From a92efe252a92f3f0e415ef7db5507095f860ea72 Mon Sep 17 00:00:00 2001
From: Mathieu Bridon <bochecha@daitauha.fr>
Date: Tue, 28 Oct 2014 10:44:22 +0100
Subject: [PATCH] lookaside: Add support for sha512 file hashes

With this change, the upload CGI script will start preferring uploads
hashed as sha512, but still accept md5 as a fallback.

The message emitted on fedmsg is unchanged, because doing so would break
it. We're going to fix that later though.

https://fedorahosted.org/rel-eng/ticket/5846
---
 roles/distgit/files/dist-git-upload.cgi | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/roles/distgit/files/dist-git-upload.cgi b/roles/distgit/files/dist-git-upload.cgi
index e8a357dfed..0fcf821e39 100644
--- a/roles/distgit/files/dist-git-upload.cgi
+++ b/roles/distgit/files/dist-git-upload.cgi
@@ -110,7 +110,19 @@ def main():
 
     form = cgi.FieldStorage()
     name = check_form(form, 'name')
-    checksum = check_form(form, 'md5sum')
+
+    # Search for the file hash, start with stronger hash functions
+    if form.has_key('sha512sum'):
+        checksum = check_form(form, 'sha512sum')
+        hash_type = "sha512"
+
+    elif form.has_key('md5sum'):
+        # Fallback on md5, as it's what we currently use
+        checksum = check_form(form, 'md5sum')
+        hash_type = "md5"
+
+    else:
+        send_error('Required checksum is not present.')
 
     action = None
     upload_file = None
@@ -123,7 +135,7 @@ def main():
         action = 'check'
         filename = check_form(form, 'filename')
         filename = os.path.basename(filename)
-        print >> sys.stderr, '[username=%s] Checking file status: NAME=%s FILENAME=%s %sSUM=%s' % (username, name, filename, "MD5", checksum)
+        print >> sys.stderr, '[username=%s] Checking file status: NAME=%s FILENAME=%s %sSUM=%s' % (username, name, filename, hash_type.upper(), checksum)
     else:
         action = 'upload'
         if form.has_key('file'):
@@ -133,7 +145,7 @@ def main():
             filename = os.path.basename(upload_file.filename)
         else:
             send_error('Required field "file" is not present.')
-        print >> sys.stderr, '[username=%s] Processing upload request: NAME=%s FILENAME=%s %sSUM=%s' % (username, name, filename, "MD5", checksum)
+        print >> sys.stderr, '[username=%s] Processing upload request: NAME=%s FILENAME=%s %sSUM=%s' % (username, name, filename, hash_type.upper(), checksum)
 
     module_dir = os.path.join(CACHE_DIR, name)
     hash_dir =  os.path.join(module_dir, filename, checksum)
@@ -169,7 +181,7 @@ def main():
     tmpfd = open(tmpfile, 'w')
 
     # now read the whole file in
-    m = hashlib.md5()
+    m = getattr(hashlib, hash_type)()
     filesize = 0
     while True:
         data = upload_file.file.read(BUFFER_SIZE)
@@ -184,7 +196,7 @@ def main():
     check_checksum = m.hexdigest()
     if checksum != check_checksum:
         os.unlink(tmpfile)
-        send_error("%s check failed. Received %s instead of %s." % ("MD5", check_checksum, checksum))
+        send_error("%s check failed. Received %s instead of %s." % (hash_type.upper(), check_checksum, checksum))
 
     # wow, even the checksum matches. make sure full path is valid now
     if not os.path.isdir(hash_dir):
@@ -195,7 +207,7 @@ def main():
     os.chmod(dest_file, 0644)
 
     print >> sys.stderr, '[username=%s] Stored %s (%d bytes)' % (username, dest_file, filesize)
-    print 'File %s size %d %s %s stored OK' % (filename, filesize, "MD5", checksum)
+    print 'File %s size %d %s %s stored OK' % (filename, filesize, hash_type.upper(), checksum)
     send_email(name, checksum, filename, username)
 
     # Emit a fedmsg message.  Load the config to talk to the fedmsg-relay.