638148 – portage-2.3.14 Manifest verification fails for all-numeric checksum

Bug 638148 - portage-2.3.14 Manifest verification fails for all-numeric checksum

Summary: portage-2.3.14 Manifest verification fails for all-numeric checksum

Status:	RESOLVED FIXED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Core - Ebuild Support (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:	InVCS

Depends on:
Blocks:	240187 637452
	Show dependency tree

Reported:	2017-11-19 16:25 UTC by Ulrich Müller
Modified:	2018-02-01 23:59 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
foo-1.ebuild (foo-1.ebuild,320 bytes, text/plain) 2017-11-19 16:26 UTC, Ulrich Müller	Details
Manifest (Manifest,195 bytes, text/plain) 2017-11-19 16:26 UTC, Ulrich Müller	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ulrich Müller gentoo-dev

2017-11-19 16:25:28 UTC

Digest verification fails for a distfile that has an all-numeric checksum, like in the following Manifest line (I've used SHA1 there, but the problem exists for all hashes):

DIST foo-1 9 SHA1 5938266572196464632409940308852871296620 SHA512 ffa28da4b6f28e8acf076afba7553ab6ca097e8b782e3381027e597a0bfa6583800f4e313c6b9860768305d9f9a84d14f9b74ca92217812c6d5ccd6ec315cc66

$ ebuild foo-1.ebuild fetch
!!! Fetched file: foo-1 VERIFY FAILED!
!!! Reason: Insufficient data for checksum verification
!!! Got:      
!!! Expected: BLAKE2B BLAKE2S MD5 RMD160 SHA1 SHA256 SHA512 WHIRLPOOL

It should succeed, because all checksums are correct:
$ sha1sum /usr/portage/distfiles/foo-1
5938266572196464632409940308852871296620  /usr/portage/distfiles/foo-1
$ sha512sum /usr/portage/distfiles/foo-1
ffa28da4b6f28e8acf076afba7553ab6ca097e8b782e3381027e597a0bfa6583800f4e313c6b9860768305d9f9a84d14f9b74ca92217812c6d5ccd6ec315cc66  /usr/portage/distfiles/foo-1

Comment 1 Ulrich Müller gentoo-dev

2017-11-19 16:26:31 UTC

Created attachment 504964 [details]
foo-1.ebuild

Ebuild to reproduce the problem.

Comment 2 Ulrich Müller gentoo-dev

2017-11-19 16:26:58 UTC

Created attachment 504966 [details]
Manifest

Comment 3 Larry the Git Cow gentoo-dev

2017-11-20 18:44:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=b4a444819986e6f4d987ec746dc00508190f1e3c

commit b4a444819986e6f4d987ec746dc00508190f1e3c
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2017-11-19 16:56:50 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2017-11-20 18:38:00 +0000

    portage.manifest: Fix mis-parsing Manifests with numerical checksums
    
    Fix the regular expression used to parse Manifests not to fail horribly
    when one of the checksums accidentally happens to be all-digits.
    
    The previously used regular expression used to greedily take everything
    up to the first number as filename. If one of the checksums happened to
    be purely numeric, this meant that everything up to that checksum was
    taken as filename, and the checksum itself was taken as file size. It
    was also capable of accepting an empty filename.
    
    The updated regular expression uses '\S+' to match filenames. Therefore,
    the match is terminated on first whitespace character and filenames can
    no longer contain spaces. Not that it could ever work reliably.
    
    Spotted by Ulrich Müller.
    
    Bug: https://bugs.gentoo.org/638148
    Reviewed-by: Zac Medico <zmedico@gentoo.org>

 pym/portage/manifest.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}