nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-03 04:13:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
571c71e6f7
nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py
Jan Tojnar 4084875660 libxcrypt: Add check for enabledCryptSchemeIds
2023-04-03 00:24:39 +02:00

71 lines
2.4 KiB
Python
Raw Blame History

import tarfile
import sys
def process_columns(line: list[str]) -> tuple[str, list[str]]:
match line:
case [name, h_prefix, nrbytes, flags]:
return (h_prefix, flags.lower().split(","))
case other:
raise Exception("Unsupported hashes.conf line format", other)
def find_tar_file(tar: tarfile.TarFile, requested_name: str):
"""Attempts to find a single file with given name in tarball."""
all_names = tar.getnames()
if requested_name in all_names:
return requested_name
requested_suffix = f"/{requested_name}"
candidate_names = [name for name in all_names if name.endswith(requested_suffix)]
match candidate_names:
case [real_name]:
return real_name
case other:
raise KeyError(
f"Could not locate a single {requested_name} in the contents of the tarball."
)
hashes_path = "lib/hashes.conf"
def main() -> None:
match sys.argv:
case [_name, src, enable_hashes, "--", *enabled_crypt_scheme_ids]:
pass
case other:
raise Exception(
"Incorrect number of arguments. Usage: check_passthru_matches.py <src> <enable_hashes> -- <enabled_crypt_scheme_ids...>"
)
with tarfile.open(src, "r") as tar:
real_hashes_path = find_tar_file(tar, hashes_path)
config = tar.extractfile(real_hashes_path).read().decode("utf-8")
formats = [
process_columns(columns)
for line in config.splitlines()
if not line.startswith("#") and len(columns := line.split()) > 0
]
expected_supported_formats = set(
prefix
for (prefix, flags) in formats
if enable_hashes in flags or enable_hashes == "all"
)
passthru_supported_schemes = set(
f"${scheme}$" for scheme in enabled_crypt_scheme_ids
)
assert (
len(expected_supported_formats - passthru_supported_schemes) == 0
), f"libxcrypt package enables the following crypt schemes that are not listed in passthru.enabledCryptSchemeIds: {expected_supported_formats - passthru_supported_schemes}"
assert (
len(passthru_supported_schemes - expected_supported_formats) == 0
), f"libxcrypt package lists the following crypt schemes in passthru.enabledCryptSchemeIds that are not supported: {passthru_supported_schemes - expected_supported_formats}"
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink