wapt-signpackages md5 sum

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
aflorent
Messages: 13
Registration: Apr 23, 2020 - 5:03 p.m.

May 11, 2020 - 7:38 PM

Good morning

When I re-sign a package on the WAPT server (version 1.8.1 community), the MD5 hash used to rename the file is incorrect

e.g. I download from your repository

Code: Select all

wget https://wapt.tranquil.it/wapt/tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
The file has the md5 hash 557a981985944927c5a819589e2bb51f, which is found in the file name

Code: Select all

root@wapt:/home/waptrepo/wapt# md5sum tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
557a981985944927c5a819589e2bb51f  tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
I sign this package with my private key

Code: Select all

root@wapt:/home/waptrepo/wapt# wapt-signpackages -c /tmp/key.crt tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt -l debug
2020-05-11 19:26:20,379 DEBUG SUCCESS key /tmp/key.pem match certificate /tmp/key.crt
Processing tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
2020-05-11 19:26:20,381 DEBUG Signing /home/waptrepo/wapt/tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt with key <SSLPrivateKey u'/tmp/key.pem'>, and certificate CN "afl0423"
Done
Don't forget to rescan your repository with wapt-scanpackages
but the file name does not contain the new md5 checksum, but the old one

Code: Select all

root@wapt :/home/waptrepo/wapt# md5sum tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
db9dd60b5d040fbc38b4debea67e1ab6  tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt

Is this normal?
I have the impression that this prevents the package from being installed on the agent because the calculated MD5 checksum does not match either the one in the file name or in the Packages file...
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 12, 2020 - 1:58 PM

No, there is indeed a bug, I'll look into fixing it
High
aflorent
Messages: 13
Registration: Apr 23, 2020 - 5:03 p.m.

May 12, 2020 - 2:07 PM

Hello,

I managed to fix it by adding
`pe.md5sum=md5_for_file(pe.localpath)`

between the calls to `pe.sign_package` and `newfn = pe.make_package_filename()`

, but perhaps it's better to do it within the `sign_package` function.
High
aflorent
Messages: 13
Registration: Apr 23, 2020 - 5:03 p.m.

May 12, 2020 - 2:08 PM

Anyway, thank you
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 19, 2020 - 3:56 PM

Unable to reproduce the problem using the following procedure:

Code: Select all

PYTHONPATH=/opt/wapt PYTHONHOME=/opt/wapt python /opt/wapt/wapt-signpackages.py -s --message-digest=sha256,sha1 -c /private/sfonteneau.crt /var/www/wapt/*.wapt
wapt-scanpackages -r -f -ldebug /var/www/wapt/
I'm going to update the documentation
High
aflorent
Messages: 13
Registration: Apr 23, 2020 - 5:03 p.m.

May 19, 2020 - 4:57 PM

Hello and thank you for your tests.

I just tested it as you did,
adding the call to wapt-scanpackages, but nothing is fixed.

The Packages file contains
: filename: tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
size: 4655838
md5sum: 557a981985944927c5a819589e2bb51f,

while the MD5 sum is different:
md5sum tis-dnsutils*.wapt
5233389ccb2e3d90175902452ce79e94 tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt.

As a reminder, I Download the Wapt file directly from https://wapt.tranquil.it/wapt without using WaptConsole.

Thank you.
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 19, 2020 - 5:18 PM

I tested it in the latest version; the problem must have been fixed in this one
High
aflorent
Messages: 13
Registration: Apr 23, 2020 - 5:03 p.m.

May 19, 2020 - 5:55 PM

For my part, it's version 1.8.1.6756-ubuntu-18-43394f3b

What do you mean by the latest version?


another way of looking at the problem
if we rename the downloaded file before signing the package

Code: Select all

mv tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt tis-dnsutils.wapt

 wapt-signpackages -c /tmp/key.crt -l debug --message-digest=sha256,sha1  -s tis-dnsutils*.wapt
2020-05-19 17:53:38,551 DEBUG SUCCESS key /tmp/key.pem match certificate /tmp/key.crt
Processing tis-dnsutils.wapt
2020-05-19 17:53:38,561 DEBUG Signing /home/kwartz/waptrepo/tmp/tis-dnsutils.wapt with key <SSLPrivateKey u'/tmp/key.pem'>, and certificate CN "afl0423"
Renaming file from tis-dnsutils.wapt to tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt to match new package's properties
Done
but the md5 checksum in the filename does not match the calculated one

md5sum tis-dnsutils*.wapt
9620e3834870274b53b084319ace1f00 tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

May 19, 2020 - 8:52 PM

I'm testing with an unreleased nightly build ;) but which will be published soon

The renaming is indeed intentional; you can name your package as you wish.

To force a renaming, use the -r option:

Code: Select all

wapt-scanpackages -r -f /var/www/wapt/
High
Locked

Return to "WAPT Server"


  • To go further with WAPT