[DRE-commits] [gem2deb] 01/03: verify checksums and remove checksums.yaml.gz upon extraction of the gem
Cédric Boutillier
boutil at moszumanska.debian.org
Mon Aug 11 13:29:14 UTC 2014
This is an automated email from the git hooks/post-receive script.
boutil pushed a commit to branch checksums
in repository gem2deb.
commit 41bf9d9f89a0582187ce4fb279539e27b620136c
Author: Cédric Boutillier <boutil at debian.org>
Date: Sat Aug 9 22:01:41 2014 +0200
verify checksums and remove checksums.yaml.gz upon extraction of the gem
---
lib/gem2deb/gem2tgz.rb | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/lib/gem2deb/gem2tgz.rb b/lib/gem2deb/gem2tgz.rb
index 53092a6..1d2800f 100644
--- a/lib/gem2deb/gem2tgz.rb
+++ b/lib/gem2deb/gem2tgz.rb
@@ -15,6 +15,9 @@
require 'fileutils'
require 'tmpdir'
+require 'digest'
+require 'yaml'
+require 'zlib'
require 'gem2deb'
include Gem2Deb
@@ -79,6 +82,7 @@ module Gem2Deb
def extract_gem_contents
Dir.chdir(@target_dir) do
run('tar', 'xfm', gem_full_path)
+ verify_and_strip_checksums if File.exist?('checksums.yaml.gz')
run 'tar xzfm data.tar.gz'
FileUtils.rm_f('data.tar.gz')
run "zcat metadata.gz > metadata.yml"
@@ -102,5 +106,29 @@ module Gem2Deb
FileUtils.rm_rf(@tmp_dir)
end
+ def verify_and_strip_checksums
+ checksums = read_checksums
+ [Digest::SHA1, Digest::SHA512].each do |digest|
+ hash_name = digest.name.sub(/^Digest::/,'')
+ ["data.tar.gz", "metadata.gz"].each do |f|
+ unless correct_checksum?(digest, f, checksums[hash_name][f])
+ puts "E: (#{gem}) the #{hash_name} checksum for #{f} is inconsistent with the one recorded in checksums.yaml.gz"
+ exit(1)
+ end
+ end
+ end
+ FileUtils.rm_f('checksums.yaml.gz')
+ end
+
+ def read_checksums
+ Zlib::GzipReader.open('checksums.yaml.gz') do |checksums_file|
+ YAML.load(checksums_file.read)
+ end
+ end
+
+ def correct_checksum?(digest, f, checksum)
+ digest.file(f).hexdigest == checksum
+ end
+
end
end
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/gem2deb.git
More information about the Pkg-ruby-extras-commits
mailing list