From c883b0ec34698b28d835942eda67234d9c5e4cb4 Mon Sep 17 00:00:00 2001 From: stephen mcquay Date: Sun, 4 Mar 2018 00:54:48 -0800 Subject: [PATCH] verify package contents --- pkg/install.go | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/pkg/install.go b/pkg/install.go index d0dd936..58742c8 100644 --- a/pkg/install.go +++ b/pkg/install.go @@ -2,11 +2,15 @@ package pkg import ( "archive/tar" + "bufio" + "crypto/sha256" + "fmt" "io" "log" "net/http" "os" "path/filepath" + "strings" "github.com/pkg/errors" "mcquay.me/fs" @@ -44,9 +48,13 @@ func Install(root string, pkgs []string) error { } for _, m := range ms { + log.Printf("%+v", m) if err := verifyManifestIntegrity(root, m); err != nil { return errors.Wrap(err, "verifying pkg integrity") } + if err := verifyPkgContents(root, m); err != nil { + return errors.Wrap(err, "verifying pkg contents") + } } return errors.New("NYI") } @@ -98,6 +106,65 @@ func verifyManifestIntegrity(root string, m pm.Meta) error { return nil } +func verifyPkgContents(root string, m pm.Meta) error { + pn := filepath.Join(root, cache, m.Pkg()) + man, err := getReadCloser(pn, "manifest.sha256") + if err != nil { + return errors.Wrap(err, "getting manifest reader") + } + + cs := map[string]string{} + s := bufio.NewScanner(man) + for s.Scan() { + elems := strings.Split(s.Text(), "\t") + if len(elems) != 2 { + return errors.Errorf("manifest format error; got %d elements, want 2", len(elems)) + } + cs[elems[1]] = elems[0] + } + if err := man.Close(); err != nil { + return errors.Wrap(err, "closing manifest reader") + } + if err := s.Err(); err != nil { + return errors.Wrap(err, "scanning manifest") + } + + pf, err := os.Open(pn) + if err != nil { + return errors.Wrap(err, "opening pkg file") + } + tr := tar.NewReader(pf) + for { + hdr, err := tr.Next() + if err == io.EOF { + break + } + if err != nil { + return errors.Wrap(err, "tar traversal") + } + + if hdr.Name == "manifest.sha256" || hdr.Name == "manifest.sha256.asc" { + continue + } + if hdr.FileInfo().IsDir() { + continue + } + sha, ok := cs[hdr.Name] + if !ok { + return errors.Errorf("extra file %q found in tarfile!", hdr.Name) + } + sr := sha256.New() + if n, err := io.Copy(sr, tr); err != nil { + return errors.Wrapf(err, "calculating checksum after %v bytes", n) + } + + if sha != fmt.Sprintf("%x", sr.Sum(nil)) { + return errors.Errorf("%q checksum was incorrect", hdr.Name) + } + } + return nil +} + type tarSlurper struct { f *os.File tr *tar.Reader