admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

Implement verify_download_integrity for bottle manifests.

Browse Source
This commit is contained in:
Markus Reiter 2024-07-13 16:50:53 -04:00
parent 05f07953fe
commit ae6f43921a
No known key found for this signature in database
GPG Key ID: 245293B51702655B
2 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Library/Homebrew/resource.rb
View File

@ -269,6 +269,8 @@ class Resource < Downloadable
# A resource for a bottle manifest. # A resource for a bottle manifest.
class BottleManifest < Resource class BottleManifest < Resource
class Error < RuntimeError; end
attr_reader :bottle attr_reader :bottle
def initialize(bottle) def initialize(bottle)
@ -277,22 +279,25 @@ class Resource < Downloadable
end end
def verify_download_integrity(_filename) def verify_download_integrity(_filename)
# no-op # We don't have a checksum, but we can at least try parsing it.
tab
rescue Error => e
raise DownloadError.new(self, e)
end end
def tab def tab
json = begin json = begin
JSON.parse(cached_download.read) JSON.parse(cached_download.read)
rescue JSON::ParserError rescue JSON::ParserError
raise "The downloaded GitHub Packages manifest was corrupted or modified (it is not valid JSON): " \ raise Error, "The downloaded GitHub Packages manifest was corrupted or modified (it is not valid JSON): " \
"\n#{cached_download}" "\n#{cached_download}"
end end
manifests = json["manifests"] manifests = json["manifests"]
raise ArgumentError, "Missing 'manifests' section." if manifests.blank? raise Error, "Missing 'manifests' section." if manifests.blank?
manifests_annotations = manifests.filter_map { |m| m["annotations"] } manifests_annotations = manifests.filter_map { |m| m["annotations"] }
raise ArgumentError, "Missing 'annotations' section." if manifests_annotations.blank? raise Error, "Missing 'annotations' section." if manifests_annotations.blank?
bottle_digest = bottle.resource.checksum.hexdigest bottle_digest = bottle.resource.checksum.hexdigest
image_ref = GitHubPackages.version_rebuild(bottle.resource.version, bottle.rebuild, bottle.tag.to_s) image_ref = GitHubPackages.version_rebuild(bottle.resource.version, bottle.rebuild, bottle.tag.to_s)
@ -301,15 +306,15 @@ class Resource < Downloadable
m["org.opencontainers.image.ref.name"] == image_ref m["org.opencontainers.image.ref.name"] == image_ref
end end
raise ArgumentError, "Couldn't find manifest matching bottle checksum." if manifest_annotations.blank? raise Error, "Couldn't find manifest matching bottle checksum." if manifest_annotations.blank?
tab = manifest_annotations["sh.brew.tab"] tab = manifest_annotations["sh.brew.tab"]
raise ArgumentError, "Couldn't find tab from manifest." if tab.blank? raise Error, "Couldn't find tab from manifest." if tab.blank?
begin begin
JSON.parse(tab) JSON.parse(tab)
rescue JSON::ParserError rescue JSON::ParserError
raise ArgumentError, "Couldn't parse tab JSON." raise Error, "Couldn't parse tab JSON."
end end
end end
end end

9
Library/Homebrew/software_spec.rb
View File

@ -392,14 +392,7 @@ class Bottle
def fetch_tab def fetch_tab
return if github_packages_manifest_resource.blank? return if github_packages_manifest_resource.blank?
# a checksum is used later identifying the correct tab but we do not have the checksum for the manifest/tab github_packages_manifest_resource.fetch
github_packages_manifest_resource.fetch(verify_download_integrity: false)
begin
github_packages_manifest_resource.tab
rescue RuntimeError => e
raise DownloadError.new(github_packages_manifest_resource, e)
end
rescue DownloadError rescue DownloadError
raise unless fallback_on_error raise unless fallback_on_error