bstein/metis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

image: accept md5 checksums for vendor archives

Browse Source
This commit is contained in:
Brad Stein 2026-04-01 12:52:13 -03:00
parent eb77c94db3
commit 36069790ad
2 changed files with 34 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/image/download.go
View File

@ -2,6 +2,7 @@ package image
import ( import (
"archive/zip" "archive/zip"
"crypto/md5"
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
"errors" "errors"
@ -159,26 +160,39 @@ func decompressZIP(src, dest string) error {
return out.Sync() return out.Sync()
} }
// VerifyChecksum checks sha256 in the form "sha256:<hex>". // VerifyChecksum checks hashes in the form "sha256:<hex>" or "md5:<hex>".
func VerifyChecksum(path, checksum string) error { func VerifyChecksum(path, checksum string) error {
if checksum == "" { if checksum == "" {
return nil return nil
} }
parts := strings.SplitN(checksum, ":", 2) parts := strings.SplitN(checksum, ":", 2)
if len(parts) != 2 || parts[0] != "sha256" { if len(parts) != 2 {
return errors.New("unsupported checksum format; use sha256:<hex>") return errors.New("unsupported checksum format; use sha256:<hex> or md5:<hex>")
} }
algo := strings.ToLower(strings.TrimSpace(parts[0]))
expected := strings.ToLower(parts[1]) expected := strings.ToLower(parts[1])
f, err := os.Open(path) f, err := os.Open(path)
if err != nil { if err != nil {
return err return err
} }
defer f.Close() defer f.Close()
h := sha256.New() var sum string
if _, err := io.Copy(h, f); err != nil { switch algo {
return err case "sha256":
h := sha256.New()
if _, err := io.Copy(h, f); err != nil {
return err
}
sum = hex.EncodeToString(h.Sum(nil))
case "md5":
h := md5.New()
if _, err := io.Copy(h, f); err != nil {
return err
}
sum = hex.EncodeToString(h.Sum(nil))
default:
return errors.New("unsupported checksum format; use sha256:<hex> or md5:<hex>")
} }
sum := hex.EncodeToString(h.Sum(nil))
if sum != expected { if sum != expected {
return fmt.Errorf("checksum mismatch: expected %s got %s", expected, sum) return fmt.Errorf("checksum mismatch: expected %s got %s", expected, sum)
} }

13
pkg/image/download_test.go
View File

@ -2,6 +2,7 @@ package image
import ( import (
"archive/zip" "archive/zip"
"crypto/md5"
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
"os" "os"
@ -160,6 +161,18 @@ func TestDownloadAndVerifyUsesArchiveChecksumForZIP(t *testing.T) {
} }
} }
func TestVerifyChecksumAcceptsMD5(t *testing.T) {
dir := t.TempDir()
path := filepath.Join(dir, "sample.img")
if err := os.WriteFile(path, []byte("metis-md5-test"), 0o644); err != nil {
t.Fatalf("WriteFile: %v", err)
}
sum := md5.Sum([]byte("metis-md5-test"))
if err := VerifyChecksum(path, "md5:"+hex.EncodeToString(sum[:])); err != nil {
t.Fatalf("VerifyChecksum md5: %v", err)
}
}
func writeTestZIP(path string, files map[string]string) error { func writeTestZIP(path string, files map[string]string) error {
out, err := os.Create(path) out, err := os.Create(path)
if err != nil { if err != nil {