Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test for invalid hash algorithm for package checksum #108

Merged
merged 7 commits into from
Sep 11, 2023
Merged

Add test for invalid hash algorithm for package checksum #108

merged 7 commits into from
Sep 11, 2023

Conversation

atodorov
Copy link
Contributor

No description provided.

atodorov
atodorov commented Aug 11, 2023
View reviewed changes
Copy link
Contributor Author

@atodorov atodorov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@achilleas-k I wasn't expecting the test to pass in its current form. Can you review ?

@atodorov atodorov requested a review from achilleas-k August 11, 2023 08:12
@achilleas-k achilleas-k force-pushed the more_tests_for_hashing_algorithms branch from ce2e5f6 to 7e8f607 Compare August 21, 2023 16:14
@achilleas-k
Copy link
Member

I added validation to sources for the checksums. I moved the validation into the sources instead of the inputs to mirror what we actually do in osbuild. The checksums are defined per-source, meaning different source types have different checksum requirements. So I did the same here and added a checksum validation for curl sources that represent rpm packages.
I also moved the test you added to match.

I also kept the old checksum validator in the file inputs.

@achilleas-k achilleas-k marked this pull request as ready for review August 21, 2023 16:16
thozza
thozza reviewed Aug 22, 2023
View reviewed changes
Copy link
Member

@thozza thozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a few inline comments. Otherwise, the PR looks good 👍

atodorov
atodorov commented Aug 22, 2023
View reviewed changes
Copy link
Contributor Author

@atodorov atodorov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test LGTM.

achilleas-k and others added 6 commits September 7, 2023 16:10
@achilleas-k
osbuild: helper functions for curl and ostree sources
3cfb2a6 
The inline and skopeo sources have constructors for the source itself
(New...Source()) and the items (New...Item()) as well as an AddItem()
method.  These are convenient and make source creation consistent and
easier to validate.  Add the same functions for curl and ostree sources.

For the curl source, the method is called AddPackage() because
technically the source supports downloading any type of file.
@achilleas-k
osbuild: validate curl source package digest
1a282e8 
Check that the package checksum is valid when creating a CurlSourceItem
of that type.  The regex matches the one in the osbuild source schema.
@achilleas-k
osbuild: validate skopeo source item when creating
4a1c8b6 
Run the item's validate() method immediately after creating it in the
constructor function.
@achilleas-k
osbuild: use helper functions to generate sources
2968459 
Use the new helper functions to generate all the sources in
GenSources().
@atodorov @achilleas-k
osbuild: test package checksum validation
67c4d91 
Co-Authored-By: Achilleas Koutsou <[email protected]>
@achilleas-k
osbuild: propagate package validation error up to GenSources()
04a4a49 
Check the error value returned from curl.AddPackage() in GenSources()
and pass it up to the Serialize() function where it's called.
@achilleas-k achilleas-k force-pushed the more_tests_for_hashing_algorithms branch from 7e8f607 to 04a4a49 Compare September 7, 2023 14:10
@atodorov atodorov requested a review from thozza September 7, 2023 14:12
thozza
thozza approved these changes Sep 11, 2023
View reviewed changes
Copy link
Member

@thozza thozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Thanks.

@thozza thozza added this pull request to the merge queue Sep 11, 2023
Merged via the queue into main with commit 312d87c Sep 11, 2023
@achilleas-k achilleas-k deleted the more_tests_for_hashing_algorithms branch September 11, 2023 16:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thozza thozza thozza approved these changes

@achilleas-k achilleas-k Awaiting requested review from achilleas-k

@ondrejbudai ondrejbudai Awaiting requested review from ondrejbudai

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@atodorov @achilleas-k @thozza