[Git][reproducible-builds/diffoscope][master] 2 commits: Improve documentation of FILE_TYPE_HEADER_PREFIX and...
Chris Lamb
gitlab at salsa.debian.org
Mon Apr 27 12:12:10 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / diffoscope
Commits:
5a8d64f5 by Chris Lamb at 2020-04-27T12:21:53+01:00
Improve documentation of FILE_TYPE_HEADER_PREFIX and FALLBACK_FILE_TYPE_HEADER_PREFIX to remark that only the first 16 bytes are used.
- - - - -
be1d543c by Chris Lamb at 2020-04-27T13:12:00+01:00
Add support .p7c and .p7b certificates. (Closes: reproducible-builds/diffoscope#94)
- - - - -
7 changed files:
- debian/control
- debian/tests/control
- diffoscope/comparators/__init__.py
- + diffoscope/comparators/openssl.py
- diffoscope/comparators/utils/file.py
- diffoscope/external_tools.py
- + tests/comparators/test_openssl.py
Changes:
=====================================
debian/control
=====================================
@@ -53,6 +53,7 @@ Build-Depends:
odt2txt <!nocheck>,
oggvideotools [!s390x] <!nocheck>,
openssh-client <!nocheck>,
+ openssl <!nocheck>,
pgpdump <!nocheck>,
poppler-utils <!nocheck>,
procyon-decompiler <!nocheck>,
=====================================
debian/tests/control
=====================================
@@ -7,7 +7,7 @@
# $ mv debian/tests/control.tmp debian/tests/control
Tests: pytest-with-recommends
-Depends: python3-all, diffoscope, black, python3-pytest, python3-h5py, file, linux-image-amd64 [amd64] | linux-image-generic [amd64], abootimg, acl, apktool [!ppc64el !s390x], binutils-multiarch, bzip2, caca-utils, colord, db-util, default-jdk-headless | default-jdk | java-sdk, device-tree-compiler, docx2txt, e2fsprogs, enjarify, ffmpeg, fontforge-extras, fp-utils [!ppc64el !s390x], genisoimage, gettext, ghc, ghostscript, giflib-tools, gnumeric, gnupg, gnupg-utils, hdf5-tools, imagemagick, jsbeautifier, libarchive-tools, llvm, lz4 | liblz4-tool, mono-utils, ocaml-nox, odt2txt, oggvideotools [!s390x], openssh-client, pgpdump, poppler-utils, procyon-decompiler, python3-pdfminer, r-base-core, rpm2cpio, sng, sqlite3, squashfs-tools, tcpdump, unzip, wabt, xmlbeans, xxd | vim-common, xz-utils, zip, zstd, python3-argcomplete, python3-binwalk, python3-defusedxml, python3-distro, python3-guestfs, python3-jsondiff, python3-progressbar, python3-pypdf2, python3-debian, python3-pyxattr, python3-rpm, python3-tlsh
+Depends: python3-all, diffoscope, black, python3-pytest, python3-h5py, file, linux-image-amd64 [amd64] | linux-image-generic [amd64], abootimg, acl, apktool [!ppc64el !s390x], binutils-multiarch, bzip2, caca-utils, colord, db-util, default-jdk-headless | default-jdk | java-sdk, device-tree-compiler, docx2txt, e2fsprogs, enjarify, ffmpeg, fontforge-extras, fp-utils [!ppc64el !s390x], genisoimage, gettext, ghc, ghostscript, giflib-tools, gnumeric, gnupg, gnupg-utils, hdf5-tools, imagemagick, jsbeautifier, libarchive-tools, llvm, lz4 | liblz4-tool, mono-utils, ocaml-nox, odt2txt, oggvideotools [!s390x], openssh-client, openssl, pgpdump, poppler-utils, procyon-decompiler, python3-pdfminer, r-base-core, rpm2cpio, sng, sqlite3, squashfs-tools, tcpdump, unzip, wabt, xmlbeans, xxd | vim-common, xz-utils, zip, zstd, python3-argcomplete, python3-binwalk, python3-defusedxml, python3-distro, python3-guestfs, python3-jsondiff, python3-progressbar, python3-pypdf2, python3-debian, python3-pyxattr, python3-rpm, python3-tlsh
Tests: pytest
Depends: python3-all, diffoscope, python3-pytest, python3-h5py, file, python3-tlsh
=====================================
diffoscope/comparators/__init__.py
=====================================
@@ -48,6 +48,7 @@ class ComparatorManager:
('javascript.JavaScriptFile',),
('json.JSONFile',),
('xml.XMLFile',),
+ ('openssl.Pkcs7File',),
('text.TextFile',),
('bzip2.Bzip2File',),
('cpio.CpioFile',),
=====================================
diffoscope/comparators/openssl.py
=====================================
@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+#
+# diffoscope: in-depth comparison of files, archives, and directories
+#
+# Copyright © 2020 Chris Lamb <lamby at debian.org>
+#
+# diffoscope is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# diffoscope is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with diffoscope. If not, see <https://www.gnu.org/licenses/>.
+
+from diffoscope.tools import tool_required
+from diffoscope.difference import Difference
+
+from .utils.file import File
+from .utils.command import Command
+
+
+class Openssl(Command):
+ @tool_required('openssl')
+ def cmdline(self):
+ return ('openssl', 'pkcs7', '-print', '-noout', '-in', self.path)
+
+
+class Pkcs7File(File):
+ DESCRIPTION = "Public Key Cryptography Standards (PKCS) files (version #7)"
+ FILE_TYPE_HEADER_PREFIX = b'-----BEGIN PKCS7-----'[:16]
+
+ def compare_details(self, other, source=None):
+ return [
+ Difference.from_command(
+ Openssl, self.path, other.path, source='openssl pkcs7 -print'
+ )
+ ]
=====================================
diffoscope/comparators/utils/file.py
=====================================
@@ -122,7 +122,7 @@ class File(metaclass=abc.ABCMeta):
FILE_EXTENSION_SUFFIX = None
FILE_TYPE_RE = None
- FILE_TYPE_HEADER_PREFIX = None
+ FILE_TYPE_HEADER_PREFIX = None # max 16 bytes
@classmethod
def recognizes(cls, file):
@@ -175,7 +175,7 @@ class File(metaclass=abc.ABCMeta):
return _run_tests(all, all_tests) if all_tests else False
FALLBACK_FILE_EXTENSION_SUFFIX = None
- FALLBACK_FILE_TYPE_HEADER_PREFIX = None
+ FALLBACK_FILE_TYPE_HEADER_PREFIX = None # max 16 bytes
@classmethod
def fallback_recognizes(cls, file):
=====================================
diffoscope/external_tools.py
=====================================
@@ -138,6 +138,7 @@ EXTERNAL_TOOLS = {
'ocamlobjinfo': {'debian': 'ocaml-nox', 'guix': 'ocaml'},
'odt2txt': {'debian': 'odt2txt', 'arch': 'odt2txt', 'guix': 'odt2txt'},
'oggDump': {'debian': 'oggvideotools'},
+ 'openssl': {'debian': 'openssl'},
'pgpdump': {'debian': 'pgpdump', 'arch': 'pgpdump', 'guix': 'pgpdump'},
'pdftotext': {
'debian': 'poppler-utils',
=====================================
tests/comparators/test_openssl.py
=====================================
@@ -0,0 +1,101 @@
+# -*- coding: utf-8 -*-
+#
+# diffoscope: in-depth comparison of files, archives, and directories
+#
+# Copyright © 2020 Chris Lamb <lamby at debian.org>
+#
+# diffoscope is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# diffoscope is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with diffoscope. If not, see <https://www.gnu.org/licenses/>.
+
+import subprocess
+
+import pytest
+
+from diffoscope.comparators.binary import FilesystemFile
+from diffoscope.comparators.openssl import Pkcs7File
+from diffoscope.comparators.utils.specialize import specialize
+
+from ..utils.tools import skip_unless_tools_exist
+
+
+def pkcs7_fixture(prefix):
+ @pytest.fixture
+ def inner(tmpdir):
+ crt = str(tmpdir.join('{}.crt'.format(prefix)))
+ pem = str(tmpdir.join('{}.pem'.format(prefix)))
+ p7c = str(tmpdir.join('{}.p7c'.format(prefix)))
+
+ subprocess.check_call(
+ (
+ 'openssl',
+ 'req',
+ '-x509',
+ '-newkey',
+ 'rsa:4096',
+ '-keyout',
+ pem,
+ '-out',
+ crt,
+ '-days',
+ '365',
+ '-nodes',
+ '-subj',
+ '/CN=localhost',
+ )
+ )
+ subprocess.check_call(
+ (
+ 'openssl',
+ 'crl2pkcs7',
+ '-nocrl',
+ '-certfile',
+ crt,
+ '-out',
+ p7c,
+ '-certfile',
+ pem,
+ )
+ )
+
+ return specialize(FilesystemFile(p7c))
+
+ return inner
+
+
+pkcs71 = pkcs7_fixture('test1')
+pkcs72 = pkcs7_fixture('test2')
+
+
+ at skip_unless_tools_exist('openssl')
+def test_identification(pkcs71):
+ assert isinstance(pkcs71, Pkcs7File)
+
+
+ at skip_unless_tools_exist('openssl')
+def test_no_differences(pkcs71):
+ difference = pkcs71.compare(pkcs71)
+ assert difference is None
+
+
+ at pytest.fixture
+def differences(pkcs71, pkcs72):
+ return pkcs71.compare(pkcs72).details
+
+
+ at skip_unless_tools_exist('openssl')
+def test_differences(differences):
+ # Don't test exact unified diff; the signatures generated in
+ # `pkcs7_fixture` are non-deterministic.
+
+ assert 'notAfter:' in differences[0].unified_diff
+ assert 'serialNumber:' in differences[0].unified_diff
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/compare/c2a35f90dfde94a6cfa27584b7a0407b9e0a7537...be1d543c51553598354e2c463d58f8f4773bf099
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/compare/c2a35f90dfde94a6cfa27584b7a0407b9e0a7537...be1d543c51553598354e2c463d58f8f4773bf099
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200427/6cfe172c/attachment.htm>
More information about the rb-commits
mailing list