Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for verifying downloaded file's SHA-512 hash #574

Closed
wants to merge 6 commits into from
Closed

Add support for verifying downloaded file's SHA-512 hash #574

wants to merge 6 commits into from

Conversation

rei2hu
Copy link

@rei2hu rei2hu commented Aug 7, 2019

For Issue #241.

I have tested this manually with the following commands:
mozdownload --version=latest --verify
mozdownload --version=latest-beta --verify
mozdownload --version=latest-esr --verify
mozdownload --type candidate --version=latest --verify
mozdownload --application=thunderbird --version=latest --verify
mozdownload --type=daily --version=latest --verify
mozdownload --type=daily --version=release --verify
mozdownload --type=daily --version=tinderbox --verify
mozdownload --url=https://raw.github.com/mozilla/mozdownload/master/README.md --verify
For direct downloads there is just a warning that there is no checksum data expected.

I haven't added any tests because I'm not sure of a good way to do so while avoiding actually downloading things.

@coveralls
Copy link

coveralls commented Aug 7, 2019

Coverage Status

Coverage decreased (-4.2%) to 88.196% when pulling a70cc3f on rei2hu:master into dfbac8c on mozilla:master.

@rei2hu rei2hu closed this Sep 12, 2019
@whimboo
Copy link
Contributor

whimboo commented Nov 29, 2019

Hey @rei2hu. Sorry for not having a look earlier on that PR. But it was not correctly listed for me, maybe because you closed it on Sep 12th? Were you aborting your work for this PR? Maybe you can give us some details. Thanks.

@rei2hu
Copy link
Author

rei2hu commented Jul 28, 2020

Haha, actually found this through codetribute again.

@whimboo apologies, I think I ran a script to clean up some outstanding work on github and it must have affected a lot more than I thought it would have. I can re-open but I noticed that someone else may be interested in continuing the work and wouldn't mind deferring.

@kaushiksk hello, I noticed your comment on the issue and while I can't give you any resources, I remember going through the directories manually and finding patterns.

For example, in some directories there is a SHA512SUMS file. Looking through what I wrote, I assume that is what this line is for. It also looks like the location can also change as there is another few lines which looks for a SHA512SUMS file in a different way.

In other directories, you can find the file.checksums pattern - which is what these lines are for I assume.

And also I remember the format of the hash files can differ a little in layout - but the one similarity is that on each line it starts with the hash and ends with the identifier - which is what these lines are looking for.

Well looking over this now, there is one potential problem which it would throw a mismatched hash error if the hashes are ordered the other way around e.g.

c87665b8126a36d6138c94e749d33ad93d634b914b6764d7fde72e818bf1ada6afd30b32b4c7039e47c78f99e13187d6f0d9d3e9665d728d1e0ab2c21dce4c3e sha512 54723290 firefox-38.0a1.en-US.win64-x86_64.zip
802fc112cbdf45fd6b666780a2870d08 md5 54723290 firefox-38.0a1.en-US.win64-x86_64.zip

would work

802fc112cbdf45fd6b666780a2870d08 md5 54723290 firefox-38.0a1.en-US.win64-x86_64.zip
c87665b8126a36d6138c94e749d33ad93d634b914b6764d7fde72e818bf1ada6afd30b32b4c7039e47c78f99e13187d6f0d9d3e9665d728d1e0ab2c21dce4c3e sha512 54723290 firefox-38.0a1.en-US.win64-x86_64.zip

would error, because it checks sha512 against md5 since that is the first line which ends with the identifier. That needs to be fixed at least.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants