[Checkins] SVN: zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/ evaluate the md5sum and patch-md5sum options to optionally perform checksum tests on downloaded sources and patches

Mon Jun 22 15:05:20 EDT 2009

Log message for revision 101235:
  evaluate the md5sum and patch-md5sum options to optionally perform checksum tests on downloaded sources and patches

Changed:
  U   zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/README.txt
  U   zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/__init__.py

-=-
Modified: zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/README.txt
===================================================================

--- zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/README.txt	2009-06-22 19:02:06 UTC (rev 101234)
+++ zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/README.txt	2009-06-22 19:05:19 UTC (rev 101235)
@@ -5,7 +5,7 @@
     -  bar.tgz
     -  foo.tgz
 
-    >>> distros = start_server(distros)
+    >>> distros_url = start_server(distros)
 
 Let's update a sample buildout to installs it:
 
@@ -17,7 +17,7 @@
     ... [foo]
     ... recipe = zc.recipe.cmmi
     ... url = %sfoo.tgz
-    ... """ % distros)
+    ... """ % distros_url)
 
 We used the url option to specify the location of the archive.
 
@@ -56,7 +56,7 @@
     ... recipe = zc.recipe.cmmi
     ... url = %sfoo.tgz
     ... extra_options = -a -b c
-    ... """ % distros)
+    ... """ % distros_url)
 
     >>> print system('bin/buildout'),
     Uninstalling foo.
@@ -98,7 +98,7 @@
     ... url = %sfoo.tgz
     ... environment =
     ...   CFLAGS=-I/usr/lib/postgresql7.4/include
-    ... """ % distros)
+    ... """ % distros_url)
 
 
     >>> print system('bin/buildout'),
@@ -156,7 +156,7 @@
     ... url = %sfoo.tgz
     ... patch = ${buildout:directory}/patches/config.patch
     ... patch_options = -p0
-    ... """ % distros)
+    ... """ % distros_url)
 
     >>> print system('bin/buildout'),
     Uninstalling foo.
@@ -181,7 +181,7 @@
     ... recipe = zc.recipe.cmmi
     ... url = %s/bar.tgz
     ... autogen = autogen.sh
-    ... """ % distros)
+    ... """ % distros_url)
 
     >>> print system('bin/buildout'),
     Uninstalling foo.
@@ -194,3 +194,78 @@
     building foo
     echo installing foo
     installing foo
+
+When downloading a source archive or a patch, we can optionally make sure of
+its authenticity by supplying an MD5 checksum that must be matched. If it
+matches, we'll not be bothered with the check by buildout's output:
+
+    >>> try: from hashlib import md5
+    ... except ImportError: from md5 import new as md5
+    >>> foo_md5sum = md5(open(join(distros, 'foo.tgz')).read()).hexdigest()
+
+    >>> write('buildout.cfg',
+    ... """
+    ... [buildout]
+    ... parts = foo
+    ...
+    ... [foo]
+    ... recipe = zc.recipe.cmmi
+    ... url = %sfoo.tgz
+    ... md5sum = %s
+    ... """ % (distros_url, foo_md5sum))
+
+    >>> print system('bin/buildout'),
+    Uninstalling foo.
+    Installing foo.
+    foo: Downloading http://localhost/foo.tgz
+    foo: Unpacking and configuring
+    configuring foo --prefix=/sample_buildout/parts/foo
+    echo building foo
+    building foo
+    echo installing foo
+    installing foo
+
+But if the archive doesn't match the checksum, the recipe refuses to install:
+
+    >>> write('buildout.cfg',
+    ... """
+    ... [buildout]
+    ... parts = foo
+    ...
+    ... [foo]
+    ... recipe = zc.recipe.cmmi
+    ... url = %sbar.tgz
+    ... md5sum = %s
+    ... patch = ${buildout:directory}/patches/config.patch
+    ... """ % (distros_url, foo_md5sum))
+
+    >>> print system('bin/buildout'),
+    Uninstalling foo.
+    Installing foo.
+    foo: Downloading http://localhost:20617/bar.tgz
+    While:
+      Installing foo.
+    Error: MD5 checksum mismatch downloading 'http://localhost/bar.tgz'
+
+Similarly, a checksum mismatch for the patch will cause the buildout run to be
+aborted:
+
+    >>> write('buildout.cfg',
+    ... """
+    ... [buildout]
+    ... parts = foo
+    ...
+    ... [foo]
+    ... recipe = zc.recipe.cmmi
+    ... url = %sfoo.tgz
+    ... patch = ${buildout:directory}/patches/config.patch
+    ... patch-md5sum = %s
+    ... """ % (distros_url, foo_md5sum))
+
+    >>> print system('bin/buildout'),
+    Installing foo.
+    foo: Downloading http://localhost:21669/foo.tgz
+    foo: Unpacking and configuring
+    While:
+      Installing foo.
+    Error: MD5 checksum mismatch for local resource at '/.../sample-buildout/patches/config.patch'.

Modified: zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/__init__.py
===================================================================
--- zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/__init__.py	2009-06-22 19:02:06 UTC (rev 101234)
+++ zc.recipe.cmmi/branches/tlotze-download-api/src/zc/recipe/cmmi/__init__.py	2009-06-22 19:05:19 UTC (rev 101235)
@@ -105,7 +105,7 @@
         if not os.path.exists(dest):
             os.mkdir(dest)
 
-        fname = download(self.url)
+        fname = download(self.url, md5sum=self.options.get('md5sum'))
 
         # now unpack and work as normal
         tmp = tempfile.mkdtemp('buildout-'+self.name)
@@ -127,7 +127,8 @@
                 if self.patch is not '':
                     # patch may be a filesystem path or url
                     # url patches can go through the cache
-                    self.patch = download(self.patch)
+                    self.patch = download(
+                        self.patch, md5sum=self.options.get('patch-md5sum'))
                     system("patch %s < %s" % (self.patch_options, self.patch))
                 if self.autogen is not '':
                     logger.info('auto generating configure files')

