End,sizeof(S)-50 - (End - S),"SHA256-Hash: %s\n",Res.SHA256Sum.c_str()); if (Res.GPGVOutput.size() > 0) End += snprintf(End,sizeof(S)-50 - (End - S),"GPGVOutput:\n"); for (vector<string>::iterator I = Res.GPGVOutput.begin(); @@ -211,6 +216,9 @@ void pkgAcqMethod::URIDone(FetchResult &Res, FetchResult *Alt) if (Alt->SHA1Sum.empty() == false) End += snprintf(End,sizeof(S)-50 - (End - S),"Alt-SHA1-Hash: %s\n", Alt->SHA1Sum.c_str()); + if (Alt->SHA256Sum.empty() == false) + End += snprintf(End,sizeof(S)-50 - (End - S),"Alt-SHA256-Hash: %s\n", + Alt->SHA256Sum.c_str()); if (Alt->IMSHit == true) strcat(End,"Alt-IMS-Hit: true\n"); @@ -455,5 +463,6 @@ void pkgAcqMethod::FetchResult::TakeHashes(Hashes &Hash) { MD5Sum = Hash.MD5.Result(); SHA1Sum = Hash.SHA1.Result(); + SHA256Sum = Hash.SHA256.Result(); } /*}}}*/ diff --git a/apt-pkg/acquire-method.h b/apt-pkg/acquire-method.h index 0fd846f54..e02eab018 100644 --- a/apt-pkg/acquire-method.h +++ b/apt-pkg/acquire-method.h @@ -43,6 +43,7 @@ class pkgAcqMethod { string MD5Sum; string SHA1Sum; + string SHA256Sum; vector<string> GPGVOutput; time_t LastModified; bool IMSHit; diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc index 25d40ef54..460f59961 100644 --- a/apt-pkg/acquire-worker.cc +++ b/apt-pkg/acquire-worker.cc @@ -267,8 +267,23 @@ bool pkgAcquire::Worker::RunMessages() _error->Warning("Bizarre Error - File size is not what the server reported %s %lu", LookupTag(Message,"Size","0").c_str(),TotalSize); + // see if there is a hash to verify + string RecivedHash; + HashString expectedHash(Owner->HashSum()); + if(!expectedHash.empty()) + { + string hashTag = expectedHash.HashType()+"-Hash"; + RecivedHash = expectedHash.HashType() + ":" + LookupTag(Message, hashTag.c_str()); + if(_config->FindB("Debug::pkgAcquire::Auth", false) == true) + { + clog << "201 URI Done: " << Owner->DescURI() << endl + << "RecivedHash: " << RecivedHash << endl + << "ExpectedHash: " << expectedHash.toStr() + << endl << endl; + } + } Owner->Done(Message,atoi(LookupTag(Message,"Size","0").c_str()), - LookupTag(Message,"MD5-Hash"),Config); + RecivedHash.c_str(), Config); ItemDone(); // Log that we are done diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc index b725e9418..fcc2f887c 100644 --- a/apt-pkg/contrib/hashes.cc +++ b/apt-pkg/contrib/hashes.cc @@ -12,11 +12,95 @@ /*}}}*/ // Include Files /*{{{*/ #include <apt-pkg/hashes.h> +#include <apt-pkg/fileutl.h> +#include <apt-pkg/configuration.h> #include <unistd.h> #include <system.h> +#include <string> +#include <iostream> /*}}}*/ +const char* HashString::_SupportedHashes[] = +{ + "SHA256", "SHA1", "MD5Sum", NULL +}; + +HashString::HashString() +{ +} + +HashString::HashString(string Type, string Hash) : Type(Type), Hash(Hash) +{ +} + +HashString::HashString(string StringedHash) +{ + // legacy: md5sum without "MD5Sum:" prefix + if (StringedHash.find(":") == string::npos && StringedHash.size() == 32) + { + Type = "MD5Sum"; + Hash = StringedHash; + return; + } + string::size_type pos = StringedHash.find(":"); + Type = StringedHash.substr(0,pos); + Hash = StringedHash.substr(pos+1, StringedHash.size() - pos); + + if(_config->FindB("Debug::Hashes",false) == true) + std::clog << "HashString(string): " << Type << " : " << Hash << std::endl; +} + + +bool HashString::VerifyFile(string filename) const +{ + FileFd fd; + MD5Summation MD5; + SHA1Summation SHA1; + SHA256Summation SHA256; + string fileHash; + + FileFd Fd(filename, FileFd::ReadOnly); + if(Type == "MD5Sum") + { + MD5.AddFD(Fd.Fd(), Fd.Size()); + fileHash = (string)MD5.Result(); + } + else if (Type == "SHA1") + { + SHA1.AddFD(Fd.Fd(), Fd.Size()); + fileHash = (string)SHA1.Result(); + } + else if (Type == "SHA256") + { + SHA256.AddFD(Fd.Fd(), Fd.Size()); + fileHash = (string)SHA256.Result(); + } + Fd.Close(); + + if(_config->FindB("Debug::Hashes",false) == true) + std::clog << "HashString::VerifyFile: got: " << fileHash << " expected: " << toStr() << std::endl; + + return (fileHash == Hash); +} + +const char** HashString::SupportedHashes() +{ + return _SupportedHashes; +} + +bool HashString::empty() const +{ + return (Type.empty() || Hash.empty()); +} + + +string HashString::toStr() const +{ + return Type+string(":")+Hash; +} + + // Hashes::AddFD - Add the contents of the FD /*{{{*/ // --------------------------------------------------------------------- /* */ diff --git a/apt-pkg/contrib/hashes.h b/apt-pkg/contrib/hashes.h index b09ea9f6b..93e7b25d9 100644 --- a/apt-pkg/contrib/hashes.h +++ b/apt-pkg/contrib/hashes.h @@ -19,8 +19,38 @@ #include <apt-pkg/sha256.h> #include <algorithm> +#include <vector> using std::min; +using std::vector; + +// helper class that contains hash function name +// and hash +class HashString +{ + protected: + string Type; + string Hash; + static const char * _SupportedHashes[10]; + + public: + HashString(string Type, string Hash); + HashString(string StringedHashString); // init from str as "type:hash" + HashString(); + + // get hash type used + string HashType() { return Type; }; + + // verify the given filename against the currently loaded hash + bool VerifyFile(string filename) const; + + // helper + string toStr() const; // convert to str as "type:hash" + bool empty() const; + + // return the list of hashes we support + static const char** SupportedHashes(); +}; class Hashes { diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 73b2dda49..94995798f 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -144,7 +144,7 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool GetAll) const vector <struct IndexTarget *> *targets = ComputeIndexTargets(); for (vector <struct IndexTarget*>::const_iterator Target = targets->begin(); Target != targets->end(); Target++) { new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description, - (*Target)->ShortDesc, ""); + (*Target)->ShortDesc, HashString()); } } new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"), diff --git a/apt-pkg/deb/debrecords.cc b/apt-pkg/deb/debrecords.cc index 8a5b6e215..3d3d7de0a 100644 --- a/apt-pkg/deb/debrecords.cc +++ b/apt-pkg/deb/debrecords.cc @@ -67,6 +67,14 @@ string debRecordParser::SHA1Hash() return Section.FindS("SHA1"); } /*}}}*/ +// RecordParser::SHA1Hash - Return the archive hash /*{{{*/ +// --------------------------------------------------------------------- +/* */ +string debRecordParser::SHA256Hash() +{ + return Section.FindS("SHA256"); +} + /*}}}*/ // RecordParser::Maintainer - Return the maintainer email /*{{{*/ // --------------------------------------------------------------------- /* */ diff --git a/apt-pkg/deb/debrecords.h b/apt-pkg/deb/debrecords.h index df21931a8..ab244b6dd 100644 --- a/apt-pkg/deb/debrecords.h +++ b/apt-pkg/deb/debrecords.h @@ -35,6 +35,7 @@ class debRecordParser : public pkgRecords::Parser virtual string FileName(); virtual string MD5Hash(); virtual string SHA1Hash(); + virtual string SHA256Hash(); virtual string SourcePkg(); virtual string SourceVer(); diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index c9dded134..b30777d8d 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -528,23 +528,16 @@ bool SigVerify::Verify(string prefix, string file, indexRecords *MetaIndex) return false; } - MD5Summation sum; - FileFd Fd(prefix+file, FileFd::ReadOnly); - sum.AddFD(Fd.Fd(), Fd.Size()); - Fd.Close(); - string MD5 = (string)sum.Result(); - - if (Record->MD5Hash != MD5) + if (!Record->Hash.VerifyFile(prefix+file)) { - _error->Warning("MD5 mismatch for: %s",file.c_str()); + _error->Warning("Hash mismatch for: %s",file.c_str()); return false; } if(_config->FindB("Debug::aptcdrom",false)) { cout << "File: " << prefix+file << endl; - cout << "Expected MD5sum: " << Record->MD5Hash << endl; - cout << "got: " << MD5 << endl << endl; + cout << "Expected Hash " << Record->Hash.toStr() << endl; } return true; diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 396e1591f..502f454a8 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -50,32 +50,38 @@ bool indexRecords::Load(const string Filename) const char *Start, *End; Section.Get (Start, End, 0); + Suite = Section.FindS("Suite"); Dist = Section.FindS("Codename"); -// if (Dist.empty()) -// { -// ErrorText = _(("No Codename entry in Release file " + Filename).c_str()); -// return false; -// } - if (!Section.Find("MD5Sum", Start, End)) + + int i; + for (i=0;HashString::SupportedHashes()[i] != NULL; i++) { - ErrorText = _(("No MD5Sum entry in Release file " + Filename).c_str()); - return false; + if (!Section.Find(HashString::SupportedHashes()[i], Start, End)) + continue; + + string Name; + string Hash; + size_t Size; + while (Start < End) + { + if (!parseSumData(Start, End, Name, Hash, Size)) + return false; + indexRecords::checkSum *Sum = new indexRecords::checkSum; + Sum->MetaKeyFilename = Name; + Sum->Hash = HashString(HashString::SupportedHashes()[i],Hash); + Sum->Size = Size; + Entries[Name] = Sum; + } + break; } - string Name; - string MD5Hash; - size_t Size; - while (Start < End) + + if(HashString::SupportedHashes()[i] == NULL) { - if (!parseSumData(Start, End, Name, MD5Hash, Size)) - return false; - indexRecords::checkSum *Sum = new indexRecords::checkSum; - Sum->MetaKeyFilename = Name; - Sum->MD5Hash = MD5Hash; - Sum->Size = Size; - Entries[Name] = Sum; - } - + ErrorText = _(("No Hash entry in Release file " + Filename).c_str()); + return false; + } + string Strdate = Section.FindS("Date"); // FIXME: verify this somehow? return true; } diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index ac0df470c..468d2bd0f 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -8,6 +8,7 @@ #include <apt-pkg/pkgcache.h> #include <apt-pkg/fileutl.h> +#include <apt-pkg/hashes.h> #include <map> #include <vector> @@ -45,7 +46,7 @@ class indexRecords struct indexRecords::checkSum { string MetaKeyFilename; - string MD5Hash; + HashString Hash; size_t Size; }; diff --git a/apt-pkg/pkgrecords.h b/apt-pkg/pkgrecords.h index 7b9f51a50..f3bf7b6a1 100644 --- a/apt-pkg/pkgrecords.h +++ b/apt-pkg/pkgrecords.h @@ -57,6 +57,7 @@ class pkgRecords::Parser virtual string FileName() {return string();}; virtual string MD5Hash() {return string();}; virtual string SHA1Hash() {return string();}; + virtual string SHA256Hash() {return string();}; virtual string SourcePkg() {return string();}; virtual string SourceVer() {return string();}; diff --git a/apt-pkg/tagfile.h b/apt-pkg/tagfile.h index 05c6aa701..6536932dd 100644 --- a/apt-pkg/tagfile.h +++ b/apt-pkg/tagfile.h @@ -30,8 +30,8 @@ class pkgTagSection const char *Stop; // We have a limit of 256 tags per section. - unsigned short Indexes[256]; - unsigned short AlphaIndexes[0x100]; + unsigned int Indexes[256]; + unsigned int AlphaIndexes[0x100]; unsigned int TagCount; diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index b216204d2..c9ec481aa 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -918,7 +918,7 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true, pkgAcquire::UriIterator I = Fetcher.UriBegin(); for (; I != Fetcher.UriEnd(); I++) cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << - I->Owner->FileSize << ' ' << I->Owner->MD5Sum() << endl; + I->Owner->FileSize << ' ' << I->Owner->HashSum() << endl; return true; } @@ -1359,7 +1359,7 @@ bool DoUpdate(CommandLine &CmdL) pkgAcquire::UriIterator I = Fetcher.UriBegin(); for (; I != Fetcher.UriEnd(); I++) cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << - I->Owner->FileSize << ' ' << I->Owner->MD5Sum() << endl; + I->Owner->FileSize << ' ' << I->Owner->HashSum() << endl; return true; } @@ -2211,7 +2211,7 @@ bool DoSource(CommandLine &CmdL) pkgAcquire::UriIterator I = Fetcher.UriBegin(); for (; I != Fetcher.UriEnd(); I++) cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << - I->Owner->FileSize << ' ' << I->Owner->MD5Sum() << endl; + I->Owner->FileSize << ' ' << I->Owner->HashSum() << endl; return true; } diff --git a/debian/changelog b/debian/changelog index 8c0bc2d0e..c730f85b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,7 +12,10 @@ apt (0.7.7) UNRELEASED; urgency=low * apt-pkg/deb/dpkgpm.{cc,h}: - merged dpkg-log branch, this lets you specify a Dir::Log::Terminal file to log dpkg output to - ABI break + (ABI break) + * merged apt--sha256 branch to fully support the new + sha256 checksums in the Packages and Release files + (ABI break) -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Aug 2007 11:55:54 +0200 |