From f558348edfe897764a30d882b8947ddc76af0e5f Mon Sep 17 00:00:00 2001
From: Olav Vitters <ovitters@mageia.org>
Date: Tue, 28 Feb 2012 10:23:35 +0000
Subject: add ability to check hash of original tarball

---
 mgagnome | 44 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

(limited to 'mgagnome')

diff --git a/mgagnome b/mgagnome
index 097e991..b9557f5 100755
--- a/mgagnome
+++ b/mgagnome
@@ -33,6 +33,9 @@ from sgmllib import SGMLParser
 import urllib2
 import urlparse
 
+# for checking hashes
+import hashlib
+
 MEDIA="Core Release Source"
 URL="http://download.gnome.org/sources/"
 PKGROOT='~/pkgs'
@@ -202,6 +205,20 @@ class XzTarFile(tarfile.TarFile):
 if not hasattr(tarfile.TarFile, 'xzopen'):
     tarfile.open = XzTarFile.open
 
+def is_valid_hash(path, algo, hexdigest):
+    if algo not in hashlib.algorithms:
+        raise ValueError("Unknown hash algorithm: %s" % algo)
+
+    local_hash = getattr(hashlib, algo)()
+
+    with open(path, 'rb') as fp:
+        data = fp.read(32768)
+        while data:
+            local_hash.update(data)
+            data = fp.read(32768)
+
+    return local_hash.hexdigest() == hexdigest
+
 class SpecFile(object):
     re_update_version = re.compile(r'^(?P<pre>Version:\s*)(?P<version>.+)(?P<post>\s*)$', re.MULTILINE + re.IGNORECASE)
     re_update_release = re.compile(r'^(?P<pre>Release:\s*)(?P<release>%mkrel \d+)(?P<post>\s*)$', re.MULTILINE + re.IGNORECASE)
@@ -213,6 +230,13 @@ class SpecFile(object):
     @property
     def version(self):
         return subprocess.check_output(["rpm", "--specfile", self.path, "--queryformat", "%{VERSION}\n"]).splitlines()[0]
+    @property
+    def sources(self):
+        ts = rpm.ts()
+        spec = ts.parseSpec(self.path)
+        srclist = spec.sources if isinstance(spec.sources, (list, tuple)) \
+                        else spec.sources()
+        return dict((os.path.basename(name), name) for name, no, flags in srclist)
 
     def update(self, version):
         """Update specfile (increase version)"""
@@ -550,6 +574,20 @@ def cmd_package_new_version(options, parser):
     if not s.update(options.version):
         sys.exit(1)
 
+    # Check hash, if given
+    if options.hexdigest is not None:
+        sources = [name for name, origname in s.sources.iteritems() if '://' in origname]
+        if not len(sources):
+            print >>sys.stderr, "ERROR: Cannot determine source file (for hash check)!"
+            sys.stderr(1)
+
+        for filename in sources:
+            if not is_valid_hash(os.path.join(cwd, "SOURCES", filename), options.algo, options.hexdigest):
+                print >>sys.stderr, "ERROR: Hash file failed check for %s!" % path
+                print >>sys.stderr, "ERROR: Reverting changes!"
+                subprocess.call(['svn', 'revert', '-R', cwd], cwd=cwd)
+                sys.exit(1)
+
     # We can even checkin and submit :-)
     if options.submit:
         try:
@@ -601,8 +639,12 @@ def main():
                                        help="Package name reflects the upstream name")
     subparser.add_argument("-s", "--submit", action="store_true", dest="submit",
                                        help="Commit changes and submit")
+    subparser.add_argument("-a", "--algorithm", choices=hashlib.algorithms, dest="algo",
+                                       help="Hash algorithm")
+    subparser.add_argument("--hash", dest="hexdigest",
+                                       help="Hexdigest of the hash")
     subparser.set_defaults(
-        func=cmd_package_new_version, submit=False, upstream=False
+        func=cmd_package_new_version, submit=False, upstream=False, hexdigest=None, algo="sha256"
     )
 
     if len(sys.argv) == 1:
-- 
cgit v1.2.1