From c1f25484ff72ce42fe65621af45c489eb40b181c Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Tue, 14 Jan 2025 23:28:07 +0200 Subject: [PATCH] FIXUP: Invalidate downloaded diffoci helper if checksum differs --- dev_scripts/reproduce.py | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/dev_scripts/reproduce.py b/dev_scripts/reproduce.py index 46467bb..9013e79 100755 --- a/dev_scripts/reproduce.py +++ b/dev_scripts/reproduce.py @@ -39,15 +39,27 @@ def git_verify(commit, source): ) +def diffoci_hash_matches(diffoci): + """Check if the hash of the downloaded diffoci bin matches the expected one.""" + m = hashlib.sha256() + m.update(DIFFOCI_PATH.open().read()) + diffoci_checksum = m.hexdigest() + return diffoci_checksum == DIFFOCI_CHECKSUM + + +def diffoci_exists(): + """Check if the diffoci helper exists, and if the hash matches.""" + if not DIFFOCI_PATH.exists(): + return False + return diffoci_hash_matches(DIFFOCI_PATH.open().read()) + + def diffoci_download(): """Download the diffoci tool, based on a URL and its checksum.""" with urllib.request.urlopen(DIFFOCI_URL) as f: diffoci_bin = f.read() - m = hashlib.sha256() - m.update(diffoci_bin) - diffoci_checksum = m.hexdigest() - if not diffoci_checksum == DIFFOCI_CHECKSUM: + if not diffoci_hash_matches(diffoci_bin): raise ValueError( "Unexpected checksum for downloaded diffoci binary:" f" {diffoci_checksum} !={DIFFOCI_CHECKSUM}" @@ -122,7 +134,7 @@ def main(): commit = git_commit_get() git_verify(commit, args.source) - if not DIFFOCI_PATH.exists(): + if diffoci_exists(): logger.info(f"Downloading diffoci helper from {DIFFOCI_URL}") diffoci_download()