From 939838566b7f73970fe0a6d816a419ff2bbcbca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
 <psuarezhernandez@suse.com>
Date: Tue, 24 May 2016 11:01:55 +0100
Subject: [PATCH 09/13] checksum validation when zypper pkg.download

check the signature of downloaded RPM files

bugfix: showing errors when a package download fails using zypper pkg.download

Renamed check_sig to checksum and some refactoring

simpler rpm.checksum function
---
 salt/modules/rpm.py    | 26 ++++++++++++++++++++++++++
 salt/modules/zypper.py |  9 +++++----
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/salt/modules/rpm.py b/salt/modules/rpm.py
index bcdf553ac91b..eb27bb588102 100644
--- a/salt/modules/rpm.py
+++ b/salt/modules/rpm.py
@@ -606,3 +606,29 @@ def version_cmp(ver1, ver2):
         log.warning("Failed to compare version '{0}' to '{1}' using RPM: {2}".format(ver1, ver2, exc))
 
     return salt.utils.version_cmp(ver1, ver2)
+
+
+def checksum(*paths):
+    '''
+    Return if the signature of a RPM file is valid.
+
+    CLI Example:
+
+    .. code-block:: bash
+
+        salt '*' lowpkg.checksum /path/to/package1.rpm
+        salt '*' lowpkg.checksum /path/to/package1.rpm /path/to/package2.rpm
+    '''
+    ret = dict()
+
+    if not paths:
+        raise CommandExecutionError("No package files has been specified.")
+
+    for package_file in paths:
+        ret[package_file] = (bool(__salt__['file.file_exists'](package_file)) and
+                            not __salt__['cmd.retcode'](["rpm", "-K", "--quiet", package_file],
+                                                        ignore_retcode=True,
+                                                        output_loglevel='trace',
+                                                        python_shell=False))
+
+    return ret
diff --git a/salt/modules/zypper.py b/salt/modules/zypper.py
index 13afd5afff9e..03ca6e6a1fcd 100644
--- a/salt/modules/zypper.py
+++ b/salt/modules/zypper.py
@@ -1578,12 +1578,13 @@ def download(*packages, **kwargs):
             'repository-name': repo.getAttribute('name'),
             'repository-alias': repo.getAttribute('alias'),
         }
-        key = _get_first_aggregate_text(
-            dld_result.getElementsByTagName('name')
-        )
-        pkg_ret[key] = pkg_info
+        if __salt__['lowpkg.checksum'](pkg_info['path']):
+            pkg_ret[_get_first_aggregate_text(dld_result.getElementsByTagName("name"))] = pkg_info
 
     if pkg_ret:
+        failed = [pkg for pkg in packages if pkg not in pkg_ret]
+        if failed:
+            pkg_ret['_error'] = ('The following package(s) failed to download: {0}'.format(', '.join(failed)))
         return pkg_ret
 
     raise CommandExecutionError(
-- 
2.8.3