Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.recipe.cmmi
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Xavier Thompson
slapos.recipe.cmmi
Commits
3f615d12
Commit
3f615d12
authored
Aug 13, 2021
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
New integrity option to replace md5sum
This allow using stronger hashes
parent
1dc49d3e
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
130 additions
and
1 deletion
+130
-1
slapos/recipe/cmmi/README.rst
slapos/recipe/cmmi/README.rst
+124
-0
slapos/recipe/cmmi/__init__.py
slapos/recipe/cmmi/__init__.py
+6
-1
No files found.
slapos/recipe/cmmi/README.rst
View file @
3f615d12
...
@@ -39,12 +39,22 @@ Supported options
...
@@ -39,12 +39,22 @@ Supported options
Shared
option
is
True
or
False
Shared
option
is
True
or
False
The
package
will
be
installed
on
path
/
name
/
hash
of
options
.
The
package
will
be
installed
on
path
/
name
/
hash
of
options
.
``
integrity
``
Hashes
for
the
package
file
.
This
is
expressed
in
``
algorithm
:
hash
``
format
,
for
example
:
``
sha256
:
5891
b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03
``
If
specified
,
the
checksum
of
the
downloaded
package
will
be
compared
to
this
value
and
if
the
values
do
not
match
the
execution
of
the
recipe
will
fail
.
``
md5sum
``
``
md5sum
``
MD5
checksum
for
the
package
file
.
If
available
the
MD5
MD5
checksum
for
the
package
file
.
If
available
the
MD5
checksum
of
the
downloaded
package
will
be
compared
to
this
value
checksum
of
the
downloaded
package
will
be
compared
to
this
value
and
if
the
values
do
not
match
the
execution
of
the
recipe
will
and
if
the
values
do
not
match
the
execution
of
the
recipe
will
fail
.
fail
.
This
option
is
deprecated
and
``
integrity
``
should
be
preferred
.
``
make
-
binary
``
``
make
-
binary
``
...
@@ -336,6 +346,120 @@ default build options.
...
@@ -336,6 +346,120 @@ default build options.
As we can see the configure script was called with the ``--prefix``
As we can see the configure script was called with the ``--prefix``
option by default followed by calls to ``make`` and ``make install``.
option by default followed by calls to ``make`` and ``make install``.
Verifying the download integrity
================================
With ``integrity`` option, we can specify the expected hash of the package.
With a correct hash, everything is OK:
>>> write('
buildout
.
cfg
',
... """
... [buildout]
... newest = false
... parts = packagex
...
... [packagex]
... recipe = slapos.recipe.cmmi
... url = file://%s
... integrity = sha256:32605be560ddfb4c3ff0542949e2953b4d126bd804e42c9667b95b255e6d3f82
... """ % package_path)
>>> print(system(buildout))
Uninstalling packagex.
Installing packagex.
configure --prefix=/sample_buildout/parts/packagex
building package
installing package
<BLANKLINE>
but when the hash does not match, an error occurs:
>>> write('
buildout
.
cfg
',
... """
... [buildout]
... newest = false
... parts = packagex
...
... [packagex]
... recipe = slapos.recipe.cmmi
... url = file://%s
... integrity = sha256:wronghash
... """ % package_path)
>>> print(system(buildout))
Uninstalling packagex.
Installing packagex.
While:
Installing packagex.
Error: Checksum mismatch for local resource at '
/
testdata
/
package
-
0.0.0
.
tar
.
gz
'.
<BLANKLINE>
This replaces the old ``md5sum`` option:
>>> write('
buildout
.
cfg
',
... """
... [buildout]
... newest = false
... parts = packagex
...
... [packagex]
... recipe = slapos.recipe.cmmi
... url = file://%s
... md5sum = 6b94295c042a91ea3203857326bc9209
... """ % package_path)
>>> print(system(buildout))
Installing packagex.
configure --prefix=/sample_buildout/parts/packagex
building package
installing package
<BLANKLINE>
>>> write('
buildout
.
cfg
',
... """
... [buildout]
... newest = false
... parts = packagex
...
... [packagex]
... recipe = slapos.recipe.cmmi
... url = file://%s
... md5sum = wrong
... """ % package_path)
>>> print(system(buildout))
Uninstalling packagex.
Installing packagex.
While:
Installing packagex.
Error: MD5 checksum mismatch for local resource at '
/
testdata
/
package
-
0.0.0
.
tar
.
gz
'.
<BLANKLINE>
when both are specified, ``integrity`` has priority:
>>> write('
buildout
.
cfg
',
... """
... [buildout]
... newest = false
... parts = packagex
...
... [packagex]
... recipe = slapos.recipe.cmmi
... url = file://%s
... md5sum = wrong
... integrity = sha256:32605be560ddfb4c3ff0542949e2953b4d126bd804e42c9667b95b255e6d3f82
... """ % package_path)
>>> print(system(buildout))
Installing packagex.
configure --prefix=/sample_buildout/parts/packagex
building package
installing package
<BLANKLINE>
Installing a Perl package
Installing a Perl package
=========================
=========================
...
...
slapos/recipe/cmmi/__init__.py
View file @
3f615d12
...
@@ -316,7 +316,12 @@ class Recipe(object):
...
@@ -316,7 +316,12 @@ class Recipe(object):
shutil
.
rmtree
(
compile_dir
)
shutil
.
rmtree
(
compile_dir
)
os
.
makedirs
(
compile_dir
)
os
.
makedirs
(
compile_dir
)
try
:
try
:
self
.
options
.
get
(
'md5sum'
)
# so that buildout does not complain "unused option md5sum"
# Access options, so that buildout does not complain about
# unused options, because we copy the options for download.
# Note that if integrity exist, md5sum will be not used, so
# we don't get it in that case.
if
not
self
.
options
.
get
(
'integrity'
):
self
.
options
.
get
(
'md5sum'
)
opt
=
self
.
options
.
copy
()
opt
=
self
.
options
.
copy
()
opt
[
'destination'
]
=
compile_dir
opt
[
'destination'
]
=
compile_dir
# no need to shared build for compile dir
# no need to shared build for compile dir
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment