From d04b37671716b4cdf6fbec9a5bc35e4a2295fe26 Mon Sep 17 00:00:00 2001 From: "Steven R. Loomis" Date: Tue, 23 Apr 2019 10:01:07 -0700 Subject: [PATCH] build: allow icu download to use other hashes besides md5 - ICU uses sha512 instead of md5 in some recent releases - Use hashlib.algorithms_guaranteed to choose the following algorithms: sha1 sha224 sha384 sha256 sha512 md5 - No preference as to the priority of the algorithms - This commit does not change the hash used for ICU. Fixes: https://github.com/nodejs/node/issues/27369 Reviewed-By: Refael Ackermann Reviewed-by: Ujjwal Sharma Reviewed-by: Richard Lau PR-URL: https://github.com/nodejs/node/pull/27370 --- configure.py | 20 +++++++++++++------- tools/configure.d/nodedownload.py | 16 +++++++++++++--- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/configure.py b/configure.py index 12d68ccfeb2..1dd6da6d2b9 100755 --- a/configure.py +++ b/configure.py @@ -1261,7 +1261,8 @@ def glob_to_var(dir_base, dir_sub, patch_dir): def configure_intl(o): def icu_download(path): - with open('tools/icu/current_ver.dep') as f: + depFile = 'tools/icu/current_ver.dep'; + with open(depFile) as f: icus = json.load(f) # download ICU, if needed if not os.access(options.download_path, os.W_OK): @@ -1270,7 +1271,12 @@ def configure_intl(o): attemptdownload = nodedownload.candownload(auto_downloads, "icu") for icu in icus: url = icu['url'] - md5 = icu['md5'] + (expectHash, hashAlgo, allAlgos) = nodedownload.findHash(icu) + if not expectHash: + error('''Could not find a hash to verify ICU download. + %s may be incorrect. + For the entry %s, + Expected one of these keys: %s''' % (depFile, url, ' '.join(allAlgos))) local = url.split('/')[-1] targetfile = os.path.join(options.download_path, local) if not os.path.isfile(targetfile): @@ -1279,13 +1285,13 @@ def configure_intl(o): else: print('Re-using existing %s' % targetfile) if os.path.isfile(targetfile): - print('Checking file integrity with MD5:\r') - gotmd5 = nodedownload.md5sum(targetfile) - print('MD5: %s %s' % (gotmd5, targetfile)) - if (md5 == gotmd5): + print('Checking file integrity with %s:\r' % hashAlgo) + gotHash = nodedownload.checkHash(targetfile, hashAlgo) + print('%s: %s %s' % (hashAlgo, gotHash, targetfile)) + if (expectHash == gotHash): return targetfile else: - warn('Expected: %s *MISMATCH*' % md5) + warn('Expected: %s *MISMATCH*' % expectHash) warn('\n ** Corrupted ZIP? Delete %s to retry download.\n' % targetfile) return None icu_config = { diff --git a/tools/configure.d/nodedownload.py b/tools/configure.d/nodedownload.py index 8734770fc78..53d2692ed15 100644 --- a/tools/configure.d/nodedownload.py +++ b/tools/configure.d/nodedownload.py @@ -46,9 +46,19 @@ def retrievefile(url, targetfile): print(' ** Error occurred while downloading\n <%s>' % url) raise -def md5sum(targetfile): - """md5sum a file. Return the hex digest.""" - digest = hashlib.md5() +def findHash(dict): + """Find an available hash type.""" + # choose from one of these + availAlgos = hashlib.algorithms_guaranteed + for hashAlgo in availAlgos: + if hashAlgo in dict: + return (dict[hashAlgo], hashAlgo, availAlgos) + # error + return (None, None, availAlgos) + +def checkHash(targetfile, hashAlgo): + """Check a file using hashAlgo. Return the hex digest.""" + digest = hashlib.new(hashAlgo) with open(targetfile, 'rb') as f: chunk = f.read(1024) while chunk != "":