Просмотр исходного кода

use unusable-for-security hashes for integrity checks

We want to declare some hashes as not enough for security, so that a
user will need --allow-unauthenticated or similar to get data secured
only by those hashes, but we can still us these hashes for integrity
checks if we got them.
David Kalnischkies лет назад: 11
Родитель
Сommit
63d609985e

+ 6 - 0
apt-pkg/acquire-worker.cc

@@ -407,7 +407,13 @@ bool pkgAcquire::Worker::RunMessages()
 	       else if (Owner->HashesRequired() == true)
 		  consideredOkay = false;
 	       else
+	       {
 		  consideredOkay = true;
+		  // even if the hashes aren't usable to declare something secure
+		  // we can at least use them to declare it an integrity failure
+		  if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
+		     consideredOkay = false;
+	       }
 
 	       if (consideredOkay == true)
 		  consideredOkay = Owner->VerifyDone(Message, Config);

+ 1 - 0
apt-pkg/contrib/hashes.cc

@@ -136,6 +136,7 @@ APT_PURE bool HashString::usable() const				/*{{{*/
       (Type != "MD5Sum")
    );
 }
+									/*}}}*/
 std::string HashString::toStr() const					/*{{{*/
 {
    return Type + ":" + Hash;

+ 25 - 9
test/integration/test-apt-helper

@@ -13,29 +13,45 @@ test_apt_helper_download() {
     echo 'foo' > aptarchive/foo
     echo 'bar' > aptarchive/foo2
 
-    msgtest 'apt-file download-file sha1'
+    msgtest 'apt-file download-file' 'md5sum'
+    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00
+    testfileequal ./downloaded/foo2 'foo'
+
+    msgtest 'apt-file download-file' 'sha1'
     testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
     testfileequal ./downloaded/foo1 'foo'
 
-    msgtest 'apt-file download-file sha256'
+    msgtest 'apt-file download-file' 'sha256'
     testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
     testfileequal ./downloaded/foo3 'foo'
 
-    msgtest 'apt-file download-file no-hash'
+    msgtest 'apt-file download-file' 'no-hash'
     testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo4
     testfileequal ./downloaded/foo4 'foo'
-    
-    msgtest 'apt-file download-file wrong hash'
-    testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 SHA256:aabbcc
+
+    msgtest 'apt-file download-file' 'wrong md5sum'
+    testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 MD5Sum:aabbcc
     testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo  Hash Sum mismatch
 
 E: Download Failed'
     testfileequal ./downloaded/foo5.FAILED 'foo'
 
-    msgtest 'apt-file download-file sha256 sha1'
-    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
-    testfileequal ./downloaded/foo6 'foo'
+    msgtest 'apt-file download-file' 'wrong sha256'
+    testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:aabbcc
+    testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo  Hash Sum mismatch
+
+E: Download Failed'
+    testfileequal ./downloaded/foo6.FAILED 'foo'
+
+    msgtest 'apt-file download-file' 'sha256 sha1'
+    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo8 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+    testfileequal ./downloaded/foo8 'foo'
     testfileequal ./downloaded/foo7 'bar'
+
+    msgtest 'apt-file download-file' 'md5sum sha1'
+    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo9 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 http://localhost:8080/foo2 ./downloaded/foo10 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+    testfileequal ./downloaded/foo9 'foo'
+    testfileequal ./downloaded/foo10 'bar'
 }
 
 test_apt_helper_detect_proxy() {

+ 39 - 17
test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum

@@ -1,8 +1,4 @@
 #!/bin/sh
-#
-# FIXME: this test is mostly meaningless now as we do not consider
-#        md5sum sufficient anyway. useful to test that it errors
-#        if not all hashes pass
 set -e
 
 TESTDIR=$(readlink -f $(dirname $0))
@@ -51,6 +47,15 @@ Checksums-Sha256:
  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
  bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz
 
+Package: pkg-md5-bad
+Binary: pkg-md5-bad
+Version: 1.0
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Files:
+ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
+ bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz
+
 Package: pkg-no-md5
 Binary: pkg-no-md5
 Version: 1.0
@@ -136,12 +141,13 @@ EOF
 # create fetchable files
 for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
 	 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
-	 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree'; do
+	 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
+	 'pkg-md5-bad'; do
 	echo -n 'dsc' > aptarchive/${x}_1.0.dsc
 	echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
 done
 
-setupaptarchive
+setupaptarchive --no-update
 changetowebserver
 testsuccess aptget update
 
@@ -174,6 +180,19 @@ Download complete and in download only mode" aptget source -d "$@"
 	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
 }
 
+testnohash() {
+	#FIXME: Maybe we should fail in this case instead of skipping
+	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+	testsuccessequal "Reading package lists...
+Building dependency tree...
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
+Need to get 0 B of source archives.
+Download complete and in download only mode" aptget source -d "$@"
+	msgtest 'Files are not downloaded for' "$1"
+	testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
+}
+
 testmismatch() {
 	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
 	testfailureequal "Reading package lists...
@@ -193,15 +212,17 @@ E: Failed to fetch some archives." aptget source -d "$@"
 	msgtest 'Files were not download as they have hashsum mismatches for' "$1"
 	testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
 
-	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
-	testsuccessequal "Reading package lists...
+	if [ "$2" != '--allow-unauthenticated' ]; then
+		rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+		testsuccessequal "Reading package lists...
 Building dependency tree...
-Skipping download of file 'pkg-sha256-bad_1.0.dsc' as requested hashsum is not available for authentication
-Skipping download of file 'pkg-sha256-bad_1.0.tar.gz' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
 Need to get 0 B of source archives.
 Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
-	msgtest 'Files were not download as hash is unavailable for' "$1"
-	testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+		msgtest 'Files were not download as hash is unavailable for' "$1"
+		testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+	fi
 
 	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
 	testsuccessequal "Reading package lists...
@@ -214,8 +235,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat
 	testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
 }
 
-#testok pkg-md5-ok
-#testkeep pkg-md5-ok
+testnohash pkg-md5-ok
 testok pkg-sha256-ok
 testkeep pkg-sha256-ok
 
@@ -223,11 +243,13 @@ testkeep pkg-sha256-ok
 # checking the best available hash (as it should), this will trigger
 # a hash mismatch.
 testmismatch pkg-sha256-bad
-testmismatch pkg-sha256-bad
 testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
 
+testnohash pkg-md5-bad
+testmismatch pkg-md5-bad --allow-unauthenticated
+
 # not having MD5 sum doesn't mean the file doesn't exist at all …
-#testok pkg-no-md5
+testok pkg-no-md5
 testok pkg-no-md5 -o Acquire::ForceHash=SHA256
 testsuccessequal "Reading package lists...
 Building dependency tree...
@@ -267,7 +289,7 @@ msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed
 testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz
 
 # it gets even more pathologic: multiple entries for one file, some even disagreeing!
-#testok pkg-md5-agree
+testnohash pkg-md5-agree
 testfailureequal 'Reading package lists...
 Building dependency tree...
 E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree

+ 14 - 0
test/libapt/hashsums_test.cc

@@ -306,6 +306,8 @@ TEST(HashSumsTest, HashStringList)
    EXPECT_EQ(NULL, list.find(NULL));
    EXPECT_EQ(NULL, list.find(""));
    EXPECT_EQ(NULL, list.find("MD5Sum"));
+   EXPECT_EQ(NULL, list.find("ROT26"));
+   EXPECT_EQ(NULL, list.find("SHA1"));
    EXPECT_EQ(0, list.FileSize());
 
    // empty lists aren't equal
@@ -319,6 +321,18 @@ TEST(HashSumsTest, HashStringList)
    EXPECT_FALSE(list.usable());
    EXPECT_EQ(1, list.size());
    EXPECT_EQ(29, list.FileSize());
+   list.push_back(HashString("MD5Sum", "d41d8cd98f00b204e9800998ecf8427e"));
+   EXPECT_FALSE(list.empty());
+   EXPECT_FALSE(list.usable());
+   EXPECT_EQ(2, list.size());
+   EXPECT_EQ(29, list.FileSize());
+   EXPECT_TRUE(NULL != list.find("MD5Sum"));
+   list.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc"));
+   EXPECT_TRUE(list.usable());
+   EXPECT_EQ(3, list.size());
+   EXPECT_EQ(29, list.FileSize());
+   EXPECT_TRUE(NULL != list.find("MD5Sum"));
+   EXPECT_TRUE(NULL != list.find("SHA1"));
 
    Hashes hashes;
    hashes.Add("The quick brown fox jumps over the lazy dog");