Check SHA-256 of .dsc against hash from archive_query (ie projectb) rather than letting dpkg-source do a signature verification. Closes:#737619.

author: Ian Jackson <ijackson@chiark.greenend.org.uk> 2014-08-03 20:43:09 +0100
committer: Ian Jackson <ijackson@chiark.greenend.org.uk> 2014-08-03 20:43:09 +0100
commit: d7c9850a551cfb6391056e064bc032a4cb0d9036 (patch)
tree: 31a6f457757889c617a94f0959ffce17cfd10206 /dgit
parent: 0b8b421a0d2031170d71a8f74c7c1ae4b9bcc458 (diff)
1 files changed, 17 insertions, 5 deletions
diff --git a/dgit b/dgit
index 461e5e6..8517c8a 100755
--- a/dgit
+++ b/dgit
@@ -29,6 +29,7 @@ use File::Basename;
 use Dpkg::Version;
 use POSIX;
 use IPC::Open2;
+use Digest::SHA;
 
 our $our_version = 'UNRELEASED'; ###substituted###
 
@@ -320,7 +321,7 @@ sub url_get {
     return $r->decoded_content();
 }
 
-our ($dscdata,$dscurl,$dsc,$skew_warning_vsn);
+our ($dscdata,$dscurl,$dsc,$dsc_checked,$skew_warning_vsn);
 
 sub shellquote {
     my @out;
@@ -753,7 +754,7 @@ sub archive_query_sshpsql ($$) {
     my ($proto,$data) = @_;
     sql_injection_check $isuite, $package;
     my @rows = sshpsql($data, <<END);
-        SELECT source.version, component.name, files.filename
+        SELECT source.version, component.name, files.filename, files.sha256sum
           FROM source
           JOIN src_associations ON source.id = src_associations.source
           JOIN suite ON suite.id = src_associations.suite
@@ -766,9 +767,10 @@ sub archive_query_sshpsql ($$) {
            AND files.filename LIKE '%.dsc';
 END
     @rows = sort { -version_compare_string($a->[0],$b->[0]) } @rows;
+    my $digester = Digest::SHA->new(256);
     @rows = map {
-	my ($vsn,$component,$filename) = @$_;
-	[ $vsn, "/pool/$component/$filename" ];
+	my ($vsn,$component,$filename,$sha256sum) = @$_;
+	[ $vsn, "/pool/$component/$filename",$digester,$sha256sum ];
     } @rows;
     return @rows;
 }
@@ -838,19 +840,28 @@ sub get_archive_dsc () {
     canonicalise_suite();
     my @vsns = archive_query('archive_query');
     foreach my $vinfo (@vsns) {
-	my ($vsn,$subpath) = @$vinfo;
+	my ($vsn,$subpath,$digester,$digest) = @$vinfo;
 	$dscurl = access_cfg('mirror').$subpath;
 	$dscdata = url_get($dscurl);
 	if (!$dscdata) {
 	    $skew_warning_vsn = $vsn if !defined $skew_warning_vsn;
 	    next;
 	}
+	if ($digester) {
+	    $digester->reset();
+	    $digester->add($dscdata);
+	    my $got = $digester->hexdigest();
+	    $got eq $digest or
+		fail "$dscurl has hash $got but".
+		    " archive told us to expect $digest";
+	}
 	my $dscfh = new IO::File \$dscdata, '<' or die $!;
 	printdebug Dumper($dscdata) if $debug>1;
 	$dsc = parsecontrolfh($dscfh,$dscurl, allow_pgp=>1);
 	printdebug Dumper($dsc) if $debug>1;
 	my $fmt = getfield $dsc, 'Format';
 	fail "unsupported source format $fmt, sorry" unless $format_ok{$fmt};
+	$dsc_checked = !!$digester;
 	return;
     }
     $dsc = undef;
@@ -998,6 +1009,7 @@ sub generate_commit_from_dsc () {
     print D $dscdata or die "$dscfn: $!";
     close D or die "$dscfn: $!";
     my @cmd = qw(dpkg-source);
+    push @cmd, '--no-check' if $dsc_checked;
     push @cmd, qw(-x --), $dscfn;
     runcmd @cmd;
author	Ian Jackson <ijackson@chiark.greenend.org.uk>	2014-08-03 20:43:09 +0100
committer	Ian Jackson <ijackson@chiark.greenend.org.uk>	2014-08-03 20:43:09 +0100
commit	d7c9850a551cfb6391056e064bc032a4cb0d9036 (patch)
tree	31a6f457757889c617a94f0959ffce17cfd10206 /dgit
parent	0b8b421a0d2031170d71a8f74c7c1ae4b9bcc458 (diff)