[bitbake-devel,v3,1/7] bitbake: utils.py: add sha384_file and sha512_file functions

Submitted by Jean-Marie LEMETAYER on Nov. 20, 2019, 9:34 a.m. | Patch ID: 167178

Details

Message ID 20191120093412.11519-2-jean-marie.lemetayer@savoirfairelinux.com
State New
Headers show

Commit Message

Jean-Marie LEMETAYER Nov. 20, 2019, 9:34 a.m.
This commit adds the "sha384_file" and "sha512_file" functions in order
to check the integrity of the downloaded npm packages as npm now use
subresource integrity:

  https://w3c.github.io/webappsec-subresource-integrity

Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer@savoirfairelinux.com>
---
 lib/bb/utils.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

Patch hide | download patch | download mbox

diff --git a/lib/bb/utils.py b/lib/bb/utils.py
index d035949b..34152855 100644
--- a/lib/bb/utils.py
+++ b/lib/bb/utils.py
@@ -562,6 +562,30 @@  def sha1_file(filename):
             s.update(line)
     return s.hexdigest()
 
+def sha384_file(filename):
+    """
+    Return the hex string representation of the SHA384 checksum of the filename
+    """
+    import hashlib
+
+    s = hashlib.sha384()
+    with open(filename, "rb") as f:
+        for line in f:
+            s.update(line)
+    return s.hexdigest()
+
+def sha512_file(filename):
+    """
+    Return the hex string representation of the SHA512 checksum of the filename
+    """
+    import hashlib
+
+    s = hashlib.sha512()
+    with open(filename, "rb") as f:
+        for line in f:
+            s.update(line)
+    return s.hexdigest()
+
 def preserved_envvars_exported():
     """Variables which are taken from the environment and placed in and exported
     from the metadata"""

Comments

Richard Purdie Nov. 22, 2019, 4:26 p.m.
On Wed, 2019-11-20 at 10:34 +0100, Jean-Marie LEMETAYER wrote:
> This commit adds the "sha384_file" and "sha512_file" functions in
> order
> to check the integrity of the downloaded npm packages as npm now use
> subresource integrity:
> 
>   https://w3c.github.io/webappsec-subresource-integrity
> 
> Signed-off-by: Jean-Marie LEMETAYER <
> jean-marie.lemetayer@savoirfairelinux.com>
> ---
>  lib/bb/utils.py | 24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)
> 
> diff --git a/lib/bb/utils.py b/lib/bb/utils.py
> index d035949b..34152855 100644
> --- a/lib/bb/utils.py
> +++ b/lib/bb/utils.py
> @@ -562,6 +562,30 @@ def sha1_file(filename):
>              s.update(line)
>      return s.hexdigest()
>  
> +def sha384_file(filename):
> +    """
> +    Return the hex string representation of the SHA384 checksum of
> the filename
> +    """
> +    import hashlib
> +
> +    s = hashlib.sha384()
> +    with open(filename, "rb") as f:
> +        for line in f:
> +            s.update(line)
> +    return s.hexdigest()
> +
> +def sha512_file(filename):
> +    """
> +    Return the hex string representation of the SHA512 checksum of
> the filename
> +    """
> +    import hashlib
> +
> +    s = hashlib.sha512()
> +    with open(filename, "rb") as f:
> +        for line in f:
> +            s.update(line)
> +    return s.hexdigest()
> +
>  def preserved_envvars_exported():

Note that:
http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9d2fd91844fe387186b780b5457d0c02bea998e7 
merged, so this patch probably needs tweaking to match, thanks.

Cheers,

Richard