[csw-devel] SF.net SVN: gar:[13116] csw/mgar/gar/v2/lib/web/releases_web.py

[wahwah at users.sourceforge.net]

Revision: 13116
          http://gar.svn.sourceforge.net/gar/?rev=13116&view=rev
Author:   wahwah
Date:     2011-01-29 23:57:10 +0000 (Sat, 29 Jan 2011)

Log Message:
-----------
pkgdb_web: Verify the md5 sum in allpkgs

If a maintainer builds the same package on the same day, the srv4 filename is
identical, but the content isn't.  When checking files in allpkgs for
existence, read the file from disk and verify its md5 sum.

Modified Paths:
--------------
    csw/mgar/gar/v2/lib/web/releases_web.py

Modified: csw/mgar/gar/v2/lib/web/releases_web.py
===================================================================
--- csw/mgar/gar/v2/lib/web/releases_web.py	2011-01-29 23:43:07 UTC (rev 13115)
+++ csw/mgar/gar/v2/lib/web/releases_web.py	2011-01-29 23:57:10 UTC (rev 13116)
@@ -89,6 +89,13 @@
     basename_in_allpkgs = os.path.join(ALLPKGS_DIR, srv4.basename)
     if not os.path.exists(basename_in_allpkgs):
       raise web.notfound()
+    # Verify the hash; the file might already exist with the same filename,
+    # but different content.
+    hash = hashlib.md5()
+    with open(basename_in_allpkgs) as fd:
+      hash.update(fd.read())
+    if not md5_sum == hash.hexdigest():
+      raise web.notfound()
     web.header(
         'Content-type',
         'application/x-vnd.opencsw.pkg;type=srv4-details')
@@ -211,6 +218,11 @@
   target_path = os.path.join(ALLPKGS_DIR, basename)
   fd = None
   try:
+    try:
+      os.unlink(target_path)
+    except OSError, e:
+      # It's okay if we can't unlink the file
+      pass
     fd = os.open(target_path, os.O_WRONLY | os.O_CREAT | os.O_EXCL, 0644)
     os.write(fd, data)
   except IOError, e:


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.