[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-buildsys-list
Subject:    Possible Starter Code For Ticket #119
From:       Jon Chiappetta <jon.chiappetta () senecac ! on ! ca>
Date:       2011-12-03 5:38:54
Message-ID: fc00ea2bed7b.4ed96f9e () senecac ! on ! ca
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I saw a request for Koji to use a stronger cryptographic hash function such as SHA256 
( https://fedorahosted.org/koji/ticket/119 ) on RPM packages. I took some time in reading how the 
RPMTAG_SIGMD5 is calculated and implemented some Python code to hash the same RPM data 
using hashlib's SHA256 module. The outputted SHA256 digest can be stored in Koji's DB and 
also retrieved/calculated/checked with any new packages that are being submitted. 


$ rpm -q --queryformat '%{RPMTAG_SIGMD5}' -p "gcc-4.6.2-1.fc17.1.src.rpm"
c88e96685e7eb3a124a5707b1bc41333
$ python sha2pay.py gcc-4.6.2-1.fc17.1.src.rpm
['c88e96685e7eb3a124a5707b1bc41333', 'c729d818d5468f8b1147cb70b266992f92f58c9dace218417c7582427d1e5561']


Source code:



import hashlib
import os
import struct
import subprocess
import sys


def sha2pay(fn):
	# http://www.iagora.com/~espel/rpm2cpio
	
	nel = 0
	f = open(fn, "r")
	
	rpm = f.read(96)
	if (len(rpm) != 96):
		#print("error reading lead 96.0")
		return None
	nel += len(rpm)
	
	# http://perldoc.perl.org/functions/pack.html
	# http://docs.python.org/library/struct.html
	
	(magic, major, minor, rest) = struct.unpack(">LBB90s", rpm)
	
	if (magic != 0xedabeedb):
		#print("incorrect lead magic")
		return None
	
	if ((major != 3) and (major != 4)):
		#print("incorrect lead major")
		return None
	
	# http://docs.python.org/library/stdtypes.html
	
	while (1):
		pos = nel
		rpm = f.read(16)
		if (len(rpm) != 16):
			#print("error reading header 16.0")
			return None
		nel += len(rpm)
		(smagic, rest) = struct.unpack(">H14s", rpm)
		if ((smagic == 0x1f8b) or (smagic == 0x425a)):
			break
		if (pos & 0x7):
			pos += 7
			pos &= (~0x7)
			f.seek(pos, 0)
			nel = pos
			rpm = f.read(16)
			if (len(rpm) != 16):
				#print("error reading header 16.1")
				return None
			nel += len(rpm)
		left = (len(rpm) - 16)
		(magic, data, sections, bytes, rest) = struct.unpack(">4L" + str(left) + "s", rpm)
		if (magic != 0x8eade801):
			#print("incorrect header magic")
			return None
		# beg custom
		f.seek(pos + 16, 0)
		tmp = f.read((16 * sections) + bytes)
		head = (rpm + tmp)
		# end custom
		pos += 16
		pos += (16 * sections)
		pos += bytes
		f.seek(pos, 0)
		nel = pos
	
	if ((smagic != 0x1f8b) and (smagic != 0x425a)):
		#print("unknown compression format")
		return None
	
	while (1):
		tmp = f.read(16384)
		
		if (not tmp):
			break
		
		rpm += tmp
	
	f.close()
	return [hashlib.md5(head + rpm).hexdigest(), hashlib.sha256(head + rpm).hexdigest()]



[Attachment #5 (text/html)]

I saw a request for Koji to use a stronger cryptographic hash function such as \
SHA256&nbsp;<br>( https://fedorahosted.org/koji/ticket/119 ) on RPM packages. I took \
some&nbsp;time in reading how the&nbsp;<br>RPMTAG_SIGMD5 is calculated and \
implemented some Python code&nbsp;to hash the same RPM data&nbsp;<br>using hashlib's \
SHA256 module. The outputted SHA256 digest can be stored in Koji's DB \
and&nbsp;<br>also&nbsp;retrieved/calculated/checked with any new packages that are \
being submitted.&nbsp;<br><br><br>$ rpm -q --queryformat '%{RPMTAG_SIGMD5}' -p \
"gcc-4.6.2-1.fc17.1.src.rpm"<br>c88e96685e7eb3a124a5707b1bc41333<br>$ python \
sha2pay.py gcc-4.6.2-1.fc17.1.src.rpm<br>['c88e96685e7eb3a124a5707b1bc41333', \
'c729d818d5468f8b1147cb70b266992f92f58c9dace218417c7582427d1e5561']<br><br><br>Source \
code:<br><br><br><br>import hashlib<br>import os<br>import struct<br>import \
subprocess<br>import sys<br><br><br>def sha2pay(fn):<br><span class="Apple-tab-span" \
style="white-space:pre">	</span># http://www.iagora.com/~espel/rpm2cpio<br><span \
class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>nel = 0<br><span \
class="Apple-tab-span" style="white-space:pre">	</span>f = open(fn, "r")<br><span \
class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>rpm = f.read(96)<br><span \
class="Apple-tab-span" style="white-space:pre">	</span>if (len(rpm) != 96):<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>#print("error reading lead \
96.0")<br><span class="Apple-tab-span" style="white-space:pre">		</span>return \
None<br><span class="Apple-tab-span" style="white-space:pre">	</span>nel += \
len(rpm)<br><span class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span># \
http://perldoc.perl.org/functions/pack.html<br><span class="Apple-tab-span" \
style="white-space:pre">	</span># http://docs.python.org/library/struct.html<br><span \
class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>(magic, major, minor, rest) = \
struct.unpack("&gt;LBB90s", rpm)<br><span class="Apple-tab-span" \
style="white-space:pre">	</span><br><span class="Apple-tab-span" \
style="white-space:pre">	</span>if (magic != 0xedabeedb):<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>#print("incorrect lead \
magic")<br><span class="Apple-tab-span" style="white-space:pre">		</span>return \
None<br><span class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>if ((major != 3) and (major != \
4)):<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>#print("incorrect lead major")<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>return None<br><span \
class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span># \
http://docs.python.org/library/stdtypes.html<br><span class="Apple-tab-span" \
style="white-space:pre">	</span><br><span class="Apple-tab-span" \
style="white-space:pre">	</span>while (1):<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>pos = nel<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>rpm = f.read(16)<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>if (len(rpm) != 16):<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>#print("error reading header 16.0")<br><span \
class="Apple-tab-span" style="white-space:pre">			</span>return None<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>nel += len(rpm)<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>(smagic, rest) = \
struct.unpack("&gt;H14s", rpm)<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>if ((smagic == 0x1f8b) or (smagic == \
0x425a)):<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>break<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>if (pos &amp; 0x7):<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>pos += 7<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>pos &amp;= (~0x7)<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>f.seek(pos, 0)<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>nel = pos<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>rpm = f.read(16)<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>if (len(rpm) != 16):<br><span \
class="Apple-tab-span" style="white-space:pre">				</span>#print("error reading \
header 16.1")<br><span class="Apple-tab-span" \
style="white-space:pre">				</span>return None<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>nel += len(rpm)<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>left = (len(rpm) - 16)<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>(magic, data, sections, \
bytes, rest) = struct.unpack("&gt;4L" + str(left) + "s", rpm)<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>if (magic != \
0x8eade801):<br><span class="Apple-tab-span" \
style="white-space:pre">			</span>#print("incorrect header magic")<br><span \
class="Apple-tab-span" style="white-space:pre">			</span>return None<br><span \
class="Apple-tab-span" style="white-space:pre">		</span># beg custom<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>f.seek(pos + 16, 0)<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>tmp = f.read((16 * sections) \
+ bytes)<br><span class="Apple-tab-span" style="white-space:pre">		</span>head = (rpm \
+ tmp)<br><span class="Apple-tab-span" style="white-space:pre">		</span># end \
custom<br><span class="Apple-tab-span" style="white-space:pre">		</span>pos += \
16<br><span class="Apple-tab-span" style="white-space:pre">		</span>pos += (16 * \
sections)<br><span class="Apple-tab-span" style="white-space:pre">		</span>pos += \
bytes<br><span class="Apple-tab-span" style="white-space:pre">		</span>f.seek(pos, \
0)<br><span class="Apple-tab-span" style="white-space:pre">		</span>nel = \
pos<br><span class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>if ((smagic != 0x1f8b) and \
(smagic != 0x425a)):<br><span class="Apple-tab-span" \
style="white-space:pre">		</span>#print("unknown compression format")<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>return None<br><span \
class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>while (1):<br><span \
class="Apple-tab-span" style="white-space:pre">		</span>tmp = f.read(16384)<br><span \
class="Apple-tab-span" style="white-space:pre">		</span><br><span \
class="Apple-tab-span" style="white-space:pre">		</span>if (not tmp):<br><span \
class="Apple-tab-span" style="white-space:pre">			</span>break<br><span \
class="Apple-tab-span" style="white-space:pre">		</span><br><span \
class="Apple-tab-span" style="white-space:pre">		</span>rpm += tmp<br><span \
class="Apple-tab-span" style="white-space:pre">	</span><br><span \
class="Apple-tab-span" style="white-space:pre">	</span>f.close()<br><span \
class="Apple-tab-span" style="white-space:pre">	</span>return [hashlib.md5(head + \
rpm).hexdigest(), hashlib.sha256(head + rpm).hexdigest()]<br>


[Attachment #6 (text/plain)]

--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic