verify hash of remote files

Signed-off-by: Gordon Hecker <gh@emlix.com>

diff --git a/Changelog b/Changelog
index 852e8e5caa5ecba7bb0a16325431daccc920f9d4..0f45b616d9a3c3513eafd77d04fd97d2e4bf39c4 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -4,6 +4,7 @@ NEXT:
  * rotate build logfiles
  * introduce a hash cache depending on timestamps to further speed up
    BuildId calculation
+ * release mode verifies hashes for server side files
 
 e2factory-2.3.2
  * temporary build directories are located in a version specific directory

diff --git a/local/e2tool.lua b/local/e2tool.lua
index a701e1b9af76db10800cf9a34d95ee4ace3161a4..4926327177cc85d3dc7541287ed5c2959475ce4c 100644 (file)
--- a/local/e2tool.lua
+++ b/local/e2tool.lua
@@ -1413,6 +1413,63 @@ function e2tool.hashcache(info, file)
        return fileid
 end
 
+--- verify that remote files match the checksum. The check is skipped when
+-- check-remote is not enabled or cache is not enabled.
+-- @param info
+-- @param file table: file table from configuration
+-- @param fileid string: hash to verify against
+-- @return bool
+-- @return an error object on failure
+function e2tool.verify_remote_fileid(info, file, fileid)
+       local rc, re
+       local e = new_error("error calculating remote file id for file %s:%s",
+                                               file.server, file.location)
+       if not cache.cache_enabled(info.cache, file.server) or
+          not e2option.opts["check-remote"] then
+               e2lib.logf(4, "checksum for remote file %s:%s skip verifying",
+                                               file.server, file.location)
+               return true, nil
+       end
+       local surl, re = cache.remote_url(info.cache, file.server,
+                                                               file.location)
+       if not surl then
+               return false, e:cat(re)
+       end
+       local u, re = url.parse(surl)
+       if not u then
+               return false, e:cat(re)
+       end
+       local cmd = "sha1sum"
+       local retcmd
+       if u.transport == "ssh" or u.transport == "scp" or
+               u.transport == "rsync+ssh" then
+               local ssh = transport.get_tool("ssh")
+               retcmd = string.format("%s '%s' %s /%s", ssh, u.server,
+                                                               cmd, u.path)
+       elseif u.transport == "file" then
+               retcmd = string.format("%s /%s", cmd, u.path)
+       else
+               return nil, new_error("transport not supported: %s",
+                                                               u.transport)
+       end
+       local p = io.popen(retcmd, "r")
+       if not p then
+               return nil, e:cat(re)
+       end
+       local remote_fileid = p:read()
+       if not remote_fileid then
+               return nil, e:cat(re)
+       end
+       if fileid ~= remote_fileid:sub(1,40) then
+               return false, new_error(
+                       "checksum for remote file %s:%s does not match",
+                       file.server, file.location)
+       end
+       e2lib.logf(4, "checksum for remote file %s:%s matches",
+                                               file.server, file.location)
+       return true
+end
+
 --- calculate a representation for file content. The name and location
 -- attributes are not included.
 -- @param file table: file table from configuration
@@ -1431,6 +1488,10 @@ function e2tool.fileid(info, file)
                        return nil, e:cat(re)
                end
        end
+       local rc, re = e2tool.verify_remote_fileid(info, file, fileid)
+       if not rc then
+               return nil, re
+       end
        return fileid
 end