Bläddra i källkod

use unusable-for-security hashes for integrity checks

We want to declare some hashes as not enough for security, so that a
user will need --allow-unauthenticated or similar to get data secured
only by those hashes, but we can still us these hashes for integrity
checks if we got them.
David Kalnischkies 11 år sedan
förälder
incheckning
63d609985e

+ 6 - 0
apt-pkg/acquire-worker.cc

@@ -407,7 +407,13 @@ bool pkgAcquire::Worker::RunMessages()
 	       else if (Owner->HashesRequired() == true)
 		  consideredOkay = false;
 	       else
+	       {
 		  consideredOkay = true;
+		  // even if the hashes aren't usable to declare something secure
+		  // we can at least use them to declare it an integrity failure
+		  if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
+		     consideredOkay = false;
+	       }
 
 	       if (consideredOkay == true)
 		  consideredOkay = Owner->VerifyDone(Message, Config);

+ 1 - 0
apt-pkg/contrib/hashes.cc

@@ -136,6 +136,7 @@ APT_PURE bool HashString::usable() const				/*{{{*/
       (Type != "MD5Sum")
    );
 }
+									/*}}}*/
 std::string HashString::toStr() const					/*{{{*/
 {
    return Type + ":" + Hash;

+ 25 - 9
test/integration/test-apt-helper

@@ -13,29 +13,45 @@ test_apt_helper_download() {
     echo 'foo' > aptarchive/foo
     echo 'bar' > aptarchive/foo2
 
-    msgtest 'apt-file download-file sha1'
+    msgtest 'apt-file download-file' 'md5sum'
+    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo2 MD5Sum:d3b07384d113edec49eaa6238ad5ff00
+    testfileequal ./downloaded/foo2 'foo'
+
+    msgtest 'apt-file download-file' 'sha1'
     testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo1 SHA1:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15
     testfileequal ./downloaded/foo1 'foo'
 
-    msgtest 'apt-file download-file sha256'
+    msgtest 'apt-file download-file' 'sha256'
     testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo3 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
     testfileequal ./downloaded/foo3 'foo'
 
-    msgtest 'apt-file download-file no-hash'
+    msgtest 'apt-file download-file' 'no-hash'
     testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo4
     testfileequal ./downloaded/foo4 'foo'
-    
-    msgtest 'apt-file download-file wrong hash'
-    testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 SHA256:aabbcc
+
+    msgtest 'apt-file download-file' 'wrong md5sum'
+    testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo5 MD5Sum:aabbcc
     testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo  Hash Sum mismatch
 
 E: Download Failed'
     testfileequal ./downloaded/foo5.FAILED 'foo'
 
-    msgtest 'apt-file download-file sha256 sha1'
-    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
-    testfileequal ./downloaded/foo6 'foo'
+    msgtest 'apt-file download-file' 'wrong sha256'
+    testfailure --nomsg apthelper -qq download-file http://localhost:8080/foo ./downloaded/foo6 SHA256:aabbcc
+    testfileequal rootdir/tmp/testfailure.output 'E: Failed to fetch http://localhost:8080/foo  Hash Sum mismatch
+
+E: Download Failed'
+    testfileequal ./downloaded/foo6.FAILED 'foo'
+
+    msgtest 'apt-file download-file' 'sha256 sha1'
+    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo8 SHA256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c http://localhost:8080/foo2 ./downloaded/foo7 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+    testfileequal ./downloaded/foo8 'foo'
     testfileequal ./downloaded/foo7 'bar'
+
+    msgtest 'apt-file download-file' 'md5sum sha1'
+    testsuccess --nomsg apthelper download-file http://localhost:8080/foo ./downloaded/foo9 MD5Sum:d3b07384d113edec49eaa6238ad5ff00 http://localhost:8080/foo2 ./downloaded/foo10 SHA1:e242ed3bffccdf271b7fbaf34ed72d089537b42f
+    testfileequal ./downloaded/foo9 'foo'
+    testfileequal ./downloaded/foo10 'bar'
 }
 
 test_apt_helper_detect_proxy() {

+ 39 - 17
test/integration/test-ubuntu-bug-1098738-apt-get-source-md5sum

@@ -1,8 +1,4 @@
 #!/bin/sh
-#
-# FIXME: this test is mostly meaningless now as we do not consider
-#        md5sum sufficient anyway. useful to test that it errors
-#        if not all hashes pass
 set -e
 
 TESTDIR=$(readlink -f $(dirname $0))
@@ -51,6 +47,15 @@ Checksums-Sha256:
  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-sha256-bad_1.0.dsc
  bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-sha256-bad_1.0.tar.gz
 
+Package: pkg-md5-bad
+Binary: pkg-md5-bad
+Version: 1.0
+Maintainer: Joe Sixpack <joe@example.org>
+Architecture: all
+Files:
+ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 3 pkg-md5-bad_1.0.dsc
+ bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 3 pkg-md5-bad_1.0.tar.gz
+
 Package: pkg-no-md5
 Binary: pkg-no-md5
 Version: 1.0
@@ -136,12 +141,13 @@ EOF
 # create fetchable files
 for x in 'pkg-md5-ok' 'pkg-sha256-ok' 'pkg-sha256-bad' 'pkg-no-md5' \
 	 'pkg-mixed-ok' 'pkg-mixed-sha1-bad' 'pkg-mixed-sha2-bad' \
-	 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree'; do
+	 'pkg-md5-agree' 'pkg-md5-disagree' 'pkg-sha256-disagree' \
+	 'pkg-md5-bad'; do
 	echo -n 'dsc' > aptarchive/${x}_1.0.dsc
 	echo -n 'tar' > aptarchive/${x}_1.0.tar.gz
 done
 
-setupaptarchive
+setupaptarchive --no-update
 changetowebserver
 testsuccess aptget update
 
@@ -174,6 +180,19 @@ Download complete and in download only mode" aptget source -d "$@"
 	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
 }
 
+testnohash() {
+	#FIXME: Maybe we should fail in this case instead of skipping
+	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+	testsuccessequal "Reading package lists...
+Building dependency tree...
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
+Need to get 0 B of source archives.
+Download complete and in download only mode" aptget source -d "$@"
+	msgtest 'Files are not downloaded for' "$1"
+	testfailure --nomsg test -e ${1}_1.0.dsc -o -e ${1}_1.0.tar.gz
+}
+
 testmismatch() {
 	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
 	testfailureequal "Reading package lists...
@@ -193,15 +212,17 @@ E: Failed to fetch some archives." aptget source -d "$@"
 	msgtest 'Files were not download as they have hashsum mismatches for' "$1"
 	testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
 
-	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
-	testsuccessequal "Reading package lists...
+	if [ "$2" != '--allow-unauthenticated' ]; then
+		rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
+		testsuccessequal "Reading package lists...
 Building dependency tree...
-Skipping download of file 'pkg-sha256-bad_1.0.dsc' as requested hashsum is not available for authentication
-Skipping download of file 'pkg-sha256-bad_1.0.tar.gz' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.dsc' as requested hashsum is not available for authentication
+Skipping download of file '${1}_1.0.tar.gz' as requested hashsum is not available for authentication
 Need to get 0 B of source archives.
 Download complete and in download only mode" aptget source -d "$@" -o Acquire::ForceHash=ROT26
-	msgtest 'Files were not download as hash is unavailable for' "$1"
-	testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+		msgtest 'Files were not download as hash is unavailable for' "$1"
+		testfailure --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
+	fi
 
 	rm -f ${1}_1.0.dsc ${1}_1.0.tar.gz
 	testsuccessequal "Reading package lists...
@@ -214,8 +235,7 @@ Download complete and in download only mode" aptget source --allow-unauthenticat
 	testsuccess --nomsg test -e ${1}_1.0.dsc -a -e ${1}_1.0.tar.gz
 }
 
-#testok pkg-md5-ok
-#testkeep pkg-md5-ok
+testnohash pkg-md5-ok
 testok pkg-sha256-ok
 testkeep pkg-sha256-ok
 
@@ -223,11 +243,13 @@ testkeep pkg-sha256-ok
 # checking the best available hash (as it should), this will trigger
 # a hash mismatch.
 testmismatch pkg-sha256-bad
-testmismatch pkg-sha256-bad
 testok pkg-sha256-bad -o Acquire::ForceHash=MD5Sum
 
+testnohash pkg-md5-bad
+testmismatch pkg-md5-bad --allow-unauthenticated
+
 # not having MD5 sum doesn't mean the file doesn't exist at all …
-#testok pkg-no-md5
+testok pkg-no-md5
 testok pkg-no-md5 -o Acquire::ForceHash=SHA256
 testsuccessequal "Reading package lists...
 Building dependency tree...
@@ -267,7 +289,7 @@ msgtest 'Only dsc file is downloaded as the tar has hashsum mismatch' 'pkg-mixed
 testsuccess --nomsg test -e pkg-mixed-sha2-bad_1.0.dsc -a ! -e pkg-mixed-sha2-bad_1.0.tar.gz
 
 # it gets even more pathologic: multiple entries for one file, some even disagreeing!
-#testok pkg-md5-agree
+testnohash pkg-md5-agree
 testfailureequal 'Reading package lists...
 Building dependency tree...
 E: Error parsing checksum in Files of source package pkg-md5-disagree' aptget source -d pkg-md5-disagree

+ 14 - 0
test/libapt/hashsums_test.cc

@@ -306,6 +306,8 @@ TEST(HashSumsTest, HashStringList)
    EXPECT_EQ(NULL, list.find(NULL));
    EXPECT_EQ(NULL, list.find(""));
    EXPECT_EQ(NULL, list.find("MD5Sum"));
+   EXPECT_EQ(NULL, list.find("ROT26"));
+   EXPECT_EQ(NULL, list.find("SHA1"));
    EXPECT_EQ(0, list.FileSize());
 
    // empty lists aren't equal
@@ -319,6 +321,18 @@ TEST(HashSumsTest, HashStringList)
    EXPECT_FALSE(list.usable());
    EXPECT_EQ(1, list.size());
    EXPECT_EQ(29, list.FileSize());
+   list.push_back(HashString("MD5Sum", "d41d8cd98f00b204e9800998ecf8427e"));
+   EXPECT_FALSE(list.empty());
+   EXPECT_FALSE(list.usable());
+   EXPECT_EQ(2, list.size());
+   EXPECT_EQ(29, list.FileSize());
+   EXPECT_TRUE(NULL != list.find("MD5Sum"));
+   list.push_back(HashString("SHA1", "cacecbd74968bc90ea3342767e6b94f46ddbcafc"));
+   EXPECT_TRUE(list.usable());
+   EXPECT_EQ(3, list.size());
+   EXPECT_EQ(29, list.FileSize());
+   EXPECT_TRUE(NULL != list.find("MD5Sum"));
+   EXPECT_TRUE(NULL != list.find("SHA1"));
 
    Hashes hashes;
    hashes.Add("The quick brown fox jumps over the lazy dog");