Merge pull request #103 from rth/sha256-hash

Add support for sha256 checksum

Merge pull request #103 from rth/sha256-hash
Add support for sha256 checksum
e68fb5e0 · Michael Droettboom · GitHub · 7d0accb7 · 4e6abf67 · e68fb5e0
Commit e68fb5e0 authored Aug 06, 2018 by Michael Droettboom Committed by GitHub Aug 06, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 6 deletions

docs/new_packages.md docs/new_packages.md +7 -1

packages/pytz/meta.yaml packages/pytz/meta.yaml +1 -1

tools/buildpkg.py tools/buildpkg.py +9 -4

No files found.
--- a/docs/new_packages.md
+++ b/docs/new_packages.md
@@ -67,7 +67,13 @@ The tarball may be in any of the formats supported by Python's

 #### `source/md5`

-The MD5 checksum of the tarball.  (TODO: More hash types should be supported in the future).
+The MD5 checksum of the tarball. It is recommended to use SHA256 instead of MD5.
+At most one checksum entry should be provided per package.
+
+#### `source/sha256`
+
+The SHA256 checksum of the tarball. It is recommended to use SHA256 instead of MD5.
+At most one checksum entry should be provided per package.

 #### `source/patches`


--- a/packages/pytz/meta.yaml
+++ b/packages/pytz/meta.yaml
@@ -4,7 +4,7 @@ package:

 source:
  url: https://files.pythonhosted.org/packages/10/76/52efda4ef98e7544321fd8d5d512e11739c1df18b0649551aeccfb1c8376/pytz-2018.4.tar.gz
-  md5: f054437920c895dd14a4509fabafe029
+  sha256: c06425302f2cf668f1bba7a0a03f3c1d34d4ebeef2c72003da308b3947c7f749

  patches:
    - patches/dummy-threading.patch
--- a/tools/buildpkg.py
+++ b/tools/buildpkg.py
@@ -22,11 +22,16 @@ def check_checksum(path, pkg):
    """
    Checks that a tarball matches the checksum in the package metadata.
    """
-    if 'md5' not in pkg['source']:
+    checksum_keys = {'md5', 'sha256'}.intersection(pkg['source'])
+    if not checksum_keys:
        return
-    checksum = pkg['source']['md5']
+    elif len(checksum_keys) != 1:
+        raise ValueError('Only one checksum should be included in a package '
+                         'setup; found {}.'.format(checksum_keys))
+    checksum_algorithm = checksum_keys.pop()
+    checksum = pkg['source'][checksum_algorithm]
    CHUNK_SIZE = 1 << 16
-    h = hashlib.md5()
+    h = getattr(hashlib, checksum_algorithm)()
    with open(path, 'rb') as fd:
        while True:
            chunk = fd.read(CHUNK_SIZE)
@@ -34,7 +39,7 @@ def check_checksum(path, pkg):
            if len(chunk) < CHUNK_SIZE:
                break
    if h.hexdigest() != checksum:
-        raise ValueError("Invalid checksum")
+        raise ValueError("Invalid {} checksum".format(checksum_algorithm))


 def download_and_extract(buildpath, packagedir, pkg, args):