feat: add support for SHA1 checksum verification and update related documentation

This commit is contained in:
2026-03-23 17:14:18 -05:00
parent 18e376e4f7
commit a5fcf4b916
7 changed files with 76 additions and 8 deletions
Generated
+1
View File
@@ -444,6 +444,7 @@ dependencies = [
"semver",
"serde",
"serde_ignored",
"sha1",
"sha2",
"signal-hook 0.4.3",
"suppaftp",
+1
View File
@@ -46,6 +46,7 @@ serde_ignored = "0.1.14"
lz4_flex = "0.13.0"
lzma-rust2 = "0.16.2"
signal-hook = "0.4.3"
sha1 = "0.10.6"
[dev-dependencies]
tempfile = "=3.27.0"
+38 -2
View File
@@ -25,7 +25,7 @@
use crate::fakeroot;
use anyhow::{Context, Result, bail};
use std::fs;
use std::io::Write;
use std::io::{ErrorKind, Write};
use std::path::{Path, PathBuf};
use std::process::{Command, ExitStatus, Stdio};
@@ -549,7 +549,11 @@ fn run_command_with_optional_stdin(
command.stdin(Stdio::piped());
let mut child = command.spawn()?;
if let Some(mut stdin) = child.stdin.take() {
stdin.write_all(payload.as_bytes())?;
match stdin.write_all(payload.as_bytes()) {
Ok(()) => {}
Err(err) if err.kind() == ErrorKind::BrokenPipe => {}
Err(err) => return Err(err.into()),
}
}
Ok(child.wait()?)
} else {
@@ -674,6 +678,38 @@ needs_paths = true
assert_eq!(out, "install:pre:foo");
}
#[test]
fn run_transaction_hooks_ignores_broken_pipe_for_needs_paths_hooks() {
let tmp = tempfile::tempdir().unwrap();
write_hook(
tmp.path(),
"noop.toml",
r#"
[hook]
name = "noop"
[when]
phase = "pre"
operation = ["install"]
packages = ["foo"]
[exec]
command = "true"
needs_paths = true
"#,
);
let affected = vec!["usr/bin/foo".to_string()];
let ctx = HookExecutionContext {
phase: HookPhase::Pre,
operation: HookOperation::Install,
package: "foo",
affected_paths: &affected,
};
let ran = run_transaction_hooks(tmp.path(), &ctx).unwrap();
assert_eq!(ran, 1);
}
#[test]
fn run_transaction_hooks_respects_negation_and_filters_out() {
let tmp = tempfile::tempdir().unwrap();
+2 -2
View File
@@ -217,7 +217,7 @@ fn prompt_manual_sources() -> Result<Vec<ManualSource>> {
if single_entry {
let checksum = prompt_optional_text(
"Manual source checksum (optional):",
"sha256:/sha512:/md5:/b2:/b2sum:, raw SHA256 hex, or 'skip' (empty omits field)",
"sha256:/sha512:/sha1:/md5:/b2:/b2sum:, raw SHA256 hex, or 'skip' (empty omits field)",
)?;
if !checksum.is_empty() {
manual.sha256 = Some(checksum);
@@ -411,7 +411,7 @@ pub fn create_interactive() -> Result<PackageSpec> {
let source_sha256 = Text::new("Source checksum:")
.with_help_message(
"Accepts sha256:, sha512:, md5:, b2:, b2sum:, or raw SHA256 hex (use 'skip' to bypass)",
"Accepts sha256:, sha512:, sha1:, md5:, b2:, b2sum:, or raw SHA256 hex (use 'skip' to bypass)",
)
.with_default(computed_sha_default.as_str())
.prompt()?;
+1 -1
View File
@@ -3930,7 +3930,7 @@ impl Alternatives {
#[derive(Debug, Clone, serde::Deserialize, serde::Serialize)]
pub struct Source {
pub url: String,
/// Checksum for the source (e.g. `sha256:...`, `sha512:...`, `md5:...`, `b2:...`, `b2sum:...`, or raw SHA256 hex).
/// Checksum for the source (e.g. `sha256:...`, `sha512:...`, `sha1:...`, `md5:...`, `b2:...`, `b2sum:...`, or raw SHA256 hex).
/// Defaults to `skip` when omitted.
#[serde(default = "default_source_sha256")]
pub sha256: String,
+9 -1
View File
@@ -289,6 +289,7 @@ pub fn fetch_archive(spec: &PackageSpec, source: &Source, cache_dir: &Path) -> R
/// Supported formats:
/// - `sha256:<hex>` (or just `<hex>` — default)
/// - `sha512:<hex>`
/// - `sha1:<hex>`
/// - `md5:<hex>`
/// - `b2:<hex>` / `b2sum:<hex>`
/// - `skip` to bypass verification
@@ -732,7 +733,8 @@ mod tests {
}
#[test]
fn verify_checksum_accepts_md5_sha512_b2sum_and_default_sha256() {
fn verify_checksum_accepts_sha1_md5_sha512_b2sum_and_default_sha256() {
use sha1::Sha1;
use sha2::Digest;
use sha2::Sha256;
use sha2::Sha512;
@@ -752,6 +754,11 @@ mod tests {
h.update(b"abc");
format!("{:x}", h.finalize())
};
let sha1_hex = {
let mut h = Sha1::new();
h.update(b"abc");
format!("{:x}", h.finalize())
};
let md5_hex = format!("{:x}", md5::compute(b"abc"));
let b2_hex = b2sum_rust::Blake2bSum::new(64)
@@ -763,6 +770,7 @@ mod tests {
// explicit prefixes
assert!(verify_checksum(tmp.path(), &format!("sha256:{}", sha256_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("sha512:{}", sha512_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("sha1:{}", sha1_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("md5:{}", md5_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("b2:{}", b2_hex)).unwrap());
assert!(verify_checksum(tmp.path(), &format!("b2sum:{}", b2_hex)).unwrap());
+24 -2
View File
@@ -279,8 +279,8 @@ fn copy_manual_source_file(
/// Verify a file against an `expected` checksum string.
///
/// Formats accepted: `sha256:HEX`, `sha512:HEX`, `md5:HEX`, `b2:HEX`,
/// `b2sum:HEX`, or plain `HEX` (assumed sha256).
/// Formats accepted: `sha256:HEX`, `sha512:HEX`, `sha1:HEX`, `md5:HEX`,
/// `b2:HEX`, `b2sum:HEX`, or plain `HEX` (assumed sha256).
fn verify_file_hash(path: &Path, expected: &str) -> Result<bool> {
use anyhow::bail;
use std::io::Read;
@@ -335,6 +335,21 @@ fn verify_file_hash(path: &Path, expected: &str) -> Result<bool> {
let actual = format!("{:x}", hasher.finalize());
Ok(actual == hex)
}
"sha1" => {
use sha1::Sha1;
let mut f = fs::File::open(path)?;
let mut hasher = Sha1::new();
let mut buf = [0u8; 8192];
loop {
let n = f.read(&mut buf)?;
if n == 0 {
break;
}
hasher.update(&buf[..n]);
}
let actual = format!("{:x}", hasher.finalize());
Ok(actual == hex)
}
"md5" => {
let mut ctx = md5::Context::new();
let mut f = fs::File::open(path)?;
@@ -875,6 +890,7 @@ mod tests {
#[test]
fn verify_file_hash_accepts_multiple_algorithms() {
use sha1::Sha1;
use sha2::{Digest, Sha256, Sha512};
let tmp = tempfile::NamedTempFile::new().unwrap();
@@ -890,6 +906,11 @@ mod tests {
h.update(b"abc");
format!("{:x}", h.finalize())
};
let sha1_hex = {
let mut h = Sha1::new();
h.update(b"abc");
format!("{:x}", h.finalize())
};
let md5_hex = format!("{:x}", md5::compute(b"abc"));
let b2_hex = b2sum_rust::Blake2bSum::new(64)
.read(tmp.path())
@@ -898,6 +919,7 @@ mod tests {
assert!(verify_file_hash(tmp.path(), &sha256_hex).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("sha256:{}", sha256_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("sha512:{}", sha512_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("sha1:{}", sha1_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("md5:{}", md5_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("b2:{}", b2_hex)).unwrap());
assert!(verify_file_hash(tmp.path(), &format!("b2sum:{}", b2_hex)).unwrap());