From 495e5cb25443e6606c0d02891e1f6610983e88cd Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 26 Jul 2007 19:18:11 +0200 Subject: * implement sha256/sha1/md5 checking with proper backward compatibility and fallback --- apt-pkg/acquire-item.h | 75 +++++++++++++++++++++++++------------------------- 1 file changed, 37 insertions(+), 38 deletions(-) (limited to 'apt-pkg/acquire-item.h') diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index f5272ed86..08b75c6d2 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -12,7 +12,7 @@ Three item classes are provided to provide functionality for downloading of Index, Translation and Packages files. - A Archive class is provided for downloading .deb files. It does Md5 + A Archive class is provided for downloading .deb files. It does Hash checking and source location as well as a retry algorithm. ##################################################################### */ @@ -26,7 +26,7 @@ #include #include #include - +#include /** \addtogroup acquire * @{ @@ -187,12 +187,12 @@ class pkgAcquire::Item * \param Message Data from the acquire method. Use LookupTag() * to parse it. * \param Size The size of the object that was fetched. - * \param Md5Hash The MD5Sum of the object that was fetched. + * \param Hash The HashSum of the object that was fetched. * \param Cnf The method via which the object was fetched. * * \sa pkgAcqMethod */ - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cnf); /** \brief Invoked when the worker starts to fetch this object. @@ -230,12 +230,12 @@ class pkgAcquire::Item /** \brief Invoked by the worker when the download is completely done. */ virtual void Finished() {}; - /** \brief MD5Sum. + /** \brief HashSum * - * \return the MD5Sum of this object, if applicable; otherwise, an + * \return the HashSum of this object, if applicable; otherwise, an * empty string. */ - virtual string MD5Sum() {return string();}; + virtual string HashSum() {return string();}; /** \return the acquire process with which this item is associated. */ pkgAcquire *GetOwner() {return Owner;}; @@ -297,10 +297,10 @@ class pkgAcqDiffIndex : public pkgAcquire::Item */ string RealURI; - /** \brief The MD5Sum that the real index file should have after + /** \brief The Hash that the real index file should have after * all patches have been applied. */ - string ExpectedMD5; + HashString ExpectedHash; /** \brief The index file which will be patched to generate the new * file. @@ -343,10 +343,10 @@ class pkgAcqDiffIndex : public pkgAcquire::Item * * \param ShortDesc A short description of the list file to download. * - * \param ExpectedMD5 The list file's MD5 signature. + * \param ExpectedHash The list file's MD5 signature. */ pkgAcqDiffIndex(pkgAcquire *Owner,string URI,string URIDesc, - string ShortDesc, string ExpectedMD5); + string ShortDesc, HashString ExpectedHash); }; /** \brief An item that is responsible for fetching all the patches @@ -379,7 +379,7 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item * finishes downloading. * * Dequeues the item and checks the resulting file's md5sum - * against ExpectedMD5 after the last patch was applied. + * against ExpectedHash after the last patch was applied. * There is no need to check the md5/sha1 after a "normal" * patch because QueueNextDiff() will check the sha1 later. * @@ -405,10 +405,10 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item */ string RealURI; - /** \brief The MD5Sum of the package index file that is being + /** \brief The HashSum of the package index file that is being * reconstructed. */ - string ExpectedMD5; + HashString ExpectedHash; /** A description of the file being downloaded. */ string Description; @@ -465,7 +465,7 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item * * \param ShortDesc A brief description of this item. * - * \param ExpectedMD5 The expected md5sum of the completely + * \param ExpectedHash The expected md5sum of the completely * reconstructed package index file; the index file will be tested * against this value when it is entirely reconstructed. * @@ -474,7 +474,7 @@ class pkgAcqIndexDiffs : public pkgAcquire::Item * that depends on it. */ pkgAcqIndexDiffs(pkgAcquire *Owner,string URI,string URIDesc, - string ShortDesc, string ExpectedMD5, + string ShortDesc, HashString ExpectedHash, vector diffs=vector()); }; @@ -507,8 +507,8 @@ class pkgAcqIndex : public pkgAcquire::Item */ string RealURI; - /** \brief The expected md5sum of the decompressed index file. */ - string ExpectedMD5; + /** \brief The expected hashsum of the decompressed index file. */ + HashString ExpectedHash; /** \brief The compression-related file extension that is being * added to the downloaded file (e.g., ".gz" or ".bz2"). @@ -535,14 +535,14 @@ class pkgAcqIndex : public pkgAcquire::Item * * \param ShortDesc A brief description of this index file. * - * \param ExpectedMD5 The expected md5sum of this index file. + * \param ExpectedHash The expected hashsum of this index file. * * \param compressExt The compression-related extension with which * this index file should be downloaded, or "" to autodetect * (".bz2" is used if bzip2 is installed, ".gz" otherwise). */ pkgAcqIndex(pkgAcquire *Owner,string URI,string URIDesc, - string ShortDesc, string ExpectedMD5, string compressExt=""); + string ShortDesc, HashString ExpectedHash, string compressExt=""); }; /** \brief An acquire item that is responsible for fetching a @@ -569,7 +569,7 @@ class pkgAcqIndexTrans : public pkgAcqIndex * * \param ShortDesc A brief description of this index file. * - * \param ExpectedMD5 The expected md5sum of this index file. + * \param ExpectedHash The expected hashsum of this index file. * * \param compressExt The compression-related extension with which * this index file should be downloaded, or "" to autodetect @@ -661,9 +661,9 @@ class pkgAcqMetaSig : public pkgAcquire::Item * * Once the download and verification are complete, the downloads of * the individual index files are queued up using pkgAcqDiffIndex. - * If the meta-index file had a valid signature, the expected md5sums + * If the meta-index file had a valid signature, the expected hashsums * of the index files will be the md5sums listed in the meta-index; - * otherwise, the expected md5sums will be "" (causing the + * otherwise, the expected hashsums will be "" (causing the * authentication of the index files to be bypassed). */ class pkgAcqMetaIndex : public pkgAcquire::Item @@ -727,11 +727,11 @@ class pkgAcqMetaIndex : public pkgAcquire::Item /** \brief Starts downloading the individual index files. * - * \param verify If \b true, only indices whose expected md5sum + * \param verify If \b true, only indices whose expected hashsum * can be determined from the meta-index will be downloaded, and - * the md5sums of indices will be checked (reporting + * the hashsums of indices will be checked (reporting * #StatAuthError if there is a mismatch). If verify is \b false, - * no md5sum checking will be performed. + * no hashsum checking will be performed. */ void QueueIndexes(bool verify); @@ -739,7 +739,7 @@ class pkgAcqMetaIndex : public pkgAcquire::Item // Specialized action members virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size, string Hash, pkgAcquire::MethodConfig *Cnf); virtual string Custom600Headers(); virtual string DescURI() {return RealURI; }; @@ -776,8 +776,8 @@ class pkgAcqArchive : public pkgAcquire::Item */ pkgRecords *Recs; - /** \brief The md5sum of this package. */ - string MD5; + /** \brief The hashsum of this package. */ + HashString hash; /** \brief A location in which the actual filename of the package * should be stored. @@ -805,13 +805,12 @@ class pkgAcqArchive : public pkgAcquire::Item public: virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size,string Hash, pkgAcquire::MethodConfig *Cnf); - virtual string MD5Sum() {return MD5;}; virtual string DescURI() {return Desc.URI;}; virtual string ShortDesc() {return Desc.ShortDesc;}; virtual void Finished(); - + virtual string HashSum() {return hash.toStr(); }; virtual bool IsTrusted(); /** \brief Create a new pkgAcqArchive. @@ -848,8 +847,8 @@ class pkgAcqFile : public pkgAcquire::Item /** \brief The currently active download process. */ pkgAcquire::ItemDesc Desc; - /** \brief The md5sum of the file to download, if it is known. */ - string Md5Hash; + /** \brief The hashsum of the file to download, if it is known. */ + HashString hash; /** \brief How many times to retry the download, set from * Acquire::Retries. @@ -860,9 +859,9 @@ class pkgAcqFile : public pkgAcquire::Item // Specialized action members virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); - virtual void Done(string Message,unsigned long Size,string Md5Hash, + virtual void Done(string Message,unsigned long Size,string CalcHash, pkgAcquire::MethodConfig *Cnf); - virtual string MD5Sum() {return Md5Hash;}; + virtual string HashSum() {return hash.toStr(); }; virtual string DescURI() {return Desc.URI;}; /** \brief Create a new pkgAcqFile object. @@ -872,7 +871,7 @@ class pkgAcqFile : public pkgAcquire::Item * * \param URI The URI to download. * - * \param MD5 The md5sum of the file to download, if it is known; + * \param Hash The hashsum of the file to download, if it is known; * otherwise "". * * \param Size The size of the file to download, if it is known; @@ -894,7 +893,7 @@ class pkgAcqFile : public pkgAcquire::Item * is the absolute name to which the file should be downloaded. */ - pkgAcqFile(pkgAcquire *Owner, string URI, string MD5, unsigned long Size, + pkgAcqFile(pkgAcquire *Owner, string URI, string Hash, unsigned long Size, string Desc, string ShortDesc, const string &DestDir="", const string &DestFilename=""); }; -- cgit v1.2.3 From 8a8feb29265b3dfc27f82072563a641a7976752a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 30 Jul 2007 17:47:05 +0200 Subject: * apt-pkg/acquire-item.{cc,h}: - rename "hash" into ExpectedHash in pkgAcqFile, pkgAcqIndex - add missing HashSum() call to class pkgAcqIndex - use the data provided by acquire-method (and send via the {SHA256,SHA1,MD5Sum}-Hash tag when comparing the hash, this avoids calculating the hash twice (just like old libapt) * apt-pkg/acquire-method.cc: - send MD5Sum-Hash tag to libapt to be consistant with HashString::SupportedHashes() * apt-pkg/acquire-worker.cc: - check with "Owner->HashSum().HashType()" what hash the frontend is expecting and pass it to pkgAcquireItem::Done() in the new HashString format - add some debugging output * apt-pkg/contrib/hashes.cc: - fix off-by-one error when constructing a HashString from a single input string * apt-pkg/contrib/hashes.h: - add "HashType()" method * apt-pkg/init.h, apt-pkg/makefile, methods/makefile: - break ABI --- apt-pkg/acquire-item.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'apt-pkg/acquire-item.h') diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 08b75c6d2..edd910230 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -523,6 +523,7 @@ class pkgAcqIndex : public pkgAcquire::Item pkgAcquire::MethodConfig *Cnf); virtual string Custom600Headers(); virtual string DescURI() {return RealURI + CompressionExtension;}; + virtual string HashSum() {return ExpectedHash.toStr(); }; /** \brief Create a pkgAcqIndex. * @@ -777,7 +778,7 @@ class pkgAcqArchive : public pkgAcquire::Item pkgRecords *Recs; /** \brief The hashsum of this package. */ - HashString hash; + HashString ExpectedHash; /** \brief A location in which the actual filename of the package * should be stored. @@ -810,7 +811,7 @@ class pkgAcqArchive : public pkgAcquire::Item virtual string DescURI() {return Desc.URI;}; virtual string ShortDesc() {return Desc.ShortDesc;}; virtual void Finished(); - virtual string HashSum() {return hash.toStr(); }; + virtual string HashSum() {return ExpectedHash.toStr(); }; virtual bool IsTrusted(); /** \brief Create a new pkgAcqArchive. @@ -848,7 +849,7 @@ class pkgAcqFile : public pkgAcquire::Item pkgAcquire::ItemDesc Desc; /** \brief The hashsum of the file to download, if it is known. */ - HashString hash; + HashString ExpectedHash; /** \brief How many times to retry the download, set from * Acquire::Retries. @@ -861,8 +862,8 @@ class pkgAcqFile : public pkgAcquire::Item virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf); virtual void Done(string Message,unsigned long Size,string CalcHash, pkgAcquire::MethodConfig *Cnf); - virtual string HashSum() {return hash.toStr(); }; virtual string DescURI() {return Desc.URI;}; + virtual string HashSum() {return ExpectedHash.toStr(); }; /** \brief Create a new pkgAcqFile object. * -- cgit v1.2.3