britney

Merge ~andersson123/britney:no-content-length-check-checksum-instead into ~ubuntu-release/britney/+git/britney2-ubuntu:master

  1. Git
  2. lp:~andersson123/britney
  3. no-content-length-check-checksum-instead
  4. Merge into master
Proposed by Tim Andersson
Status: Needs review
Proposed branch: ~andersson123/britney:no-content-length-check-checksum-instead
Merge into: ~ubuntu-release/britney/+git/britney2-ubuntu:master
Diff against target: 37 lines (+6/-3)
1 file modified
britney2/policies/autopkgtest.py (+6/-3)
Reviewer Review Type Date Requested Status
Brian Murray Needs Fixing
Review via email: mp+464896@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Brian Murray (brian-murray) :
review: Needs Fixing
Reply
Revision history for this message
Tim Andersson (andersson123) wrote :

amended, please re-review

Reply

Unmerged commits

d5c0c1f... by Tim Andersson

feat: check database checksum instead of content-length header

autopkgtest-cloud will now serve:
autopkgtest.ubuntu.com/static/autopkgtest.db.sha256

Britney now calculates the sha256 of the newly downloaded db locally and
checks that it matches the sha256 file served by autopkgtest-cloud,
instead of checking that the content-length header matches the
size of the new downloaded database.

Since the most recent apache2 security update in focal [1], the
content-length header isn't served by default, and it seems that when
it is served it's not entirely accurate. This check has become
brittle, and so we have implemented this new mechanism.

[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2061816

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/britney2/policies/autopkgtest.py b/britney2/policies/autopkgtest.py
2index de7af7b..b8ee55a 100644
3--- a/britney2/policies/autopkgtest.py
4+++ b/britney2/policies/autopkgtest.py
5@@ -30,6 +30,7 @@ import re
6 import socket
7 import sqlite3
8 import sys
9+import hashlib
10 import time
11 import urllib.parse
12 from urllib.error import HTTPError
13@@ -169,8 +170,10 @@ class AutopkgtestPolicy(BasePolicy):
14
15 def fetch_db(self):
16 f = None
17+ local_db_sha = hashlib.sha256()
18 try:
19 f = self.download_retry(self.options.adt_db_url)
20+ chksum = self.download_retry(self.options.adt_db_url + ".sha256").read().rstrip()
21 http_code = f.getcode()
22 # file:/// urls don't have the http niceties
23 if not http_code or http_code == 200:
24@@ -180,10 +183,10 @@ class AutopkgtestPolicy(BasePolicy):
25 data=f.read(2048*1024)
26 if not data:
27 break
28+ local_db_sha.update(data)
29 f_out.write(data)
30- content_length = f.getheader('content-length')
31- if http_code and content_length and os.path.getsize(new_file) != content_length:
32- self.logger.info('Short read downloading autopkgtest results')
33+ if http_code and local_db_sha.hexdigest() != chksum:
34+ self.logger.info("autopkgtest.db local checksum does not match downloaded checksum!")
35 os.unlink(new_file)
36 else:
37 os.rename(new_file, self.database_path)

Subscribers

People subscribed via source and target branches