Commit e88ef6bb authored by David Chaiken's avatar David Chaiken

net_fetcher: missing checksum raises exception

parent 837460ae
......@@ -214,6 +214,18 @@ EOH
end
end
class ChecksumMissing < Error
def initialize(software)
super <<-EOH
Verification for #{software.name} failed due to a missing checksum.
This added security check is used to prevent MITM attacks when downloading the
remote file. You must specify a checksum for each version of software downloaded
from a remote location.
EOH
end
end
class ChecksumMismatch < Error
def initialize(software, expected, actual)
super <<-EOH
......
......@@ -229,12 +229,16 @@ module Omnibus
#
# The digest type defined in the software definition
#
# @raise [ChecksumMissing]
# if the checksum does not exist
#
# @return [Symbol]
#
def digest_type
DIGESTS.each do |digest|
return digest if source.key? digest
end
raise ChecksumMissing.new(self)
end
#
......
......@@ -96,7 +96,7 @@ module Omnibus
when 1
from_hash_v1(manifest_data)
else
raise InvalidManifestFormat, "Unknown manifest fromat version: #{manifest_data['manifest_format']}"
raise InvalidManifestFormat, "Unknown manifest format version: #{manifest_data['manifest_format']}"
end
end
......
......@@ -137,6 +137,16 @@ module Omnibus
end
end
context 'source with no checksum' do
let(:source) do
{ url: source_url }
end
it 'raises an exception' do
expect { fetch! }.to raise_error(ChecksumMissing)
end
end
context 'source with sha1' do
let(:source) do
{ url: source_url, sha1: source_sha1 }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment