summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2015-10-15 09:19:01 +0000
committerintrigeri <intrigeri@boum.org>2015-10-15 09:19:01 +0000
commite77bdd7fbb7c2c3e2c2954d6647ef5fea03d6597 (patch)
tree5014e9369dc04aeb47d5551d92ba6c808a7f8e73
parent9cf201a974c5c0210f671fff4d14b5ff11f4dc90 (diff)
Drop support for checking MD5 checksum embedded in ISO.bugfix/10374-no-isomd5sum
Tails ISO images have never embedded such a checksum. Such checksums have basically no security value, and we'll soon propose a browser extension that performs a slightly stronger verification of a downloaded ISO image. So this code is basically useless, and we've never run it since we always call liveusb-creator with the -n (aka. --noverify) option anyway. Besides, due to this code being somewhat reachable, the Debian packaging has a dependency on isomd5sum, which is not in Ubuntu/main and thus makes installation of Tails Installer on Ubuntu harder than it should be.
-rwxr-xr-xliveusb/creator.py16
-rwxr-xr-xliveusb/gui.py5
-rw-r--r--liveusb/source.py24
3 files changed, 0 insertions, 45 deletions
diff --git a/liveusb/creator.py b/liveusb/creator.py
index 233e061..842a499 100755
--- a/liveusb/creator.py
+++ b/liveusb/creator.py
@@ -126,22 +126,6 @@ class LiveUSBCreator(object):
"""
raise NotImplementedError
- def verify_iso_md5(self):
- """ Verify the ISO md5sum.
- """
- if not self.source.supports_verify_md5:
- self.log.info(_('Source type does not support verification of ISO MD5 checksum, skipping'))
- return True
- self.log.info(_('Verifying ISO MD5 checksum'))
- try:
- self.source.verify_md5()
- except SourceError, e:
- self.log.exception(e)
- self.log.info(_('ISO MD5 checksum verification failed'))
- return False
- self.log.info(_('ISO MD5 checksum passed'))
- return True
-
def extract_iso(self):
""" Extract our ISO with 7-zip directly to the USB key """
self.log.info(_("Extracting live image to the target device..."))
diff --git a/liveusb/gui.py b/liveusb/gui.py
index 6b24f81..c95c67e 100755
--- a/liveusb/gui.py
+++ b/liveusb/gui.py
@@ -213,11 +213,6 @@ class LiveUSBThread(threading.Thread):
self.live.check_free_space()
if not self.parent.opts.noverify:
- # Verify the MD5 checksum inside of the ISO image
- if not self.live.verify_iso_md5():
- self.live.log.removeHandler(self.handler)
- return
-
# If we know about this ISO, and it's SHA1 -- verify it
release = self.live.source.get_release()
if release and ('sha1' in release or 'sha256' in release):
diff --git a/liveusb/source.py b/liveusb/source.py
index 8472ff0..ea46f7e 100644
--- a/liveusb/source.py
+++ b/liveusb/source.py
@@ -18,16 +18,8 @@ class SourceError(Exception):
class Source(object):
def clone(self, destination):
raise NotImplementedError
- def supports_verify_md5(self):
- return False
- def supports_verify_sha1(self):
- return False
class LocalIsoSource(Source):
- def supports_verify_md5(self):
- return True
- def supports_verify_sha1(self):
- return True
def __init__(self, path):
self.path = os.path.abspath(_to_unicode(path))
self.size = os.stat(self.path)[ST_SIZE]
@@ -60,22 +52,6 @@ class LocalIsoSource(Source):
if os.path.basename(release['url']) == isoname:
return release
- def verify_md5(self):
- """ Verify the ISO md5sum.
- At the moment this is Linux specific since checkisomd5 does not work
- on Windows.
- """
- if sys.platform == 'win32':
- return True
- cmd = ['checkisomd5', unicode_to_utf8(self.path)]
- proc = subprocess.Popen(cmd, stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- out, err = proc.communicate()
- if proc.returncode:
- raise SourceError(_("ISO MD5 checksum verification failed:"
- "%s\n%s" % (out, err)))
- return True
-
class RunningLiveSystemSource(Source):
def __init__(self, path):
if not os.path.exists(path):