[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-buildsys-list
Subject: Possible Starter Code For Ticket #119
From: Jon Chiappetta <jon.chiappetta () senecac ! on ! ca>
Date: 2011-12-03 5:38:54
Message-ID: fc00ea2bed7b.4ed96f9e () senecac ! on ! ca
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I saw a request for Koji to use a stronger cryptographic hash function such as SHA256
( https://fedorahosted.org/koji/ticket/119 ) on RPM packages. I took some time in reading how the
RPMTAG_SIGMD5 is calculated and implemented some Python code to hash the same RPM data
using hashlib's SHA256 module. The outputted SHA256 digest can be stored in Koji's DB and
also retrieved/calculated/checked with any new packages that are being submitted.
$ rpm -q --queryformat '%{RPMTAG_SIGMD5}' -p "gcc-4.6.2-1.fc17.1.src.rpm"
c88e96685e7eb3a124a5707b1bc41333
$ python sha2pay.py gcc-4.6.2-1.fc17.1.src.rpm
['c88e96685e7eb3a124a5707b1bc41333', 'c729d818d5468f8b1147cb70b266992f92f58c9dace218417c7582427d1e5561']
Source code:
import hashlib
import os
import struct
import subprocess
import sys
def sha2pay(fn):
# http://www.iagora.com/~espel/rpm2cpio
nel = 0
f = open(fn, "r")
rpm = f.read(96)
if (len(rpm) != 96):
#print("error reading lead 96.0")
return None
nel += len(rpm)
# http://perldoc.perl.org/functions/pack.html
# http://docs.python.org/library/struct.html
(magic, major, minor, rest) = struct.unpack(">LBB90s", rpm)
if (magic != 0xedabeedb):
#print("incorrect lead magic")
return None
if ((major != 3) and (major != 4)):
#print("incorrect lead major")
return None
# http://docs.python.org/library/stdtypes.html
while (1):
pos = nel
rpm = f.read(16)
if (len(rpm) != 16):
#print("error reading header 16.0")
return None
nel += len(rpm)
(smagic, rest) = struct.unpack(">H14s", rpm)
if ((smagic == 0x1f8b) or (smagic == 0x425a)):
break
if (pos & 0x7):
pos += 7
pos &= (~0x7)
f.seek(pos, 0)
nel = pos
rpm = f.read(16)
if (len(rpm) != 16):
#print("error reading header 16.1")
return None
nel += len(rpm)
left = (len(rpm) - 16)
(magic, data, sections, bytes, rest) = struct.unpack(">4L" + str(left) + "s", rpm)
if (magic != 0x8eade801):
#print("incorrect header magic")
return None
# beg custom
f.seek(pos + 16, 0)
tmp = f.read((16 * sections) + bytes)
head = (rpm + tmp)
# end custom
pos += 16
pos += (16 * sections)
pos += bytes
f.seek(pos, 0)
nel = pos
if ((smagic != 0x1f8b) and (smagic != 0x425a)):
#print("unknown compression format")
return None
while (1):
tmp = f.read(16384)
if (not tmp):
break
rpm += tmp
f.close()
return [hashlib.md5(head + rpm).hexdigest(), hashlib.sha256(head + rpm).hexdigest()]
[Attachment #5 (text/html)]
I saw a request for Koji to use a stronger cryptographic hash function such as \
SHA256 <br>( https://fedorahosted.org/koji/ticket/119 ) on RPM packages. I took \
some time in reading how the <br>RPMTAG_SIGMD5 is calculated and \
implemented some Python code to hash the same RPM data <br>using hashlib's \
SHA256 module. The outputted SHA256 digest can be stored in Koji's DB \
and <br>also retrieved/calculated/checked with any new packages that are \
being submitted. <br><br><br>$ rpm -q --queryformat '%{RPMTAG_SIGMD5}' -p \
"gcc-4.6.2-1.fc17.1.src.rpm"<br>c88e96685e7eb3a124a5707b1bc41333<br>$ python \
sha2pay.py gcc-4.6.2-1.fc17.1.src.rpm<br>['c88e96685e7eb3a124a5707b1bc41333', \
'c729d818d5468f8b1147cb70b266992f92f58c9dace218417c7582427d1e5561']<br><br><br>Source \
code:<br><br><br><br>import hashlib<br>import os<br>import struct<br>import \
subprocess<br>import sys<br><br><br>def sha2pay(fn):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span># http://www.iagora.com/~espel/rpm2cpio<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>nel = 0<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>f = open(fn, "r")<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>rpm = f.read(96)<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>if (len(rpm) != 96):<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>#print("error reading lead \
96.0")<br><span class="Apple-tab-span" style="white-space:pre"> </span>return \
None<br><span class="Apple-tab-span" style="white-space:pre"> </span>nel += \
len(rpm)<br><span class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span># \
http://perldoc.perl.org/functions/pack.html<br><span class="Apple-tab-span" \
style="white-space:pre"> </span># http://docs.python.org/library/struct.html<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>(magic, major, minor, rest) = \
struct.unpack(">LBB90s", rpm)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span><br><span class="Apple-tab-span" \
style="white-space:pre"> </span>if (magic != 0xedabeedb):<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>#print("incorrect lead \
magic")<br><span class="Apple-tab-span" style="white-space:pre"> </span>return \
None<br><span class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>if ((major != 3) and (major != \
4)):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>#print("incorrect lead major")<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>return None<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span># \
http://docs.python.org/library/stdtypes.html<br><span class="Apple-tab-span" \
style="white-space:pre"> </span><br><span class="Apple-tab-span" \
style="white-space:pre"> </span>while (1):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>pos = nel<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>rpm = f.read(16)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>if (len(rpm) != 16):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>#print("error reading header 16.0")<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>return None<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>nel += len(rpm)<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>(smagic, rest) = \
struct.unpack(">H14s", rpm)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>if ((smagic == 0x1f8b) or (smagic == \
0x425a)):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>break<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>if (pos & 0x7):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>pos += 7<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>pos &= (~0x7)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>f.seek(pos, 0)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>nel = pos<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>rpm = f.read(16)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>if (len(rpm) != 16):<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>#print("error reading \
header 16.1")<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>return None<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>nel += len(rpm)<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>left = (len(rpm) - 16)<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>(magic, data, sections, \
bytes, rest) = struct.unpack(">4L" + str(left) + "s", rpm)<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>if (magic != \
0x8eade801):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>#print("incorrect header magic")<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>return None<br><span \
class="Apple-tab-span" style="white-space:pre"> </span># beg custom<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>f.seek(pos + 16, 0)<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>tmp = f.read((16 * sections) \
+ bytes)<br><span class="Apple-tab-span" style="white-space:pre"> </span>head = (rpm \
+ tmp)<br><span class="Apple-tab-span" style="white-space:pre"> </span># end \
custom<br><span class="Apple-tab-span" style="white-space:pre"> </span>pos += \
16<br><span class="Apple-tab-span" style="white-space:pre"> </span>pos += (16 * \
sections)<br><span class="Apple-tab-span" style="white-space:pre"> </span>pos += \
bytes<br><span class="Apple-tab-span" style="white-space:pre"> </span>f.seek(pos, \
0)<br><span class="Apple-tab-span" style="white-space:pre"> </span>nel = \
pos<br><span class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>if ((smagic != 0x1f8b) and \
(smagic != 0x425a)):<br><span class="Apple-tab-span" \
style="white-space:pre"> </span>#print("unknown compression format")<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>return None<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>while (1):<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>tmp = f.read(16384)<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>if (not tmp):<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>break<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>rpm += tmp<br><span \
class="Apple-tab-span" style="white-space:pre"> </span><br><span \
class="Apple-tab-span" style="white-space:pre"> </span>f.close()<br><span \
class="Apple-tab-span" style="white-space:pre"> </span>return [hashlib.md5(head + \
rpm).hexdigest(), hashlib.sha256(head + rpm).hexdigest()]<br>
[Attachment #6 (text/plain)]
--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic