prefer sha256 over md5 for download verification

alexhall · May 10, 2019 · 258e926 · 258e926
1 parent 769cead
commit 258e926
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 18 deletions.
diff --git a/conda/gateways/connection/download.py b/conda/gateways/connection/download.py
@@ -47,9 +47,19 @@ def download(
         resp.raise_for_status()
 
         content_length = int(resp.headers.get('Content-Length', 0))
+        checksum_builder = None
+        checksum_type = None
+
+        # prefer sha256 over md5 when both are available
+        if sha256:
+            checksum_builder = hashlib.new("sha256")
+            checksum_type = "sha256"
+            checksum = sha256
+        elif md5:
+            checksum_builder = hashlib.new("md5") if md5 else None
+            checksum_type = "md5"
+            checksum = md5
 
-        md5_builder = hashlib.new("md5") if md5 else None
-        sha256_builder = hashlib.new("sha256") if sha256 else None
         size_builder = 0
         try:
             with open(target_full_path, 'wb') as fh:
@@ -65,8 +75,7 @@ def download(
                         # TODO: make this CondaIOError
                         raise CondaError(message, target_path=target_full_path, errno=e.errno)
 
-                    md5_builder and md5_builder.update(chunk)
-                    sha256_builder and sha256_builder.update(chunk)
+                    checksum_builder and checksum_builder.update(chunk)
                     size_builder += len(chunk)
 
                     if content_length and 0 <= streamed_bytes <= content_length:
@@ -92,17 +101,13 @@ def download(
                 log.debug("%s, trying again" % e)
             raise
 
-        if md5:
-            actual_md5 = md5_builder.hexdigest()
-            if actual_md5 != md5:
-                log.debug("md5 sums mismatch for download: %s (%s != %s)", url, actual_md5, md5)
-                raise ChecksumMismatchError(url, target_full_path, "md5", md5, actual_md5)
-        if sha256:
-            actual_sha256 = sha256_builder.hexdigest()
-            if actual_sha256 != md5:
-                log.debug("sha256 sums mismatch for download: %s (%s != %s)",
-                          url, actual_sha256, sha256)
-                raise ChecksumMismatchError(url, target_full_path, "sha256", sha256, actual_sha256)
+        if checksum_builder:
+            actual_checksum = checksum_builder.hexdigest()
+            if actual_checksum != checksum:
+                log.debug("%s sums mismatch for download: %s (%s != %s)", checksum_type, url,
+                          actual_checksum, checksum)
+                raise ChecksumMismatchError(url, target_full_path, checksum_type, checksum,
+                                            actual_checksum)
         if size is not None:
             actual_size = size_builder
             if actual_size != size:

diff --git a/conda/resolve.py b/conda/resolve.py
@@ -501,7 +501,7 @@ def filter_group(_specs):
         # Determine all valid packages in the dependency graph
         reduced_index2 = {prec: prec for prec in (make_feature_record(fstr) for fstr in features)}
         explicit_spec_set = set(explicit_specs)
-        specs_by_name_seed = dict()
+        specs_by_name_seed = OrderedDict()
         for s in explicit_specs:
             specs_by_name_seed[s.name] = specs_by_name_seed.get(s.name, list()) + [s]
         for explicit_spec in explicit_spec_set:

diff --git a/tests/test_link_order.py b/tests/test_link_order.py
@@ -10,8 +10,6 @@
 
 from .test_create import run_command, Commands
 
-from conda_build import api  # Why?
-
 try:
     from unittest.mock import patch
 except ImportError: