"crypto/sha512"
"encoding/hex"
"encoding/json"
+ "errors"
"hash"
"io"
"io/ioutil"
http.Error(w, err.Error(), http.StatusInternalServerError)
return false
}
- log.Println(r.RemoteAddr, "pypi", pkgName+"."+MetadataFile, "touch")
+ log.Println(r.RemoteAddr, "pypi", pkgName+"/"+MetadataFile, "touch")
}
}
mtimes := make(map[string]time.Time)
hasherNew = blake2b256New
hashSize = blake2b.Size256
default:
- log.Println("error", r.RemoteAddr, "pypi", filename, "unknown digest", hashAlgo)
+ log.Println(
+ "error", r.RemoteAddr, "pypi",
+ filename, "unknown digest", hashAlgo,
+ )
http.Error(w, "unknown digest algorithm", http.StatusBadGateway)
return false
}
if len(digest) != hashSize {
- log.Println("error", r.RemoteAddr, "pypi", filename, "invalid digest length")
+ log.Println(
+ "error", r.RemoteAddr, "pypi",
+ filename, "invalid digest length")
http.Error(w, "invalid digest length", http.StatusBadGateway)
return false
}
http.Error(w, "digest mismatch", http.StatusBadGateway)
return false
}
+ if digestStored, err := ioutil.ReadFile(path + "." + hashAlgo); err == nil &&
+ bytes.Compare(digest, digestStored) != 0 {
+ err = errors.New("stored digest mismatch")
+ log.Println("error", r.RemoteAddr, "pypi", filename, err)
+ os.Remove(dst.Name())
+ dst.Close()
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return false
+ }
if !NoSync {
if err = dst.Sync(); err != nil {
os.Remove(dst.Name())
}
path = path + "." + hashAlgo
stat, err := os.Stat(path)
- if err == nil &&
- (mtimeExists && stat.ModTime().Truncate(time.Second).Equal(mtime)) {
+ if err == nil && (!mtimeExists ||
+ (mtimeExists && stat.ModTime().Truncate(time.Second).Equal(mtime))) {
continue
}
if err != nil && !os.IsNotExist(err) {