From b308fe46695820c09258741eb04c80c1cf74c3bb Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Fri, 20 Oct 2017 13:38:14 +0200
Subject: [PATCH] New option to impose a particular tarball hash

---
 archive.py |  4 +++-
 check.py   | 15 +++++++++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/archive.py b/archive.py
index 7f2bd68..3ec8637 100644
--- a/archive.py
+++ b/archive.py
@@ -44,13 +44,15 @@ def find(cnt):
     yield (data, login)
 
 
-def hash_archive(cnt, dest=None):
+def hash_archive(cnt, dest=None, imposed_hash=None):
     data, login = cnt
     sha = hashlib.sha1(data.encode() if isinstance(data, str) else data).hexdigest()
     yield MailTest("Your tarball SHA-1 is %s." % sha, -1)
     if dest is not None and os.path.exists(os.path.join(dest, login + "." + sha)):
         yield MailTest("You have already uploaded this tarball.", 1)
         yield False
+    elif imposed_hash is not None and imposed_hash != sha:
+        yield MailTest("This is not the expected hash. Your tarball's hash must be: %s." % imposed_hash, 1)
     else:
         yield (data, sha, login)
 
diff --git a/check.py b/check.py
index fb21b2c..eee92b1 100755
--- a/check.py
+++ b/check.py
@@ -28,17 +28,17 @@ def signcheck(data):
     yield data
 
 
-def gen_checks(submissions_dir, check_content=False):
+def gen_checks(submissions_dir, check_content=False, check_submission_hash=None):
     if HARD_MAX_SUBMISSION is not None and check_content:
         yield (late.check, [HARD_MAX_SUBMISSION, SOFT_MAX_SUBMISSION])
-    else:
+    elif not check_content:
         yield signcheck
     yield (envelope.check, [GNUPG_DIRECTORY, BETA])
     yield (signature.check, [GNUPG_DIRECTORY])
     yield (login.check, ["/home/nemunaire/workspace/check_mail/SRS2017.csv"])
     if check_content:
         yield archive.find
-        yield ( archive.hash_archive, [submissions_dir] )
+        yield ( archive.hash_archive, [submissions_dir, check_submission_hash] )
         yield archive.guess_mime
         yield ( archive.extract, [submissions_dir] )
 
@@ -122,14 +122,14 @@ def readmail(fp):
     return cnt, frm, subject, ref
 
 
-def check_mail(cnt, submissions_dir, check_content=False):
+def check_mail(cnt, submissions_dir, check_content=False, check_submission_hash=None):
     results = []
 
     # sentinel
     results.append([(None, [cnt])])
 
     lvl = 0
-    for check in gen_checks(submissions_dir=submissions_dir, check_content=check_content):
+    for check in gen_checks(submissions_dir=submissions_dir, check_content=check_content, check_submission_hash=check_submission_hash):
         lvl += 1
         curr = []
         curc = []
@@ -207,6 +207,9 @@ if __name__ == '__main__':
     parser.add_argument('--submissions', default="/tmp/rendus",
                         help="directory where store submissions")
 
+    parser.add_argument('--expected-submission-hash',
+                        help="imposed tarball hash")
+
     parser.add_argument('--beta', action="store_true",
                         help="enable beta features")
 
@@ -226,4 +229,4 @@ if __name__ == '__main__':
     BETA = args.beta
 
     cnt, frm, subject, ref = readmail(sys.stdin.buffer)
-    respondmail(frm, subject, ref, [c for c in check_mail(cnt, submissions_dir=args.submissions, check_content=not args.sign)])
+    respondmail(frm, subject, ref, [c for c in check_mail(cnt, submissions_dir=args.submissions, check_content=not args.sign, check_submission_hash=args.expected_submission_hash)])