Lubuntu
/
britney2-ubuntu
mirror of https://git.launchpad.net/~ubuntu-release/britney/+git/britney2-ubuntu
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: check database checksum instead of content-length header

Browse Source 
autopkgtest-cloud will now serve:
autopkgtest.ubuntu.com/static/autopkgtest.db.sha256

Britney now calculates the sha256 of the newly downloaded db locally and
checks that it matches the sha256 file served by autopkgtest-cloud,
instead of checking that the content-length header matches the
size of the new downloaded database.

Since the most recent apache2 security update in focal [1], the
content-length header isn't served by default, and it seems that when
it is served it's not entirely accurate. This check has become
brittle, and so we have implemented this new mechanism.

[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2061816
less-recipients
Tim Andersson 8 months ago
parent 62aa68142d
commit d5c0c1fbb3
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File

9
britney2/policies/autopkgtest.py
Unescape View File

@ -30,6 +30,7 @@ import re
import socket import socket
import sqlite3 import sqlite3
import sys import sys
import hashlib
import time import time
import urllib.parse import urllib.parse
from urllib.error import HTTPError from urllib.error import HTTPError
@ -169,8 +170,10 @@ class AutopkgtestPolicy(BasePolicy):
def fetch_db(self): def fetch_db(self):
f = None f = None
local_db_sha = hashlib.sha256()
try: try:
f = self.download_retry(self.options.adt_db_url) f = self.download_retry(self.options.adt_db_url)
chksum = self.download_retry(self.options.adt_db_url + ".sha256").read().rstrip()
http_code = f.getcode() http_code = f.getcode()
# file:/// urls don't have the http niceties # file:/// urls don't have the http niceties
if not http_code or http_code == 200: if not http_code or http_code == 200:
@ -180,10 +183,10 @@ class AutopkgtestPolicy(BasePolicy):
data=f.read(2048*1024) data=f.read(2048*1024)
if not data: if not data:
break break
local_db_sha.update(data)
f_out.write(data) f_out.write(data)
content_length = f.getheader('content-length') if http_code and local_db_sha.hexdigest() != chksum:
if http_code and content_length and os.path.getsize(new_file) != content_length: self.logger.info("autopkgtest.db local checksum does not match downloaded checksum!")
self.logger.info('Short read downloading autopkgtest results')
os.unlink(new_file) os.unlink(new_file)
else: else:
os.rename(new_file, self.database_path) os.rename(new_file, self.database_path)

Write Preview
Loading…
Cancel
Save