-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check integrity of downloaded data files and avoid running dependent tests if a broken file is found. #41
base: develop
Are you sure you want to change the base?
Conversation
Declare downloading tests to be fixtures so that dependant tests will not be run if there is incomplete/corrupted file.
Ouch. Seems there is problem in comparing checksum on Windows. |
Can anybody try ctests with this patch on Windows to see what is going on? |
I bit the bullet and setup build environment in ever decreasing free space on my Windows drive. eccodes_download_gribs failed at the same position as it does in AppVeyor check. The cause was the difference in line terminating chars. The template file ecbuild/cmake/md5.in from which .md5 are generated contains CRLF but files generated by 'cmake -E md5sum' contain LF. If that is what is really happening in AppVeyor check, possible solutions would be;
|
…that md5 comparison works.
Solution B does not work because configure_file() forces platform specific line ending chars in the output if no NEWLINE_STYLE is specified. |
…cause 'cmake -E md5sum' emits LF.
I think this PR is ready to be examined and subsequently be merged. It would be a tough decision to make; whether to merge this PR now or wait until the patch on ecbuild be merged and be made be public. |
…ged into ecbuild.
Ecbuild repository was updated with my proposed change and therefore now the appveyor test of this project succeeds without patching ecbuild. |
Associate each data file with a known md5 checksum and have the checksum compared with one generated from a downloaded file in order to verify the integrity of the file. Downloading tests will fail if they find a corrupt/incomplete file.
Declare downloading tests to be fixtures so that dependent tests are not run if downloading tests fail and so that the the downloading tests get run even if subset of dependent tests are run (e.g. via ctest -R {some_test})
This patch also concerns about security. Since data files are served over plain HTTP without TLS, a man in the middle can serve a tweaked data file which exploits vulnerabilities in eccodes to compromise security of computers running the tests. The integrity check will lower the chance of that kind of attack succeeding.