Overview

File 0050-checksum-validation-when-zypper-pkg.download.patch of Package salt.3514

From 72099a24e83e3b73ce1624adcdbd5c83310ac615 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
 <psuarezhernandez@suse.com>
Date: Tue, 24 May 2016 11:01:55 +0100
Subject: [PATCH 50/52] checksum validation when zypper pkg.download

check the signature of downloaded RPM files

bugfix: showing errors when a package download fails using zypper pkg.download

Renamed check_sig to checksum and some refactoring

simpler rpm.checksum function
---
 salt/modules/rpm.py    | 26 ++++++++++++++++++++++++++
 salt/modules/zypper.py |  6 +++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/salt/modules/rpm.py b/salt/modules/rpm.py
index 894cdc1..426e566 100644
--- a/salt/modules/rpm.py
+++ b/salt/modules/rpm.py
@@ -601,3 +601,29 @@ def version_cmp(ver1, ver2):
         log.warning("Failed to compare version '{0}' to '{1}' using RPM: {2}".format(ver1, ver2, exc))
 
     return salt.utils.version_cmp(ver1, ver2)
+
+
+def checksum(*paths):
+    '''
+    Return if the signature of a RPM file is valid.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' lowpkg.checksum /path/to/package1.rpm
+        salt '*' lowpkg.checksum /path/to/package1.rpm /path/to/package2.rpm
+    '''
+    ret = dict()
+
+    if not paths:
+        raise CommandExecutionError("No package files has been specified.")
+
+    for package_file in paths:
+        ret[package_file] = (bool(__salt__['file.file_exists'](package_file)) and
+                            not __salt__['cmd.retcode'](["rpm", "-K", "--quiet", package_file],
+                                                        ignore_retcode=True,
+                                                        output_loglevel='trace',
+                                                        python_shell=False))
+
+    return ret
diff --git a/salt/modules/zypper.py b/salt/modules/zypper.py
index c37b382..55ca7bf 100644
--- a/salt/modules/zypper.py
+++ b/salt/modules/zypper.py
@@ -1520,9 +1520,13 @@ def download(*packages, **kwargs):
             'repository-alias': repo.getAttribute("alias"),
             'path': dld_result.getElementsByTagName("localfile")[0].getAttribute("path"),
         }
-        pkg_ret[_get_first_aggregate_text(dld_result.getElementsByTagName("name"))] = pkg_info
+        if __salt__['lowpkg.checksum'](pkg_info['path']):
+            pkg_ret[_get_first_aggregate_text(dld_result.getElementsByTagName("name"))] = pkg_info
 
     if pkg_ret:
+        failed = [pkg for pkg in packages if pkg not in pkg_ret]
+        if failed:
+            pkg_ret['_error'] = ('The following package(s) failed to download: {0}'.format(', '.join(failed)))
         return pkg_ret
 
     raise CommandExecutionError("Unable to download packages: {0}.".format(', '.join(packages)))
-- 
2.8.2
openSUSE Build Service is sponsored by
Places