From cb6a2b3eaca4353d7f490fb360b98c08d64a2d8c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 14 Jan 2013 07:09:51 +0100 Subject: first iteration that adds support for checksums-{sha512,sha256} --- apt-pkg/deb/debsrcrecords.cc | 129 +++++++++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 54 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index ce55ccd1f..45cc0ae82 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -17,6 +17,7 @@ #include #include #include +#include using std::max; /*}}}*/ @@ -114,64 +115,84 @@ bool debSrcRecordParser::BuildDepends(std::vector &List) { List.erase(List.begin(),List.end()); + + const char *hash_field[] = { "Checksums-Sha512", + "Checksums-Sha256", + "Checksums-Sha1", + "Files", // historic name + NULL, + }; + const char *hash_type[] = { "Sha512", + "Sha256", + "Sha1", + "md5sum", + NULL, + }; - string Files = Sect.FindS("Files"); - if (Files.empty() == true) - return false; - - // Stash the / terminated directory prefix - string Base = Sect.FindS("Directory"); - if (Base.empty() == false && Base[Base.length()-1] != '/') - Base += '/'; - - std::vector const compExts = APT::Configuration::getCompressorExtensions(); - - // Iterate over the entire list grabbing each triplet - const char *C = Files.c_str(); - while (*C != 0) - { - pkgSrcRecords::File F; - string Size; - - // Parse each of the elements - if (ParseQuoteWord(C,F.MD5Hash) == false || - ParseQuoteWord(C,Size) == false || - ParseQuoteWord(C,F.Path) == false) - return _error->Error("Error parsing file record"); - - // Parse the size and append the directory - F.Size = atoi(Size.c_str()); - F.Path = Base + F.Path; - - // Try to guess what sort of file it is we are getting. - string::size_type Pos = F.Path.length()-1; - while (1) - { - string::size_type Tmp = F.Path.rfind('.',Pos); - if (Tmp == string::npos) - break; - if (F.Type == "tar") { - // source v3 has extension 'debian.tar.*' instead of 'diff.*' - if (string(F.Path, Tmp+1, Pos-Tmp) == "debian") - F.Type = "diff"; - break; - } - F.Type = string(F.Path,Tmp+1,Pos-Tmp); - - if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() || - F.Type == "tar") - { - Pos = Tmp-1; - continue; - } + for (int i=0; hash_field[i] != NULL; i++) + { + + string Files = Sect.FindS(hash_field[i]); + if (Files.empty() == true) + continue; + + // Stash the / terminated directory prefix + string Base = Sect.FindS("Directory"); + if (Base.empty() == false && Base[Base.length()-1] != '/') + Base += '/'; + + std::vector const compExts = APT::Configuration::getCompressorExtensions(); + + // Iterate over the entire list grabbing each triplet + const char *C = Files.c_str(); + while (*C != 0) + { + pkgSrcRecords::File F; + string Size; + + // Parse each of the elements + std::string RawHash; + if (ParseQuoteWord(C, RawHash) == false || + ParseQuoteWord(C, Size) == false || + ParseQuoteWord(C, F.Path) == false) + return _error->Error("Error parsing '%s' record", hash_field[i]); + // assign full hash string + F.Hash = HashString(hash_type[i], RawHash).toStr(); + + // Parse the size and append the directory + F.Size = atoi(Size.c_str()); + F.Path = Base + F.Path; + + // Try to guess what sort of file it is we are getting. + string::size_type Pos = F.Path.length()-1; + while (1) + { + string::size_type Tmp = F.Path.rfind('.',Pos); + if (Tmp == string::npos) + break; + if (F.Type == "tar") { + // source v3 has extension 'debian.tar.*' instead of 'diff.*' + if (string(F.Path, Tmp+1, Pos-Tmp) == "debian") + F.Type = "diff"; + break; + } + F.Type = string(F.Path,Tmp+1,Pos-Tmp); + + if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() || + F.Type == "tar") + { + Pos = Tmp-1; + continue; + } - break; - } + break; + } - List.push_back(F); + List.push_back(F); + } + break; } - - return true; + return (List.size() > 0); } /*}}}*/ // SrcRecordParser::~SrcRecordParser - Destructor /*{{{*/ -- cgit v1.2.3 From 64680d3bf12db6599e93f950546e380e0bd5ddf4 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 14 Jan 2013 07:59:52 +0100 Subject: fix skipping of already downloaded files and add some FIXMEs --- apt-pkg/deb/debsrcrecords.cc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index 45cc0ae82..c620c2298 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -116,16 +116,21 @@ bool debSrcRecordParser::Files(std::vector &List) { List.erase(List.begin(),List.end()); + // FIXME: build string dynamically from + // Hashes::SupportedHashes const char *hash_field[] = { "Checksums-Sha512", "Checksums-Sha256", "Checksums-Sha1", "Files", // historic name NULL, }; - const char *hash_type[] = { "Sha512", - "Sha256", - "Sha1", - "md5sum", + + // FIXME: use string from Hashes::SupportedHashes + // FIXME2: this is case senstivie + const char *hash_type[] = { "SHA512", + "SHA256", + "SHA1", + "MD5Sum", NULL, }; -- cgit v1.2.3 From 3bbce699ee1a5dbbe37806aee7afcc615ecc6ebe Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jan 2013 06:59:24 +0100 Subject: cleanup the hash iteration. unfortunately there is no 1:1 mapping from Hashes::SupporedHashes to the tag name --- apt-pkg/deb/debsrcrecords.cc | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index c620c2298..37d38ee5b 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -116,28 +116,21 @@ bool debSrcRecordParser::Files(std::vector &List) { List.erase(List.begin(),List.end()); - // FIXME: build string dynamically from - // Hashes::SupportedHashes - const char *hash_field[] = { "Checksums-Sha512", - "Checksums-Sha256", - "Checksums-Sha1", - "Files", // historic name - NULL, - }; - - // FIXME: use string from Hashes::SupportedHashes - // FIXME2: this is case senstivie - const char *hash_type[] = { "SHA512", - "SHA256", - "SHA1", - "MD5Sum", - NULL, + // map from the Hashsum field to the hashsum function, + // unfortunately this is not a 1:1 mapping from + // Hashes::SupporedHashes as e.g. Files is a historic name for the md5 + const std::pair SourceHashFields[] = { + std::make_pair( "Checksums-Sha512", "SHA512"), + std::make_pair( "Checksums-Sha256", "SHA256"), + std::make_pair( "Checksums-Sha1", "SHA1"), + std::make_pair( "Files", "MD5Sum"), // historic Name }; - for (int i=0; hash_field[i] != NULL; i++) + for (unsigned int i=0; + i < sizeof(SourceHashFields)/sizeof(SourceHashFields[0]); + i++) { - - string Files = Sect.FindS(hash_field[i]); + string Files = Sect.FindS(SourceHashFields[i].first); if (Files.empty() == true) continue; @@ -160,9 +153,10 @@ bool debSrcRecordParser::Files(std::vector &List) if (ParseQuoteWord(C, RawHash) == false || ParseQuoteWord(C, Size) == false || ParseQuoteWord(C, F.Path) == false) - return _error->Error("Error parsing '%s' record", hash_field[i]); + return _error->Error("Error parsing '%s' record", + SourceHashFields[i].first); // assign full hash string - F.Hash = HashString(hash_type[i], RawHash).toStr(); + F.Hash = HashString(SourceHashFields[i].second, RawHash).toStr(); // Parse the size and append the directory F.Size = atoi(Size.c_str()); -- cgit v1.2.3 From a1b5561a036ebbe416cccfb2bd476a838ddb6286 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 28 Feb 2013 18:28:44 +0100 Subject: re-add compat pkgSrcRecords::File::MD5Hash --- apt-pkg/deb/debsrcrecords.cc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index 37d38ee5b..f5fb2da4a 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -157,6 +157,9 @@ bool debSrcRecordParser::Files(std::vector &List) SourceHashFields[i].first); // assign full hash string F.Hash = HashString(SourceHashFields[i].second, RawHash).toStr(); + // API compat hack + if(SourceHashFields[i].second == "MD5Sum") + F.MD5Hash = RawHash; // Parse the size and append the directory F.Size = atoi(Size.c_str()); -- cgit v1.2.3 From feab34c5216941ca95aae1a389238a77b662d1de Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 22 Apr 2014 17:59:09 +0200 Subject: add support for apt-get build-dep foo.dsc --- apt-pkg/deb/debsrcrecords.cc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index b09588dd3..fc748c40f 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -189,3 +190,21 @@ debSrcRecordParser::~debSrcRecordParser() delete[] Buffer; } /*}}}*/ + + +debDscRecordParser::debDscRecordParser(std::string const &DscFile) + : debSrcRecordParser(DscFile, NULL) +{ + // support clear signed files + if (OpenMaybeClearSignedFile(DscFile, Fd) == false) + { + _error->Error("Failed to open %s", DscFile.c_str()); + return; + } + + // re-init to ensure the updated Fd is used + Tags.Init(&Fd); + // read the first (and only) record + Step(); + +} -- cgit v1.2.3 From a49e7948029d8219d7cb182fbc1b0adb587691b8 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 23 Apr 2014 13:51:48 +0200 Subject: create debIFTypeDscFile type --- apt-pkg/deb/debsrcrecords.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index fc748c40f..8aad81e3c 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -192,8 +192,8 @@ debSrcRecordParser::~debSrcRecordParser() /*}}}*/ -debDscRecordParser::debDscRecordParser(std::string const &DscFile) - : debSrcRecordParser(DscFile, NULL) +debDscRecordParser::debDscRecordParser(std::string const &DscFile, pkgIndexFile const *Index) + : debSrcRecordParser(DscFile, Index) { // support clear signed files if (OpenMaybeClearSignedFile(DscFile, Fd) == false) -- cgit v1.2.3 From 1262d35895c930f3fa49d7b4182cdd7a4a841f74 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 18 Aug 2013 23:27:24 +0200 Subject: use 'best' hash for source authentication Collect all hashes we can get from the source record and put them into a HashStringList so that 'apt-get source' can use it instead of using always the MD5sum. We therefore also deprecate the MD5 struct member in favor of the list. While at it, the parsing of the Files is enhanced so that records which miss "Files" (aka MD5 checksums) are still searched for other checksums as they include just as much data, just not with a nice and catchy name. LP: 1098738 --- apt-pkg/deb/debsrcrecords.cc | 170 +++++++++++++++++++++++++------------------ 1 file changed, 99 insertions(+), 71 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index 7b9a828d3..bf5e56ec9 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -124,85 +124,113 @@ bool debSrcRecordParser::Files(std::vector &List) { List.erase(List.begin(),List.end()); - // map from the Hashsum field to the hashsum function, - // unfortunately this is not a 1:1 mapping from - // Hashes::SupporedHashes as e.g. Files is a historic name for the md5 - const std::pair SourceHashFields[] = { - std::make_pair( "Checksums-Sha512", "SHA512"), - std::make_pair( "Checksums-Sha256", "SHA256"), - std::make_pair( "Checksums-Sha1", "SHA1"), - std::make_pair( "Files", "MD5Sum"), // historic Name - }; - - for (unsigned int i=0; - i < sizeof(SourceHashFields)/sizeof(SourceHashFields[0]); - i++) - { - string Files = Sect.FindS(SourceHashFields[i].first); - if (Files.empty() == true) - continue; + // Stash the / terminated directory prefix + string Base = Sect.FindS("Directory"); + if (Base.empty() == false && Base[Base.length()-1] != '/') + Base += '/'; - // Stash the / terminated directory prefix - string Base = Sect.FindS("Directory"); - if (Base.empty() == false && Base[Base.length()-1] != '/') - Base += '/'; + std::vector const compExts = APT::Configuration::getCompressorExtensions(); - std::vector const compExts = APT::Configuration::getCompressorExtensions(); + for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + { + // derive field from checksum type + std::string checksumField("Checksums-"); + if (strcmp(*type, "MD5Sum") == 0) + checksumField = "Files"; // historic name for MD5 checksums + else + checksumField.append(*type); + + string const Files = Sect.FindS(checksumField.c_str()); + if (Files.empty() == true) + continue; // Iterate over the entire list grabbing each triplet const char *C = Files.c_str(); while (*C != 0) - { - pkgSrcRecords::File F; - string Size; - - // Parse each of the elements - std::string RawHash; - if (ParseQuoteWord(C, RawHash) == false || - ParseQuoteWord(C, Size) == false || - ParseQuoteWord(C, F.Path) == false) - return _error->Error("Error parsing '%s' record", - SourceHashFields[i].first); - // assign full hash string - F.Hash = HashString(SourceHashFields[i].second, RawHash).toStr(); - // API compat hack - if(strcmp(SourceHashFields[i].second, "MD5Sum") == 0) - F.MD5Hash = RawHash; - - // Parse the size and append the directory - F.Size = atoi(Size.c_str()); - F.Path = Base + F.Path; - - // Try to guess what sort of file it is we are getting. - string::size_type Pos = F.Path.length()-1; - while (1) - { - string::size_type Tmp = F.Path.rfind('.',Pos); - if (Tmp == string::npos) - break; - if (F.Type == "tar") { - // source v3 has extension 'debian.tar.*' instead of 'diff.*' - if (string(F.Path, Tmp+1, Pos-Tmp) == "debian") - F.Type = "diff"; - break; - } - F.Type = string(F.Path,Tmp+1,Pos-Tmp); - - if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() || - F.Type == "tar") - { - Pos = Tmp-1; - continue; - } - - break; - } - - List.push_back(F); + { + string hash, size, path; + + // Parse each of the elements + if (ParseQuoteWord(C, hash) == false || + ParseQuoteWord(C, size) == false || + ParseQuoteWord(C, path) == false) + return _error->Error("Error parsing file record in %s of source package %s", checksumField.c_str(), Package().c_str()); + + HashString const hashString(*type, hash); + if (Base.empty() == false) + path = Base + path; + + // look if we have a record for this file already + std::vector::iterator file = List.begin(); + for (; file != List.end(); ++file) + if (file->Path == path) + break; + + // we have it already, store the new hash and be done + if (file != List.end()) + { +#if __GNUC__ >= 4 + // set for compatibility only, so warn users not us + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + if (checksumField == "Files") + file->MD5Hash = hash; +#if __GNUC__ >= 4 + #pragma GCC diagnostic pop +#endif + // an error here indicates that we have two different hashes for the same file + if (file->Hashes.push_back(hashString) == false) + return _error->Error("Error parsing checksum in %s of source package %s", checksumField.c_str(), Package().c_str()); + continue; + } + + // we haven't seen this file yet + pkgSrcRecords::File F; + F.Path = path; + F.Size = strtoull(size.c_str(), NULL, 10); + F.Hashes.push_back(hashString); + +#if __GNUC__ >= 4 + // set for compatibility only, so warn users not us + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + if (checksumField == "Files") + F.MD5Hash = hash; +#if __GNUC__ >= 4 + #pragma GCC diagnostic pop +#endif + + // Try to guess what sort of file it is we are getting. + string::size_type Pos = F.Path.length()-1; + while (1) + { + string::size_type Tmp = F.Path.rfind('.',Pos); + if (Tmp == string::npos) + break; + if (F.Type == "tar") { + // source v3 has extension 'debian.tar.*' instead of 'diff.*' + if (string(F.Path, Tmp+1, Pos-Tmp) == "debian") + F.Type = "diff"; + break; + } + F.Type = string(F.Path,Tmp+1,Pos-Tmp); + + if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() || + F.Type == "tar") + { + Pos = Tmp-1; + continue; + } + + break; + } + List.push_back(F); } - break; } - return (List.size() > 0); + + return true; } /*}}}*/ // SrcRecordParser::~SrcRecordParser - Destructor /*{{{*/ -- cgit v1.2.3 From 7f48c4dfbb1f27c51044edde0692d7446ee74438 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 27 May 2014 23:42:10 +0200 Subject: use free() instead of delete[] in debSrcRecordParser::~debSrcRecordParser The Buffer was allocated using strndup() so we need to free it using free() instead of delete[] --- apt-pkg/deb/debsrcrecords.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index b09588dd3..a444cbe4d 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -186,6 +186,7 @@ bool debSrcRecordParser::Files(std::vector &List) /* */ debSrcRecordParser::~debSrcRecordParser() { - delete[] Buffer; + // was allocated via strndup() + free(Buffer); } /*}}}*/ -- cgit v1.2.3 From 80624be7c54aec6ed98ee254366155024fca1a71 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 28 May 2014 10:29:23 +0200 Subject: Fix more warnings from clang Reported-By: clang++ -Werror Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/deb/debmetaindex.h --- apt-pkg/deb/debsrcrecords.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index bf5e56ec9..76ba670c6 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -57,12 +57,13 @@ const char **debSrcRecordParser::Binaries() char* binStartNext = strchrnul(bin, ','); char* binEnd = binStartNext - 1; for (; isspace(*binEnd) != 0; --binEnd) - binEnd = '\0'; + binEnd = 0; StaticBinList.push_back(bin); if (*binStartNext != ',') break; *binStartNext = '\0'; - for (bin = binStartNext + 1; isspace(*bin) != 0; ++bin); + for (bin = binStartNext + 1; isspace(*bin) != 0; ++bin) + ; } while (*bin != '\0'); StaticBinList.push_back(NULL); -- cgit v1.2.3 From 586d8704716a10e0f8b9c400cab500f5353eebe6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Oct 2014 23:17:03 +0100 Subject: replace ignore-deprecated #pragma dance with _Pragma For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore --- apt-pkg/deb/debsrcrecords.cc | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index 97f43aca2..d3c137bb9 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -170,16 +170,8 @@ bool debSrcRecordParser::Files(std::vector &List) // we have it already, store the new hash and be done if (file != List.end()) { -#if __GNUC__ >= 4 - // set for compatibility only, so warn users not us - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif if (checksumField == "Files") - file->MD5Hash = hash; -#if __GNUC__ >= 4 - #pragma GCC diagnostic pop -#endif + APT_IGNORE_DEPRECATED(file->MD5Hash = hash;) // an error here indicates that we have two different hashes for the same file if (file->Hashes.push_back(hashString) == false) return _error->Error("Error parsing checksum in %s of source package %s", checksumField.c_str(), Package().c_str()); @@ -192,16 +184,8 @@ bool debSrcRecordParser::Files(std::vector &List) F.Size = strtoull(size.c_str(), NULL, 10); F.Hashes.push_back(hashString); -#if __GNUC__ >= 4 - // set for compatibility only, so warn users not us - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif if (checksumField == "Files") - F.MD5Hash = hash; -#if __GNUC__ >= 4 - #pragma GCC diagnostic pop -#endif + APT_IGNORE_DEPRECATED(F.MD5Hash = hash;) // Try to guess what sort of file it is we are getting. string::size_type Pos = F.Path.length()-1; -- cgit v1.2.3 From 3a2b39ee602dd5a98b8fdaee2f1c8e0b13a276e2 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 18 Aug 2013 23:27:24 +0200 Subject: use 'best' hash for source authentication Collect all hashes we can get from the source record and put them into a HashStringList so that 'apt-get source' can use it instead of using always the MD5sum. We therefore also deprecate the MD5 struct member in favor of the list. While at it, the parsing of the Files is enhanced so that records which miss "Files" (aka MD5 checksums) are still searched for other checksums as they include just as much data, just not with a nice and catchy name. This is a cherry-pick of 1262d35 with some dirty tricks to preserve ABI. LP: 1098738 --- apt-pkg/deb/debsrcrecords.cc | 162 +++++++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 44 deletions(-) (limited to 'apt-pkg/deb/debsrcrecords.cc') diff --git a/apt-pkg/deb/debsrcrecords.cc b/apt-pkg/deb/debsrcrecords.cc index a444cbe4d..49a348dd4 100644 --- a/apt-pkg/deb/debsrcrecords.cc +++ b/apt-pkg/deb/debsrcrecords.cc @@ -118,13 +118,32 @@ bool debSrcRecordParser::BuildDepends(std::vector &List) +bool debSrcRecordParser::Files(std::vector &F) { - List.erase(List.begin(),List.end()); - - string Files = Sect.FindS("Files"); - if (Files.empty() == true) + std::vector F2; + if (Files2(F2) == false) return false; + for (std::vector::const_iterator f2 = F2.begin(); f2 != F2.end(); ++f2) + { + pkgSrcRecords::File2 f; +#if __GNUC__ >= 4 + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + f.MD5Hash = f2->MD5Hash; + f.Size = f2->Size; +#if __GNUC__ >= 4 + #pragma GCC diagnostic pop +#endif + f.Path = f2->Path; + f.Type = f2->Type; + F.push_back(f); + } + return true; +} +bool debSrcRecordParser::Files2(std::vector &List) +{ + List.clear(); // Stash the / terminated directory prefix string Base = Sect.FindS("Directory"); @@ -133,51 +152,106 @@ bool debSrcRecordParser::Files(std::vector &List) std::vector const compExts = APT::Configuration::getCompressorExtensions(); - // Iterate over the entire list grabbing each triplet - const char *C = Files.c_str(); - while (*C != 0) - { - pkgSrcRecords::File F; - string Size; - - // Parse each of the elements - if (ParseQuoteWord(C,F.MD5Hash) == false || - ParseQuoteWord(C,Size) == false || - ParseQuoteWord(C,F.Path) == false) - return _error->Error("Error parsing file record"); - - // Parse the size and append the directory - F.Size = atoi(Size.c_str()); - F.Path = Base + F.Path; - - // Try to guess what sort of file it is we are getting. - string::size_type Pos = F.Path.length()-1; - while (1) + for (char const * const * type = HashString::SupportedHashes(); *type != NULL; ++type) + { + // derive field from checksum type + std::string checksumField("Checksums-"); + if (strcmp(*type, "MD5Sum") == 0) + checksumField = "Files"; // historic name for MD5 checksums + else + checksumField.append(*type); + + string const Files = Sect.FindS(checksumField.c_str()); + if (Files.empty() == true) + continue; + + // Iterate over the entire list grabbing each triplet + const char *C = Files.c_str(); + while (*C != 0) { - string::size_type Tmp = F.Path.rfind('.',Pos); - if (Tmp == string::npos) - break; - if (F.Type == "tar") { - // source v3 has extension 'debian.tar.*' instead of 'diff.*' - if (string(F.Path, Tmp+1, Pos-Tmp) == "debian") - F.Type = "diff"; - break; - } - F.Type = string(F.Path,Tmp+1,Pos-Tmp); - - if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() || - F.Type == "tar") + string hash, size, path; + + // Parse each of the elements + if (ParseQuoteWord(C, hash) == false || + ParseQuoteWord(C, size) == false || + ParseQuoteWord(C, path) == false) + return _error->Error("Error parsing file record in %s of source package %s", checksumField.c_str(), Package().c_str()); + + HashString const hashString(*type, hash); + if (Base.empty() == false) + path = Base + path; + + // look if we have a record for this file already + std::vector::iterator file = List.begin(); + for (; file != List.end(); ++file) + if (file->Path == path) + break; + + // we have it already, store the new hash and be done + if (file != List.end()) { - Pos = Tmp-1; +#if __GNUC__ >= 4 + // set for compatibility only, so warn users not us + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + if (checksumField == "Files") + file->MD5Hash = hash; +#if __GNUC__ >= 4 + #pragma GCC diagnostic pop +#endif + // an error here indicates that we have two different hashes for the same file + if (file->Hashes.push_back(hashString) == false) + return _error->Error("Error parsing checksum in %s of source package %s", checksumField.c_str(), Package().c_str()); continue; } - - break; + + // we haven't seen this file yet + pkgSrcRecords::File2 F; + F.Path = path; + F.FileSize = strtoull(size.c_str(), NULL, 10); + F.Hashes.push_back(hashString); + +#if __GNUC__ >= 4 + // set for compatibility only, so warn users not us + #pragma GCC diagnostic push + #pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif + F.Size = F.FileSize; + if (checksumField == "Files") + F.MD5Hash = hash; +#if __GNUC__ >= 4 + #pragma GCC diagnostic pop +#endif + + // Try to guess what sort of file it is we are getting. + string::size_type Pos = F.Path.length()-1; + while (1) + { + string::size_type Tmp = F.Path.rfind('.',Pos); + if (Tmp == string::npos) + break; + if (F.Type == "tar") { + // source v3 has extension 'debian.tar.*' instead of 'diff.*' + if (string(F.Path, Tmp+1, Pos-Tmp) == "debian") + F.Type = "diff"; + break; + } + F.Type = string(F.Path,Tmp+1,Pos-Tmp); + + if (std::find(compExts.begin(), compExts.end(), std::string(".").append(F.Type)) != compExts.end() || + F.Type == "tar") + { + Pos = Tmp-1; + continue; + } + + break; + } + List.push_back(F); } - - List.push_back(F); } - + return true; } /*}}}*/ -- cgit v1.2.3