diff options
author | Katja Marttila <katja.marttila@qt.io> | 2023-01-31 15:57:22 +0200 |
---|---|---|
committer | Katja Marttila <katja.marttila@qt.io> | 2023-02-09 07:36:56 +0200 |
commit | c9d7f2a3f72ced2dd576057b84bf03c6ece260af (patch) | |
tree | c3efe302ace3c4d544c9ea01b8d923332c921bb9 /tests/auto | |
parent | 399c010235bdb9079005930e125f301f53153808 (diff) |
Check sha1 checksum per repository
Updates.xml contains Checksum variable which can be set to false to
skip the archives checksum verification. The variable was read from one
arbitrary Updates.xml file and that was used in all downloads. Fixed so
that the checksum is read per Updates.xml. This change also speeds up
the component generation phase as it no longer needs to read Updates.xml
file.
Task-number: QTIFW-2805
Task-number: QTIFW-2928
Change-Id: Id28dd370ef200aec67cb85cbbc1d08d925b43c21
Reviewed-by: Arttu Tarkiainen <arttu.tarkiainen@qt.io>
Diffstat (limited to 'tests/auto')
23 files changed, 303 insertions, 1 deletions
diff --git a/tests/auto/installer/contentsha1check/contentsha1check.pro b/tests/auto/installer/contentsha1check/contentsha1check.pro new file mode 100644 index 000000000..dd659bffa --- /dev/null +++ b/tests/auto/installer/contentsha1check/contentsha1check.pro @@ -0,0 +1,9 @@ +include(../../qttest.pri) + +QT += qml + +SOURCES += tst_contentsha1check.cpp + +RESOURCES += \ + settings.qrc \ + ../shared/config.qrc diff --git a/tests/auto/installer/contentsha1check/data/config.xml b/tests/auto/installer/contentsha1check/data/config.xml new file mode 100644 index 000000000..041ce5062 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/config.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Installer> + <Name>Your application</Name> + <Version>1.2.3</Version> + <MaintenanceToolName></MaintenanceToolName> + <MaintenanceToolIniFile></MaintenanceToolIniFile> + <TargetConfigurationFile></TargetConfigurationFile> +</Installer> diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z Binary files differnew file mode 100644 index 000000000..9109d284f --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1 new file mode 100644 index 000000000..564e8290b --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1 @@ -0,0 +1 @@ +eb5a464ab1a33bd1484e9b8f22b2c5f97abdfdf6
\ No newline at end of file diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z Binary files differnew file mode 100644 index 000000000..947979354 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1 new file mode 100644 index 000000000..0f2144f0c --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1 @@ -0,0 +1 @@ +7e592e4b96adcefc77f2613100a3bd5e8835cce0
\ No newline at end of file diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1meta.7z Binary files differnew file mode 100644 index 000000000..c14f55e4a --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/B/1.0.0-1meta.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/Updates.xml b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/Updates.xml new file mode 100644 index 000000000..1d2fb780b --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithchecksumcheck/Updates.xml @@ -0,0 +1,27 @@ +<Updates> + <ApplicationName>{AnyApplication}</ApplicationName> + <ApplicationVersion>1.0.0</ApplicationVersion> + <Checksum>true</Checksum> + <PackageUpdate> + <Name>A</Name> + <DisplayName>A</DisplayName> + <Description>Example component A</Description> + <Version>1.0.2-1</Version> + <ReleaseDate>2015-01-01</ReleaseDate> + <Default>true</Default> + <UpdateFile UncompressedSize="74" CompressedSize="215" OS="Any"/> + <DownloadableArchives>content.7z</DownloadableArchives> + <SHA1>dec2797a059da9303fec87cc0c1dfb0866afeb8f</SHA1> + </PackageUpdate> + <PackageUpdate> + <Name>B</Name> + <DisplayName>B</DisplayName> + <Description>Example component B</Description> + <Version>1.0.0-1</Version> + <ReleaseDate>2015-01-01</ReleaseDate> + <Default>true</Default> + <UpdateFile UncompressedSize="74" CompressedSize="215" OS="Any"/> + <DownloadableArchives>content.7z</DownloadableArchives> + <SHA1>2370e0b7dae861088c056d2de40c7ab7051bda13</SHA1> + </PackageUpdate> +</Updates> diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z Binary files differnew file mode 100644 index 000000000..793ce161c --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1 new file mode 100644 index 000000000..641396e0f --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1 @@ -0,0 +1 @@ +2c185d45cb84cec7a71e317f8cfc64dd23094c32
\ No newline at end of file diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1meta.7z Binary files differnew file mode 100644 index 000000000..4feab5c34 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/E/1.0.2-1meta.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z Binary files differnew file mode 100644 index 000000000..f53a705dd --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1 b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1 new file mode 100644 index 000000000..daf89acba --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1 @@ -0,0 +1 @@ +d33a5fb638047372e9793b48d6c5ff85da560595
\ No newline at end of file diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1meta.7z Binary files differnew file mode 100644 index 000000000..9931c0a7f --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/F/1.0.0-1meta.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/Updates.xml b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/Updates.xml new file mode 100644 index 000000000..bda013684 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithinvalidchecksum/Updates.xml @@ -0,0 +1,27 @@ +<Updates> + <ApplicationName>{AnyApplication}</ApplicationName> + <ApplicationVersion>1.0.0</ApplicationVersion> + <Checksum>true</Checksum> + <PackageUpdate> + <Name>E</Name> + <DisplayName>E</DisplayName> + <Description>Example component E, invalid checksum</Description> + <Version>1.0.2-1</Version> + <ReleaseDate>2015-01-01</ReleaseDate> + <Default>true</Default> + <UpdateFile CompressedSize="215" OS="Any" UncompressedSize="74"/> + <DownloadableArchives>content.7z</DownloadableArchives> + <SHA1>db7e010425aaaaaaeebc6281a9d4c91e5666fd8f</SHA1> + </PackageUpdate> + <PackageUpdate> + <Name>F</Name> + <DisplayName>F</DisplayName> + <Description>Example component F</Description> + <Version>1.0.0-1</Version> + <ReleaseDate>2015-01-01</ReleaseDate> + <Default>true</Default> + <UpdateFile CompressedSize="215" OS="Any" UncompressedSize="74"/> + <DownloadableArchives>content.7z</DownloadableArchives> + <SHA1>b69b864cef5d0aecb496273374dd24bb8cba83bd</SHA1> + </PackageUpdate> +</Updates> diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1content.7z Binary files differnew file mode 100644 index 000000000..f96bfa9a3 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1content.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1meta.7z Binary files differnew file mode 100644 index 000000000..976c57b43 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/C/1.0.2-1meta.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1content.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1content.7z Binary files differnew file mode 100644 index 000000000..015670af0 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1content.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1meta.7z b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1meta.7z Binary files differnew file mode 100644 index 000000000..0b36609d7 --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/D/1.0.0-1meta.7z diff --git a/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/Updates.xml b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/Updates.xml new file mode 100644 index 000000000..ae2ba911a --- /dev/null +++ b/tests/auto/installer/contentsha1check/data/repositorywithnochecksumcheck/Updates.xml @@ -0,0 +1,27 @@ +<Updates> + <ApplicationName>{AnyApplication}</ApplicationName> + <ApplicationVersion>1.0.0</ApplicationVersion> + <Checksum>false</Checksum> + <PackageUpdate> + <Name>C</Name> + <DisplayName>C</DisplayName> + <Description>Example component C</Description> + <Version>1.0.2-1</Version> + <ReleaseDate>2015-01-01</ReleaseDate> + <Default>true</Default> + <UpdateFile OS="Any" UncompressedSize="74" CompressedSize="215"/> + <DownloadableArchives>content.7z</DownloadableArchives> + <SHA1>f82e1d1bbfd252715ace26db8c62595252e28a3b</SHA1> + </PackageUpdate> + <PackageUpdate> + <Name>D</Name> + <DisplayName>D</DisplayName> + <Description>Example component D</Description> + <Version>1.0.0-1</Version> + <ReleaseDate>2015-01-01</ReleaseDate> + <Default>true</Default> + <UpdateFile OS="Any" UncompressedSize="74" CompressedSize="215"/> + <DownloadableArchives>content.7z</DownloadableArchives> + <SHA1>402f299ec90f215db390b150c9429101344cf1ea</SHA1> + </PackageUpdate> +</Updates> diff --git a/tests/auto/installer/contentsha1check/settings.qrc b/tests/auto/installer/contentsha1check/settings.qrc new file mode 100644 index 000000000..e150ea61e --- /dev/null +++ b/tests/auto/installer/contentsha1check/settings.qrc @@ -0,0 +1,18 @@ +<RCC> + <qresource prefix="/"> + <file>data/config.xml</file> + <file>data/repositorywithchecksumcheck/Updates.xml</file> + <file>data/repositorywithchecksumcheck/A/1.0.2-1content.7z</file> + <file>data/repositorywithchecksumcheck/A/1.0.2-1content.7z.sha1</file> + <file>data/repositorywithchecksumcheck/B/1.0.0-1content.7z</file> + <file>data/repositorywithchecksumcheck/B/1.0.0-1content.7z.sha1</file> + <file>data/repositorywithnochecksumcheck/Updates.xml</file> + <file>data/repositorywithnochecksumcheck/C/1.0.2-1content.7z</file> + <file>data/repositorywithnochecksumcheck/D/1.0.0-1content.7z</file> + <file>data/repositorywithinvalidchecksum/Updates.xml</file> + <file>data/repositorywithinvalidchecksum/E/1.0.2-1content.7z</file> + <file>data/repositorywithinvalidchecksum/E/1.0.2-1content.7z.sha1</file> + <file>data/repositorywithinvalidchecksum/F/1.0.0-1content.7z</file> + <file>data/repositorywithinvalidchecksum/F/1.0.0-1content.7z.sha1</file> + </qresource> +</RCC> diff --git a/tests/auto/installer/contentsha1check/tst_contentsha1check.cpp b/tests/auto/installer/contentsha1check/tst_contentsha1check.cpp new file mode 100644 index 000000000..e587d3011 --- /dev/null +++ b/tests/auto/installer/contentsha1check/tst_contentsha1check.cpp @@ -0,0 +1,181 @@ +/************************************************************************** +** +** Copyright (C) 2023 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the Qt Installer Framework. +** +** $QT_BEGIN_LICENSE:GPL-EXCEPT$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 3 as published by the Free Software +** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +**************************************************************************/ +#include "../shared/packagemanager.h" +#include "../shared/verifyinstaller.h" + +#include <component.h> +#include <packagemanagercore.h> + +#include <QLoggingCategory> +#include <QTest> +#include <QMessageBox> + +using namespace QInstaller; + +typedef QList<QPair<QString, QString> > ComponentResourceHash; +typedef QPair<QString, QString> ComponentResource; + +static QStringList expectedMessages; + +void downloadingArchiveOutput(QtMsgType type, const QMessageLogContext &context, const QString &msg) +{ + Q_UNUSED(type) + Q_UNUSED(context) + QByteArray localMsg = msg.toLocal8Bit(); + if (!msg.startsWith("Downloading archive")) + return; + if (expectedMessages.contains(msg)) + expectedMessages.removeOne(msg); +} + +class tst_ContentSha1Check : public QObject +{ + Q_OBJECT + +private slots: + + void testInstall_data() + { + QTest::addColumn<QString>("repository"); + QTest::addColumn<QStringList>("installComponents"); + QTest::addColumn<PackageManagerCore::Status>("status"); + QTest::addColumn<ComponentResourceHash>("componentResources"); + QTest::addColumn<QStringList >("installedFiles"); + QTest::addColumn<QStringList >("expectedDownloadingArchiveMessages"); + + /*********** Install with checksum check **********/ + ComponentResourceHash componentResources; + componentResources.append(ComponentResource("A", "1.0.2-1content.txt")); + componentResources.append(ComponentResource("B", "1.0.0-1content.txt")); + + QTest::newRow("Check checksum") + << ":///data/repositorywithchecksumcheck" + << (QStringList() << "A" << "B") + << PackageManagerCore::Success + << componentResources + << (QStringList() << "components.xml" << "A.txt" << "B.txt") + << (QStringList() << "Downloading archive \"1.0.2-1content.7z.sha1\" for component A." + << "Downloading archive \"1.0.2-1content.7z\" for component A." + << "Downloading archive \"1.0.0-1content.7z.sha1\" for component B." + << "Downloading archive \"1.0.0-1content.7z\" for component B."); + + /*********** Install with and without checksum check **********/ + componentResources.clear(); + componentResources.append(ComponentResource("C", "1.0.2-1content.txt")); + componentResources.append(ComponentResource("D", "1.0.0-1content.txt")); + + QTest::newRow("Without checksum check") + << ":///data/repositorywithnochecksumcheck" + << (QStringList() << "C" << "D") + << PackageManagerCore::Success + << componentResources + << (QStringList() << "components.xml" << "C.txt" << "D.txt") + << (QStringList() << "Downloading archive \"1.0.2-1content.7z\" for component C." + << "Downloading archive \"1.0.0-1content.7z\" for component D."); + + } + + void testInstallWithInvalidChecksum_data() + { + QTest::addColumn<QString>("repository"); + QTest::addColumn<QStringList>("installComponents"); + QTest::addColumn<PackageManagerCore::Status>("status"); + QTest::addColumn<ComponentResourceHash>("componentResources"); + QTest::addColumn<QStringList >("installedFiles"); + + /*********** Install with checksum check **********/ + ComponentResourceHash componentResources; + + QTest::newRow("Invalid checksum") + << ":///data/repositorywithinvalidchecksum" + << (QStringList() << "E" << "F") + << PackageManagerCore::Failure + << componentResources + << (QStringList()); + } + + void testInstall() + { + QFETCH(QString, repository); + QFETCH(QStringList, installComponents); + QFETCH(PackageManagerCore::Status, status); + QFETCH(ComponentResourceHash, componentResources); + QFETCH(QStringList, installedFiles); + QFETCH(QStringList, expectedDownloadingArchiveMessages); + + expectedMessages = expectedDownloadingArchiveMessages; + QScopedPointer<PackageManagerCore> core(PackageManager::getPackageManagerWithInit + (m_installDir, repository)); + qInstallMessageHandler(downloadingArchiveOutput); + + QCOMPARE(status, core->installSelectedComponentsSilently(QStringList() << installComponents)); + for (const ComponentResource &resource : componentResources) + VerifyInstaller::verifyInstallerResources(m_installDir, resource.first, resource.second); + VerifyInstaller::verifyFileExistence(m_installDir, installedFiles); + + QVERIFY(expectedMessages.isEmpty()); + } + + void testInstallWithInvalidChecksum() + { + QFETCH(QString, repository); + QFETCH(QStringList, installComponents); + QFETCH(PackageManagerCore::Status, status); + QFETCH(ComponentResourceHash, componentResources); + QFETCH(QStringList, installedFiles); + + QScopedPointer<PackageManagerCore> core(PackageManager::getPackageManagerWithInit + (m_installDir, repository)); + core->setMessageBoxAutomaticAnswer("DownloadError", QMessageBox::Cancel); + core->setMessageBoxAutomaticAnswer("installationError", QMessageBox::Ok); + + QCOMPARE(status, core->installSelectedComponentsSilently(QStringList() << installComponents)); + QVERIFY(!QDir().exists(m_installDir)); + } + + void init() + { + m_installDir = QInstaller::generateTemporaryFileName(); + QVERIFY(QDir().mkpath(m_installDir)); + } + + void cleanup() + { + QDir dir(m_installDir); + QVERIFY(dir.removeRecursively()); + } + +private: + QString m_installDir; + QStringList m_expectedMessages; +}; + + +QTEST_MAIN(tst_ContentSha1Check) + +#include "tst_contentsha1check.moc" diff --git a/tests/auto/installer/installer.pro b/tests/auto/installer/installer.pro index 9325e71c5..ff070d143 100644 --- a/tests/auto/installer/installer.pro +++ b/tests/auto/installer/installer.pro @@ -42,7 +42,8 @@ SUBDIRS += \ createoffline \ contentshaupdate \ componentreplace \ - metadatacache + metadatacache \ + contentsha1check CONFIG(libarchive) { SUBDIRS += libarchivearchive |