Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

wapt-signpackages md5 sum

https://forum.tranquil.it/viewtopic.php?t=2350

Page 1 of 1

wapt-signpackages md5 sum

Published: May 11, 2020 - 7:38 PM
by aflorent
Good morning

When I re-sign a package on the WAPT server (version 1.8.1 community), the MD5 hash used to rename the file is incorrect

e.g. I download from your repository

Code: Select all

wget https://wapt.tranquil.it/wapt/tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
The file has the md5 hash 557a981985944927c5a819589e2bb51f, which is found in the file name

Code: Select all

root@wapt:/home/waptrepo/wapt# md5sum tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
557a981985944927c5a819589e2bb51f  tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
I sign this package with my private key

Code: Select all

root@wapt:/home/waptrepo/wapt# wapt-signpackages -c /tmp/key.crt tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt -l debug
2020-05-11 19:26:20,379 DEBUG SUCCESS key /tmp/key.pem match certificate /tmp/key.crt
Processing tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
2020-05-11 19:26:20,381 DEBUG Signing /home/waptrepo/wapt/tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt with key <SSLPrivateKey u'/tmp/key.pem'>, and certificate CN "afl0423"
Done
Don't forget to rescan your repository with wapt-scanpackages
but the file name does not contain the new md5 checksum, but the old one

Code: Select all

root@wapt :/home/waptrepo/wapt# md5sum tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
db9dd60b5d040fbc38b4debea67e1ab6  tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt

Is this normal?
I have the impression that this prevents the package from being installed on the agent because the calculated MD5 checksum does not match either the one in the file name or in the Packages file...

Re: wapt-signpackages sum md5

Published: May 12, 2020 - 1:58 PM
by sfonteneau
No, there is indeed a bug, I'll look into fixing it

Re: wapt-signpackages sum md5

Published: May 12, 2020 - 2:07 PM
by aflorent
Hello,

I managed to fix it by adding
`pe.md5sum=md5_for_file(pe.localpath)`

between the calls to `pe.sign_package` and `newfn = pe.make_package_filename()`

, but perhaps it's better to do it within the `sign_package` function.

Re: wapt-signpackages sum md5

Published: May 12, 2020 - 2:08 PM
by aflorent
Anyway, thank you

Re: wapt-signpackages sum md5

Published: May 19, 2020 - 3:56 PM
by sfonteneau
Unable to reproduce the problem using the following procedure:

Code: Select all

PYTHONPATH=/opt/wapt PYTHONHOME=/opt/wapt python /opt/wapt/wapt-signpackages.py -s --message-digest=sha256,sha1 -c /private/sfonteneau.crt /var/www/wapt/*.wapt
wapt-scanpackages -r -f -ldebug /var/www/wapt/
I'm going to update the documentation

Re: wapt-signpackages sum md5

Published: May 19, 2020 - 4:57 PM
by aflorent
Hello and thank you for your tests.

I just tested it as you did,
adding the call to wapt-scanpackages, but nothing is fixed.

The Packages file contains
: filename: tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt
size: 4655838
md5sum: 557a981985944927c5a819589e2bb51f,

while the MD5 sum is different:
md5sum tis-dnsutils*.wapt
5233389ccb2e3d90175902452ce79e94 tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt.

As a reminder, I Download the Wapt file directly from https://wapt.tranquil.it/wapt without using WaptConsole.

Thank you.

Re: wapt-signpackages sum md5

Published: May 19, 2020 - 5:18 PM
by sfonteneau
I tested it in the latest version; the problem must have been fixed in this one

Re: wapt-signpackages sum md5

Published: May 19, 2020 - 5:55 PM
by aflorent
For my part, it's version 1.8.1.6756-ubuntu-18-43394f3b

What do you mean by the latest version?


another way of looking at the problem
if we rename the downloaded file before signing the package

Code: Select all

mv tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt tis-dnsutils.wapt

 wapt-signpackages -c /tmp/key.crt -l debug --message-digest=sha256,sha1  -s tis-dnsutils*.wapt
2020-05-19 17:53:38,551 DEBUG SUCCESS key /tmp/key.pem match certificate /tmp/key.crt
Processing tis-dnsutils.wapt
2020-05-19 17:53:38,561 DEBUG Signing /home/kwartz/waptrepo/tmp/tis-dnsutils.wapt with key <SSLPrivateKey u'/tmp/key.pem'>, and certificate CN "afl0423"
Renaming file from tis-dnsutils.wapt to tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt to match new package's properties
Done
but the md5 checksum in the filename does not match the calculated one

md5sum tis-dnsutils*.wapt
9620e3834870274b53b084319ace1f00 tis-dnsutils_9.9.6-6_557a981985944927c5a819589e2bb51f.wapt

Re: wapt-signpackages sum md5

Published: May 19, 2020 - 8:52 PM
by sfonteneau
I'm testing with an unreleased nightly build ;) but which will be published soon

The renaming is indeed intentional; you can name your package as you wish.

To force a renaming, use the -r option:

Code: Select all

wapt-scanpackages -r -f /var/www/wapt/
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru