def test_3_fgetattr(self):
"""Check if the fgetattr works with all supported attrs."""
supported = self.__get_supported()
for a in supported:
# av_quarantined file becomes unreadable, skip
if a == "av_quarantined":
continue
portable.fsetattr(self.test_fn, [a])
vattrs = portable.fgetattr(self.test_fn, compact=False)
cattrs = portable.fgetattr(self.test_fn, compact=True)
self.assertTrue(a in vattrs)
self.assertTrue(supported[a] in cattrs)
self.__reset_file()
def verify(self, img, **args):
"""Returns a tuple of lists of the form (errors, warnings,
info). The error list will be empty if the action has been
correctly installed in the given image.
In detail, this verifies that the file is present, and if
the preserve attribute is not present, that the hashes
and other attributes of the file match."""
if self.attrs.get("preserve") == "abandon":
return [], [], []
path = self.get_installed_path(img.get_root())
lstat, errors, warnings, info, abort = \
self.verify_fsobj_common(img, stat.S_IFREG)
if lstat:
if not stat.S_ISREG(lstat.st_mode):
self.replace_required = True
if abort:
assert errors
self.replace_required = True
return errors, warnings, info
if path.lower().endswith("/bobcat") and args["verbose"] == True:
# Returned as a purely informational (untranslated)
# message so that no client should interpret it as a
# reason to fail verification.
info.append("Warning: package may contain bobcat! "
"(http://xkcd.com/325/)")
preserve = self.attrs.get("preserve")
if (preserve is None and "timestamp" in self.attrs and lstat.st_mtime
!= misc.timestamp_to_time(self.attrs["timestamp"])):
errors.append(
_("Timestamp: {found} should be "
"{expected}").format(found=misc.time_to_timestamp(
lstat.st_mtime),
expected=self.attrs["timestamp"]))
# avoid checking pkg.size if we have any content-hashes present;
# different size files may have the same content-hash
pkg_size = int(self.attrs.get("pkg.size", 0))
if preserve is None and pkg_size > 0 and \
not set(digest.DEFAULT_GELF_HASH_ATTRS).intersection(
set(self.attrs.keys())) and \
lstat.st_size != pkg_size:
errors.append(
_("Size: {found:d} bytes should be "
"{expected:d}").format(found=lstat.st_size,
expected=pkg_size))
if (preserve is not None and args["verbose"] == False
or lstat is None):
return errors, warnings, info
if args["forever"] != True:
return errors, warnings, info
#
# Check file contents.
#
try:
# This is a generic mechanism, but only used for libc on
# x86, where the "best" version of libc is lofs-mounted
# on the canonical path, foiling the standard verify
# checks.
is_mtpt = self.attrs.get("mountpoint", "").lower() == "true"
elfhash = None
elferror = None
elf_hash_attr, elf_hash_val, \
elf_hash_func = \
digest.get_preferred_hash(self,
hash_type=pkg.digest.HASH_GELF)
if elf_hash_attr and haveelf and not is_mtpt:
#
# It's possible for the elf module to
# throw while computing the hash,
# especially if the file is badly
# corrupted or truncated.
#
try:
# On path, only calculate the
# content hash that matches
# the preferred one on the
# action
get_elfhash = \
elf_hash_attr == "elfhash"
get_sha256 = (not get_elfhash and elf_hash_func
== digest.GELF_HASH_ALGS["gelf:sha256"])
get_sha512t_256 = (
not get_elfhash and elf_hash_func
== digest.GELF_HASH_ALGS["gelf:sha512t_256"])
elfhash = elf.get_hashes(
path,
elfhash=get_elfhash,
sha256=get_sha256,
sha512t_256=get_sha512t_256)[elf_hash_attr]
if get_elfhash:
elfhash = [elfhash]
else:
elfhash = list(digest.ContentHash(elfhash).values())
except elf.ElfError as e:
# Any ELF error means there is something bad
# with the file, mark as needing to be replaced.
elferror = _("ELF failure: {0}").format(e)
if (elfhash is not None and elf_hash_val != elfhash[0]):
elferror = _("ELF content hash: "
"{found} "
"should be {expected}").format(
found=elfhash[0], expected=elf_hash_val)
# Always check on the file hash because the ELF hash
# check only checks on the ELF parts and does not
# check for some other file integrity issues.
if not is_mtpt:
hash_attr, hash_val, hash_func = \
digest.get_preferred_hash(self)
sha_hash, data = misc.get_data_digest(path,
hash_func=hash_func)
if sha_hash != hash_val:
# Prefer the ELF content hash error message.
if preserve is not None:
info.append(_("editable file has " "been changed"))
elif elferror:
errors.append(elferror)
self.replace_required = True
else:
errors.append(
_("Hash: "
"{found} should be "
"{expected}").format(found=sha_hash,
expected=hash_val))
self.replace_required = True
# Check system attributes.
# Since some attributes like 'archive' or 'av_modified'
# are set automatically by the FS, it makes no sense to
# check for 1:1 matches. So we only check that the
# system attributes specified in the action are still
# set on the file.
sattr = self.attrs.get("sysattr", None)
if sattr:
if isinstance(sattr, list):
sattr = ",".join(sattr)
sattrs = sattr.split(",")
if len(sattrs) == 1 and \
sattrs[0] not in portable.get_sysattr_dict():
# not a verbose attr, try as a compact
set_attrs = portable.fgetattr(path, compact=True)
sattrs = sattrs[0]
else:
set_attrs = portable.fgetattr(path)
for a in sattrs:
if a not in set_attrs:
errors.append(
_("System attribute '{0}' "
"not set").format(a))
except EnvironmentError as e:
if e.errno == errno.EACCES:
errors.append(_("Skipping: Permission Denied"))
else:
errors.append(_("Unexpected Error: {0}").format(e))
except Exception as e:
errors.append(_("Unexpected Exception: {0}").format(e))
return errors, warnings, info
def verify(self, img, **args):
"""Returns a tuple of lists of the form (errors, warnings,
info). The error list will be empty if the action has been
correctly installed in the given image.
In detail, this verifies that the file is present, and if
the preserve attribute is not present, that the hashes
and other attributes of the file match."""
if self.attrs.get("preserve") == "abandon":
return [], [], []
path = self.get_installed_path(img.get_root())
lstat, errors, warnings, info, abort = \
self.verify_fsobj_common(img, stat.S_IFREG)
if lstat:
if not stat.S_ISREG(lstat.st_mode):
self.replace_required = True
if abort:
assert errors
self.replace_required = True
return errors, warnings, info
if path.lower().endswith("/bobcat") and args["verbose"] == True:
# Returned as a purely informational (untranslated)
# message so that no client should interpret it as a
# reason to fail verification.
info.append("Warning: package may contain bobcat! "
"(http://xkcd.com/325/)")
if "preserve" not in self.attrs and \
"timestamp" in self.attrs and lstat.st_mtime != \
misc.timestamp_to_time(self.attrs["timestamp"]):
errors.append(_("Timestamp: {found} should be "
"{expected}").format(
found=misc.time_to_timestamp(lstat.st_mtime),
expected=self.attrs["timestamp"]))
# avoid checking pkg.size if we have any content-hashes present;
# different size files may have the same content-hash
if "preserve" not in self.attrs and \
"pkg.size" in self.attrs and \
not set(digest.RANKED_CONTENT_HASH_ATTRS).intersection(
set(self.attrs.keys())) and \
lstat.st_size != int(self.attrs["pkg.size"]):
errors.append(_("Size: {found:d} bytes should be "
"{expected:d}").format(found=lstat.st_size,
expected=int(self.attrs["pkg.size"])))
if "preserve" in self.attrs:
if args["verbose"] == False or lstat is None:
return errors, warnings, info
if args["forever"] != True:
return errors, warnings, info
#
# Check file contents. At the moment, the only content-hash
# supported in pkg(5) is for ELF files, so this will need work
# when additional content-hashes are added.
#
try:
# This is a generic mechanism, but only used for libc on
# x86, where the "best" version of libc is lofs-mounted
# on the canonical path, foiling the standard verify
# checks.
is_mtpt = self.attrs.get("mountpoint", "").lower() == "true"
elfhash = None
elferror = None
ehash_attr, elfhash_val, hash_func = \
digest.get_preferred_hash(self,
hash_type=pkg.digest.CONTENT_HASH)
if ehash_attr and haveelf and not is_mtpt:
#
# It's possible for the elf module to
# throw while computing the hash,
# especially if the file is badly
# corrupted or truncated.
#
try:
# Annoying that we have to hardcode this
if ehash_attr == \
"pkg.content-hash.sha256":
get_sha256 = True
get_sha1 = False
else:
get_sha256 = False
get_sha1 = True
elfhash = elf.get_dynamic(path,
sha1=get_sha1,
sha256=get_sha256)[ehash_attr]
except RuntimeError as e:
errors.append(
"ELF content hash: {0}".format(e))
if elfhash is not None and \
elfhash != elfhash_val:
elferror = _("ELF content hash: "
"{found} "
"should be {expected}").format(
found=elfhash,
expected=elfhash_val)
# If we failed to compute the content hash, or the
# content hash failed to verify, try the file hash.
# If the content hash fails to match but the file hash
# matches, it indicates that the content hash algorithm
# changed, since obviously the file hash is a superset
# of the content hash.
if (elfhash is None or elferror) and not is_mtpt:
hash_attr, hash_val, hash_func = \
digest.get_preferred_hash(self)
sha_hash, data = misc.get_data_digest(path,
hash_func=hash_func)
if sha_hash != hash_val:
# Prefer the content hash error message.
if "preserve" in self.attrs:
info.append(_(
"editable file has "
"been changed"))
elif elferror:
errors.append(elferror)
self.replace_required = True
else:
errors.append(_("Hash: "
"{found} should be "
"{expected}").format(
found=sha_hash,
expected=hash_val))
self.replace_required = True
# Check system attributes.
# Since some attributes like 'archive' or 'av_modified'
# are set automatically by the FS, it makes no sense to
# check for 1:1 matches. So we only check that the
# system attributes specified in the action are still
# set on the file.
sattr = self.attrs.get("sysattr", None)
if sattr:
sattrs = sattr.split(",")
if len(sattrs) == 1 and \
sattrs[0] not in portable.get_sysattr_dict():
# not a verbose attr, try as a compact
set_attrs = portable.fgetattr(path,
compact=True)
sattrs = sattrs[0]
else:
set_attrs = portable.fgetattr(path)
for a in sattrs:
if a not in set_attrs:
errors.append(
_("System attribute '{0}' "
"not set").format(a))
except EnvironmentError as e:
if e.errno == errno.EACCES:
errors.append(_("Skipping: Permission Denied"))
else:
errors.append(_("Unexpected Error: {0}").format(
e))
except Exception as e:
errors.append(_("Unexpected Exception: {0}").format(e))
return errors, warnings, info
