[Yum-devel] [PATCH 2/2] Fix md5 == abort() code path, only generate/trust sha2+ for metalink=>repomd
James Antill
james at and.org
Tue Dec 8 00:10:27 UTC 2009
---
yum/metalink.py | 1 +
yum/repoMDObject.py | 5 +++--
yum/yumRepo.py | 12 +++---------
3 files changed, 7 insertions(+), 11 deletions(-)
diff --git a/yum/metalink.py b/yum/metalink.py
index c7f5f83..24da633 100755
--- a/yum/metalink.py
+++ b/yum/metalink.py
@@ -55,6 +55,7 @@ class MetaLinkFile:
""" Parse the file metadata out of a metalink file. """
def __init__(self, elem):
+ # We aren't "using" any of these, just storing them.
chksums = set(["md5", 'sha1', 'sha256', 'sha512'])
for celem in elem:
diff --git a/yum/repoMDObject.py b/yum/repoMDObject.py
index 9f70f1d..2931816 100755
--- a/yum/repoMDObject.py
+++ b/yum/repoMDObject.py
@@ -94,8 +94,9 @@ class RepoMD:
else:
# srcfile is a file object
infile = srcfile
-
- infile = AutoFileChecksums(infile, ['md5', 'sha1', 'sha256'],
+
+ # We trust any of these to mean the repomd.xml is valid.
+ infile = AutoFileChecksums(infile, ['sha256', 'sha512'],
ignore_missing=True)
parser = iterparse(infile)
diff --git a/yum/yumRepo.py b/yum/yumRepo.py
index 765a595..b97f05a 100644
--- a/yum/yumRepo.py
+++ b/yum/yumRepo.py
@@ -1145,22 +1145,16 @@ class YumRepository(Repository, config.RepoConf):
if repoXML.length != repomd.size:
return False
- # MirrorManager isn't generating sha256 yet, and we should probably
- # not require all of the checksums we produce.
- done = set()
for checksum in repoXML.checksums:
if checksum not in repomd.chksums:
continue
if repoXML.checksums[checksum] != repomd.chksums[checksum]:
return False
- done.add(checksum)
- # Only allow approved checksums, might want to not "approve" of
- # sha1/md5
- for checksum in ('sha512', 'sha256', 'sha1', 'md5'):
- if checksum in done:
- return True
+ # If we don't trust the checksum, then don't generate it in
+ # repoMDObject().
+ return True
return False
--
1.6.5.2
More information about the Yum-devel
mailing list