Check sha1 checksum per repository

Updates.xml contains Checksum variable which can be set to false to skip the archives checksum verification. The variable was read from one arbitrary Updates.xml file and that was used in all downloads. Fixed so that the checksum is read per Updates.xml. This change also speeds up the component generation phase as it no longer needs to read Updates.xml file. Task-number: QTIFW-2805 Task-number: QTIFW-2928 Change-Id: Id28dd370ef200aec67cb85cbbc1d08d925b43c21 Reviewed-by: Arttu Tarkiainen <arttu.tarkiainen@qt.io>
author: Katja Marttila <katja.marttila@qt.io> 2023-01-31 15:57:22 +0200
committer: Katja Marttila <katja.marttila@qt.io> 2023-02-09 07:36:56 +0200
commit: c9d7f2a3f72ced2dd576057b84bf03c6ece260af (patch)
tree: c3efe302ace3c4d544c9ea01b8d923332c921bb9 /tests/auto
parent: 399c010235bdb9079005930e125f301f53153808 (diff)
23 files changed, 303 insertions, 1 deletions
diff --git a/tests/auto/installer/contentsha1check/contentsha1check.pro b/tests/auto/installer/contentsha1check/contentsha1check.pro
new file mode 100644
index 000000000..dd659bffa
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/contentsha1check.pro
@@ -0,0 +1,9 @@
+include(../../qttest.pri)
+
+QT += qml
+
+SOURCES += tst_contentsha1check.cpp
+
+RESOURCES += \
+    settings.qrc \
+    ../shared/config.qrc
diff --git a/tests/auto/installer/contentsha1check/data/config.xml b/tests/auto/installer/contentsha1check/data/config.xml
new file mode 100644
index 000000000..041ce5062
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/config.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Installer>
+    <Name>Your application</Name>
+    <Version>1.2.3</Version>
+    <MaintenanceToolName></MaintenanceToolName>
+    <MaintenanceToolIniFile></MaintenanceToolIniFile>
+    <TargetConfigurationFile></TargetConfigurationFile>
+</Installer>
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z
new file mode 100644
index 000000000..9109d284f
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1
new file mode 100644
index 000000000..564e8290b
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1
@@ -0,0 +1 @@
+eb5a464ab1a33bd1484e9b8f22b2c5f97abdfdf6
+\ No newline at end of file
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z
new file mode 100644
index 000000000..947979354
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1
new file mode 100644
index 000000000..0f2144f0c
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1
@@ -0,0 +1 @@
+7e592e4b96adcefc77f2613100a3bd5e8835cce0
+\ No newline at end of file
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1meta.7z
new file mode 100644
index 000000000..c14f55e4a
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1meta.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/Updates.xml b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/Updates.xml
new file mode 100644
index 000000000..1d2fb780b
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/Updates.xml
@@ -0,0 +1,27 @@
+<Updates>
+ <ApplicationName>{AnyApplication}</ApplicationName>
+ <ApplicationVersion>1.0.0</ApplicationVersion>
+ <Checksum>true</Checksum>
+ <PackageUpdate>
+  <Name>A</Name>
+  <DisplayName>A</DisplayName>
+  <Description>Example component A</Description>
+  <Version>1.0.2-1</Version>
+  <ReleaseDate>2015-01-01</ReleaseDate>
+  <Default>true</Default>
+  <UpdateFile UncompressedSize="74" CompressedSize="215" OS="Any"/>
+  <DownloadableArchives>content.7z</DownloadableArchives>
+  <SHA1>dec2797a059da9303fec87cc0c1dfb0866afeb8f</SHA1>
+ </PackageUpdate>
+ <PackageUpdate>
+  <Name>B</Name>
+  <DisplayName>B</DisplayName>
+  <Description>Example component B</Description>
+  <Version>1.0.0-1</Version>
+  <ReleaseDate>2015-01-01</ReleaseDate>
+  <Default>true</Default>
+  <UpdateFile UncompressedSize="74" CompressedSize="215" OS="Any"/>
+  <DownloadableArchives>content.7z</DownloadableArchives>
+  <SHA1>2370e0b7dae861088c056d2de40c7ab7051bda13</SHA1>
+ </PackageUpdate>
+</Updates>
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z
new file mode 100644
index 000000000..793ce161c
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1
new file mode 100644
index 000000000..641396e0f
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1
@@ -0,0 +1 @@
+2c185d45cb84cec7a71e317f8cfc64dd23094c32
+\ No newline at end of file
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1meta.7z
new file mode 100644
index 000000000..4feab5c34
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1meta.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z
new file mode 100644
index 000000000..f53a705dd
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1
new file mode 100644
index 000000000..daf89acba
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1
@@ -0,0 +1 @@
+d33a5fb638047372e9793b48d6c5ff85da560595
+\ No newline at end of file
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1meta.7z
new file mode 100644
index 000000000..9931c0a7f
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1meta.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/Updates.xml b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/Updates.xml
new file mode 100644
index 000000000..bda013684
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/Updates.xml
@@ -0,0 +1,27 @@
+<Updates>
+ <ApplicationName>{AnyApplication}</ApplicationName>
+ <ApplicationVersion>1.0.0</ApplicationVersion>
+ <Checksum>true</Checksum>
+ <PackageUpdate>
+  <Name>E</Name>
+  <DisplayName>E</DisplayName>
+  <Description>Example component E, invalid checksum</Description>
+  <Version>1.0.2-1</Version>
+  <ReleaseDate>2015-01-01</ReleaseDate>
+  <Default>true</Default>
+  <UpdateFile CompressedSize="215" OS="Any" UncompressedSize="74"/>
+  <DownloadableArchives>content.7z</DownloadableArchives>
+  <SHA1>db7e010425aaaaaaeebc6281a9d4c91e5666fd8f</SHA1>
+ </PackageUpdate>
+ <PackageUpdate>
+  <Name>F</Name>
+  <DisplayName>F</DisplayName>
+  <Description>Example component F</Description>
+  <Version>1.0.0-1</Version>
+  <ReleaseDate>2015-01-01</ReleaseDate>
+  <Default>true</Default>
+  <UpdateFile CompressedSize="215" OS="Any" UncompressedSize="74"/>
+  <DownloadableArchives>content.7z</DownloadableArchives>
+  <SHA1>b69b864cef5d0aecb496273374dd24bb8cba83bd</SHA1>
+ </PackageUpdate>
+</Updates>
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1content.7z
new file mode 100644
index 000000000..f96bfa9a3
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1content.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1meta.7z
new file mode 100644
index 000000000..976c57b43
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1meta.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1content.7z
new file mode 100644
index 000000000..015670af0
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1content.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1meta.7z
new file mode 100644
index 000000000..0b36609d7
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1meta.7z
diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/Updates.xml b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/Updates.xml
new file mode 100644
index 000000000..ae2ba911a
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/Updates.xml
@@ -0,0 +1,27 @@
+<Updates>
+ <ApplicationName>{AnyApplication}</ApplicationName>
+ <ApplicationVersion>1.0.0</ApplicationVersion>
+ <Checksum>false</Checksum>
+ <PackageUpdate>
+  <Name>C</Name>
+  <DisplayName>C</DisplayName>
+  <Description>Example component C</Description>
+  <Version>1.0.2-1</Version>
+  <ReleaseDate>2015-01-01</ReleaseDate>
+  <Default>true</Default>
+  <UpdateFile OS="Any" UncompressedSize="74" CompressedSize="215"/>
+  <DownloadableArchives>content.7z</DownloadableArchives>
+  <SHA1>f82e1d1bbfd252715ace26db8c62595252e28a3b</SHA1>
+ </PackageUpdate>
+ <PackageUpdate>
+  <Name>D</Name>
+  <DisplayName>D</DisplayName>
+  <Description>Example component D</Description>
+  <Version>1.0.0-1</Version>
+  <ReleaseDate>2015-01-01</ReleaseDate>
+  <Default>true</Default>
+  <UpdateFile OS="Any" UncompressedSize="74" CompressedSize="215"/>
+  <DownloadableArchives>content.7z</DownloadableArchives>
+  <SHA1>402f299ec90f215db390b150c9429101344cf1ea</SHA1>
+ </PackageUpdate>
+</Updates>
diff --git a/tests/auto/installer/contentsha1check/settings.qrc b/tests/auto/installer/contentsha1check/settings.qrc
new file mode 100644
index 000000000..e150ea61e
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/settings.qrc
@@ -0,0 +1,18 @@
+<RCC>
+    <qresource prefix="/">
+        <file>data/config.xml</file>
+        <file>data/repositorywithchecksumcheck/Updates.xml</file>
+        <file>data/repositorywithchecksumcheck/A/1.0.2-1content.7z</file>
+        <file>data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1</file>
+        <file>data/repositorywithchecksumcheck/B/1.0.0-1content.7z</file>
+        <file>data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1</file>
+        <file>data/repositorywithnochecksumcheck/Updates.xml</file>
+        <file>data/repositorywithnochecksumcheck/C/1.0.2-1content.7z</file>
+        <file>data/repositorywithnochecksumcheck/D/1.0.0-1content.7z</file>
+        <file>data/repositorywithinvalidchecksum/Updates.xml</file>
+        <file>data/repositorywithinvalidchecksum/E/1.0.2-1content.7z</file>
+        <file>data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1</file>
+        <file>data/repositorywithinvalidchecksum/F/1.0.0-1content.7z</file>
+        <file>data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1</file>
+    </qresource>
+</RCC>
diff --git a/tests/auto/installer/contentsha1check/tst_contentsha1check.cpp b/tests/auto/installer/contentsha1check/tst_contentsha1check.cpp
new file mode 100644
index 000000000..e587d3011
--- /dev/null
+++ b/tests/auto/installer/contentsha1check/tst_contentsha1check.cpp
@@ -0,0 +1,181 @@
+/**************************************************************************
+**
+** Copyright (C) 2023 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the Qt Installer Framework.
+**
+** $QT_BEGIN_LICENSE:GPL-EXCEPT$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 3 as published by the Free Software
+** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+**************************************************************************/
+#include "../shared/packagemanager.h"
+#include "../shared/verifyinstaller.h"
+
+#include <component.h>
+#include <packagemanagercore.h>
+
+#include <QLoggingCategory>
+#include <QTest>
+#include <QMessageBox>
+
+using namespace QInstaller;
+
+typedef QList<QPair<QString, QString> > ComponentResourceHash;
+typedef QPair<QString, QString> ComponentResource;
+
+static QStringList expectedMessages;
+
+void downloadingArchiveOutput(QtMsgType type, const QMessageLogContext &context, const QString &msg)
+{
+    Q_UNUSED(type)
+    Q_UNUSED(context)
+    QByteArray localMsg = msg.toLocal8Bit();
+    if (!msg.startsWith("Downloading archive"))
+        return;
+    if (expectedMessages.contains(msg))
+        expectedMessages.removeOne(msg);
+}
+
+class tst_ContentSha1Check : public QObject
+{
+    Q_OBJECT
+
+private slots:
+
+    void testInstall_data()
+    {
+        QTest::addColumn<QString>("repository");
+        QTest::addColumn<QStringList>("installComponents");
+        QTest::addColumn<PackageManagerCore::Status>("status");
+        QTest::addColumn<ComponentResourceHash>("componentResources");
+        QTest::addColumn<QStringList >("installedFiles");
+        QTest::addColumn<QStringList >("expectedDownloadingArchiveMessages");
+
+        /*********** Install with checksum check **********/
+        ComponentResourceHash componentResources;
+        componentResources.append(ComponentResource("A", "1.0.2-1content.txt"));
+        componentResources.append(ComponentResource("B", "1.0.0-1content.txt"));
+
+        QTest::newRow("Check checksum")
+                << ":///data/repositorywithchecksumcheck"
+                << (QStringList() << "A" << "B")
+                << PackageManagerCore::Success
+                << componentResources
+                << (QStringList() << "components.xml" << "A.txt" << "B.txt")
+                << (QStringList() << "Downloading archive \"1.0.2-1content.7z.sha1\" for component A."
+                                  << "Downloading archive \"1.0.2-1content.7z\" for component A."
+                                  << "Downloading archive \"1.0.0-1content.7z.sha1\" for component B."
+                                  << "Downloading archive \"1.0.0-1content.7z\" for component B.");
+
+        /*********** Install with and without checksum check **********/
+        componentResources.clear();
+        componentResources.append(ComponentResource("C", "1.0.2-1content.txt"));
+        componentResources.append(ComponentResource("D", "1.0.0-1content.txt"));
+
+        QTest::newRow("Without checksum check")
+                << ":///data/repositorywithnochecksumcheck"
+                << (QStringList() << "C" << "D")
+                << PackageManagerCore::Success
+                << componentResources
+                << (QStringList() << "components.xml" << "C.txt" << "D.txt")
+                << (QStringList() << "Downloading archive \"1.0.2-1content.7z\" for component C."
+                                  << "Downloading archive \"1.0.0-1content.7z\" for component D.");
+
+    }
+
+    void testInstallWithInvalidChecksum_data()
+    {
+        QTest::addColumn<QString>("repository");
+        QTest::addColumn<QStringList>("installComponents");
+        QTest::addColumn<PackageManagerCore::Status>("status");
+        QTest::addColumn<ComponentResourceHash>("componentResources");
+        QTest::addColumn<QStringList >("installedFiles");
+
+        /*********** Install with checksum check **********/
+        ComponentResourceHash componentResources;
+
+        QTest::newRow("Invalid checksum")
+                << ":///data/repositorywithinvalidchecksum"
+                << (QStringList() << "E" << "F")
+                << PackageManagerCore::Failure
+                << componentResources
+                << (QStringList());
+    }
+
+    void testInstall()
+    {
+        QFETCH(QString, repository);
+        QFETCH(QStringList, installComponents);
+        QFETCH(PackageManagerCore::Status, status);
+        QFETCH(ComponentResourceHash, componentResources);
+        QFETCH(QStringList, installedFiles);
+        QFETCH(QStringList, expectedDownloadingArchiveMessages);
+
+        expectedMessages = expectedDownloadingArchiveMessages;
+        QScopedPointer<PackageManagerCore> core(PackageManager::getPackageManagerWithInit
+                (m_installDir, repository));
+        qInstallMessageHandler(downloadingArchiveOutput);
+
+        QCOMPARE(status, core->installSelectedComponentsSilently(QStringList() << installComponents));
+        for (const ComponentResource &resource : componentResources)
+            VerifyInstaller::verifyInstallerResources(m_installDir, resource.first, resource.second);
+        VerifyInstaller::verifyFileExistence(m_installDir, installedFiles);
+
+        QVERIFY(expectedMessages.isEmpty());
+    }
+
+    void testInstallWithInvalidChecksum()
+    {
+        QFETCH(QString, repository);
+        QFETCH(QStringList, installComponents);
+        QFETCH(PackageManagerCore::Status, status);
+        QFETCH(ComponentResourceHash, componentResources);
+        QFETCH(QStringList, installedFiles);
+
+        QScopedPointer<PackageManagerCore> core(PackageManager::getPackageManagerWithInit
+                (m_installDir, repository));
+        core->setMessageBoxAutomaticAnswer("DownloadError", QMessageBox::Cancel);
+        core->setMessageBoxAutomaticAnswer("installationError", QMessageBox::Ok);
+
+        QCOMPARE(status, core->installSelectedComponentsSilently(QStringList() << installComponents));
+        QVERIFY(!QDir().exists(m_installDir));
+    }
+
+    void init()
+    {
+        m_installDir = QInstaller::generateTemporaryFileName();
+        QVERIFY(QDir().mkpath(m_installDir));
+    }
+
+    void cleanup()
+    {
+        QDir dir(m_installDir);
+        QVERIFY(dir.removeRecursively());
+    }
+
+private:
+    QString m_installDir;
+    QStringList m_expectedMessages;
+};
+
+
+QTEST_MAIN(tst_ContentSha1Check)
+
+#include "tst_contentsha1check.moc"
diff --git a/tests/auto/installer/installer.pro b/tests/auto/installer/installer.pro
index 9325e71c5..ff070d143 100644
--- a/tests/auto/installer/installer.pro
+++ b/tests/auto/installer/installer.pro
@@ -42,7 +42,8 @@ SUBDIRS += \
     createoffline \
     contentshaupdate \
     componentreplace \
-    metadatacache
+    metadatacache \
+    contentsha1check
 
 CONFIG(libarchive) {
     SUBDIRS += libarchivearchive
author	Katja Marttila <katja.marttila@qt.io>	2023-01-31 15:57:22 +0200
committer	Katja Marttila <katja.marttila@qt.io>	2023-02-09 07:36:56 +0200
commit	c9d7f2a3f72ced2dd576057b84bf03c6ece260af (patch)
tree	c3efe302ace3c4d544c9ea01b8d923332c921bb9 /tests/auto
parent	399c010235bdb9079005930e125f301f53153808 (diff)