Pino Toscano
2016-Sep-30 09:30 UTC
[Libguestfs] [PATCH 0/4] Consolidate Checksums as common code
Hi, this small series moves the OCaml Checksums module from virt-builder to mllib, adding more features to use it also for v2v. Thanks, Pino Toscano (4): mllib: move Checksums from builder mllib, builder: add and use Checksums.of_string mllib: add SHA1 support in Checksums v2v: -i ova: use Checksums builder/Makefile.am | 2 -- builder/builder.ml | 6 +++- builder/checksums.ml | 57 ----------------------------------- builder/checksums.mli | 33 -------------------- builder/simplestreams_parser.ml | 8 +++-- mllib/Makefile.am | 4 ++- mllib/checksums.ml | 67 +++++++++++++++++++++++++++++++++++++++++ mllib/checksums.mli | 42 ++++++++++++++++++++++++++ v2v/input_ova.ml | 17 +++-------- 9 files changed, 128 insertions(+), 108 deletions(-) delete mode 100644 builder/checksums.ml delete mode 100644 builder/checksums.mli create mode 100644 mllib/checksums.ml create mode 100644 mllib/checksums.mli -- 2.7.4
Pino Toscano
2016-Sep-30 09:30 UTC
[Libguestfs] [PATCH 1/4] mllib: move Checksums from builder
Move the Checksums module from virt-builder mostly as it is; the only change is that on checksum mismatch an exception is raised rather than invoking "error" directly: this way users of verify_checksum & verify_checksums can do their own handling of the situation. --- builder/Makefile.am | 2 -- builder/builder.ml | 6 +++++- builder/checksums.ml | 57 --------------------------------------------------- builder/checksums.mli | 33 ----------------------------- mllib/Makefile.am | 4 +++- mllib/checksums.ml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++ mllib/checksums.mli | 35 +++++++++++++++++++++++++++++++ 7 files changed, 99 insertions(+), 94 deletions(-) delete mode 100644 builder/checksums.ml delete mode 100644 builder/checksums.mli create mode 100644 mllib/checksums.ml create mode 100644 mllib/checksums.mli diff --git a/builder/Makefile.am b/builder/Makefile.am index 7983223..5977d8b 100644 --- a/builder/Makefile.am +++ b/builder/Makefile.am @@ -44,7 +44,6 @@ SOURCES_MLI = \ cache.mli \ cmdline.mli \ downloader.mli \ - checksums.mli \ index.mli \ index_parser.mli \ ini_reader.mli \ @@ -61,7 +60,6 @@ SOURCES_ML = \ utils.ml \ pxzcat.ml \ setlocale.ml \ - checksums.ml \ index.ml \ ini_reader.ml \ yajl.ml \ diff --git a/builder/builder.ml b/builder/builder.ml index fdbe659..799208a 100644 --- a/builder/builder.ml +++ b/builder/builder.ml @@ -307,7 +307,11 @@ let main () match entry with (* New-style: Using a checksum. *) | { Index.checksums = Some csums } -> - Checksums.verify_checksums csums template + (try Checksums.verify_checksums csums template + with Checksums.Mismatched_checksum (csum, csum_actual) -> + error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!") + (Checksums.string_of_csum_t csum) csum_actual (Checksums.string_of_csum csum) + ) | { Index.checksums = None } -> (* Old-style: detached signature. *) diff --git a/builder/checksums.ml b/builder/checksums.ml deleted file mode 100644 index c8cdc98..0000000 --- a/builder/checksums.ml +++ /dev/null @@ -1,57 +0,0 @@ -(* virt-builder - * Copyright (C) 2015 Red Hat Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - *) - -open Common_gettext.Gettext -open Common_utils - -open Utils - -open Printf - -type csum_t -| SHA256 of string -| SHA512 of string - -let string_of_csum_t = function - | SHA256 _ -> "sha256" - | SHA512 _ -> "sha512" - -let string_of_csum = function - | SHA256 c -> c - | SHA512 c -> c - -let verify_checksum csum filename - let prog, csum_ref - match csum with - | SHA256 c -> "sha256sum", c - | SHA512 c -> "sha512sum", c - in - - let cmd = sprintf "%s %s" prog (quote filename) in - let lines = external_command cmd in - match lines with - | [] -> - error (f_"%s did not return any output") prog - | line :: _ -> - let csum_actual = fst (String.split " " line) in - if csum_ref <> csum_actual then - error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!") - (string_of_csum_t csum) csum_actual csum_ref - -let verify_checksums checksums filename - List.iter (fun c -> verify_checksum c filename) checksums diff --git a/builder/checksums.mli b/builder/checksums.mli deleted file mode 100644 index ef26634..0000000 --- a/builder/checksums.mli +++ /dev/null @@ -1,33 +0,0 @@ -(* virt-builder - * Copyright (C) 2015 Red Hat Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - *) - -type csum_t -| SHA256 of string -| SHA512 of string - -val verify_checksum : csum_t -> string -> unit -(** Verify the checksum of the file. *) - -val verify_checksums : csum_t list -> string -> unit -(** Verify all the checksums of the file. *) - -val string_of_csum_t : csum_t -> string -(** Return a string representation of the checksum type. *) - -val string_of_csum : csum_t -> string -(** Return a string representation of the checksum value. *) diff --git a/mllib/Makefile.am b/mllib/Makefile.am index 489529a..f100b2f 100644 --- a/mllib/Makefile.am +++ b/mllib/Makefile.am @@ -27,6 +27,7 @@ EXTRA_DIST = \ test-getopt.sh SOURCES_MLI = \ + checksums.mli \ common_utils.mli \ curl.mli \ dev_t.mli \ @@ -60,7 +61,8 @@ SOURCES_ML = \ StatVFS.ml \ JSON.ml \ curl.ml \ - exit.ml + exit.ml \ + checksums.ml SOURCES_C = \ ../fish/decrypt.c \ diff --git a/mllib/checksums.ml b/mllib/checksums.ml new file mode 100644 index 0000000..918a1c2 --- /dev/null +++ b/mllib/checksums.ml @@ -0,0 +1,56 @@ +(* virt-builder + * Copyright (C) 2015 Red Hat Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + *) + +open Common_gettext.Gettext +open Common_utils + +open Printf + +type csum_t +| SHA256 of string +| SHA512 of string + +exception Mismatched_checksum of (csum_t * string) + +let string_of_csum_t = function + | SHA256 _ -> "sha256" + | SHA512 _ -> "sha512" + +let string_of_csum = function + | SHA256 c -> c + | SHA512 c -> c + +let verify_checksum csum filename + let prog, csum_ref + match csum with + | SHA256 c -> "sha256sum", c + | SHA512 c -> "sha512sum", c + in + + let cmd = sprintf "%s %s" prog (Filename.quote filename) in + let lines = external_command cmd in + match lines with + | [] -> + error (f_"%s did not return any output") prog + | line :: _ -> + let csum_actual = fst (String.split " " line) in + if csum_ref <> csum_actual then + raise (Mismatched_checksum (csum, csum_actual)) + +let verify_checksums checksums filename + List.iter (fun c -> verify_checksum c filename) checksums diff --git a/mllib/checksums.mli b/mllib/checksums.mli new file mode 100644 index 0000000..202bdd1 --- /dev/null +++ b/mllib/checksums.mli @@ -0,0 +1,35 @@ +(* virt-builder + * Copyright (C) 2015 Red Hat Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + *) + +type csum_t +| SHA256 of string +| SHA512 of string + +exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *) + +val verify_checksum : csum_t -> string -> unit +(** Verify the checksum of the file. *) + +val verify_checksums : csum_t list -> string -> unit +(** Verify all the checksums of the file. *) + +val string_of_csum_t : csum_t -> string +(** Return a string representation of the checksum type. *) + +val string_of_csum : csum_t -> string +(** Return a string representation of the checksum value. *) -- 2.7.4
Pino Toscano
2016-Sep-30 09:31 UTC
[Libguestfs] [PATCH 2/4] mllib, builder: add and use Checksums.of_string
Add a simple way to turn a combination of checksum type and value into a csum_t. Use it in builder, even if still constrained. --- builder/simplestreams_parser.ml | 8 ++++++-- mllib/checksums.ml | 6 ++++++ mllib/checksums.mli | 6 ++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/builder/simplestreams_parser.ml b/builder/simplestreams_parser.ml index 13e0b5d..f7682cd 100644 --- a/builder/simplestreams_parser.ml +++ b/builder/simplestreams_parser.ml @@ -156,8 +156,12 @@ let get_index ~downloader ~sigchecker let checksums let checksums = object_find_objects ( function - | ("sha256", Yajl_string c) -> Some (Checksums.SHA256 c) - | ("sha512", Yajl_string c) -> Some (Checksums.SHA512 c) + (* Since this catches all the keys, and not just + * the ones related to checksums, explicitly filter + * the supported checksums. + *) + | ("sha256"|"sha512" as t, Yajl_string c) -> + Some (Checksums.of_string t c) | _ -> None ) disk_item in match checksums with diff --git a/mllib/checksums.ml b/mllib/checksums.ml index 918a1c2..014e73e 100644 --- a/mllib/checksums.ml +++ b/mllib/checksums.ml @@ -35,6 +35,12 @@ let string_of_csum = function | SHA256 c -> c | SHA512 c -> c +let of_string csum_type csum_value + match String.lowercase_ascii csum_type with + | "sha256" -> SHA256 csum_value + | "sha512" -> SHA512 csum_value + | _ -> invalid_arg csum_type + let verify_checksum csum filename let prog, csum_ref match csum with diff --git a/mllib/checksums.mli b/mllib/checksums.mli index 202bdd1..298d7df 100644 --- a/mllib/checksums.mli +++ b/mllib/checksums.mli @@ -22,6 +22,12 @@ type csum_t exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *) +val of_string : string -> string -> csum_t +(** [of_string type value] returns the [csum_t] for the specified + combination of checksum type and checksum value. + + Raise [Invalid_argument] if the checksum type is not known. *) + val verify_checksum : csum_t -> string -> unit (** Verify the checksum of the file. *) -- 2.7.4
Pino Toscano
2016-Sep-30 09:31 UTC
[Libguestfs] [PATCH 3/4] mllib: add SHA1 support in Checksums
This way Checksums can be used in v2v. --- mllib/checksums.ml | 5 +++++ mllib/checksums.mli | 1 + 2 files changed, 6 insertions(+) diff --git a/mllib/checksums.ml b/mllib/checksums.ml index 014e73e..dfa8c3a 100644 --- a/mllib/checksums.ml +++ b/mllib/checksums.ml @@ -22,21 +22,25 @@ open Common_utils open Printf type csum_t +| SHA1 of string | SHA256 of string | SHA512 of string exception Mismatched_checksum of (csum_t * string) let string_of_csum_t = function + | SHA1 _ -> "sha1" | SHA256 _ -> "sha256" | SHA512 _ -> "sha512" let string_of_csum = function + | SHA1 c -> c | SHA256 c -> c | SHA512 c -> c let of_string csum_type csum_value match String.lowercase_ascii csum_type with + | "sha1" -> SHA1 csum_value | "sha256" -> SHA256 csum_value | "sha512" -> SHA512 csum_value | _ -> invalid_arg csum_type @@ -44,6 +48,7 @@ let of_string csum_type csum_value let verify_checksum csum filename let prog, csum_ref match csum with + | SHA1 c -> "sha1sum", c | SHA256 c -> "sha256sum", c | SHA512 c -> "sha512sum", c in diff --git a/mllib/checksums.mli b/mllib/checksums.mli index 298d7df..0074837 100644 --- a/mllib/checksums.mli +++ b/mllib/checksums.mli @@ -17,6 +17,7 @@ *) type csum_t +| SHA1 of string | SHA256 of string | SHA512 of string -- 2.7.4
Make use of the Checksums module to ease the verification of the SHA1 checksums in manifests. --- v2v/input_ova.ml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml index 4f848e2..5731a45 100644 --- a/v2v/input_ova.ml +++ b/v2v/input_ova.ml @@ -143,18 +143,11 @@ object if Str.string_match rex line 0 then ( let disk = Str.matched_group 1 line in let expected = Str.matched_group 2 line in - let cmd = sprintf "sha1sum %s" (quote (mf_folder // disk)) in - let out = external_command cmd in - match out with - | [] -> - error (f_"no output from sha1sum command, see previous errors") - | [line] -> - let actual, _ = String.split " " line in - if actual <> expected then - error (f_"checksum of disk %s does not match manifest %s (actual sha1(%s) = %s, expected sha1 (%s) = %s)") - disk mf disk actual disk expected; - debug "sha1 of %s matches expected checksum %s" disk expected - | _::_ -> error (f_"cannot parse output of sha1sum command") + let csum = Checksums.SHA1 expected in + try Checksums.verify_checksum csum (mf_folder // disk) + with Checksums.Mismatched_checksum (_, actual) -> + error (f_"checksum of disk %s does not match manifest %s (actual sha1(%s) = %s, expected sha1 (%s) = %s)") + disk mf disk actual disk expected; ) in (try loop () with End_of_file -> ()); -- 2.7.4
Richard W.M. Jones
2016-Oct-03 08:12 UTC
Re: [Libguestfs] [PATCH 1/4] mllib: move Checksums from builder
On Fri, Sep 30, 2016 at 11:30:59AM +0200, Pino Toscano wrote:> Move the Checksums module from virt-builder mostly as it is; the only > change is that on checksum mismatch an exception is raised rather than > invoking "error" directly: this way users of verify_checksum & > verify_checksums can do their own handling of the situation. > --- > builder/Makefile.am | 2 -- > builder/builder.ml | 6 +++++- > builder/checksums.ml | 57 --------------------------------------------------- > builder/checksums.mli | 33 ----------------------------- > mllib/Makefile.am | 4 +++- > mllib/checksums.ml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++ > mllib/checksums.mli | 35 +++++++++++++++++++++++++++++++ > 7 files changed, 99 insertions(+), 94 deletions(-) > delete mode 100644 builder/checksums.ml > delete mode 100644 builder/checksums.mli > create mode 100644 mllib/checksums.ml > create mode 100644 mllib/checksums.mli > > diff --git a/builder/Makefile.am b/builder/Makefile.am > index 7983223..5977d8b 100644 > --- a/builder/Makefile.am > +++ b/builder/Makefile.am > @@ -44,7 +44,6 @@ SOURCES_MLI = \ > cache.mli \ > cmdline.mli \ > downloader.mli \ > - checksums.mli \ > index.mli \ > index_parser.mli \ > ini_reader.mli \ > @@ -61,7 +60,6 @@ SOURCES_ML = \ > utils.ml \ > pxzcat.ml \ > setlocale.ml \ > - checksums.ml \ > index.ml \ > ini_reader.ml \ > yajl.ml \ > diff --git a/builder/builder.ml b/builder/builder.ml > index fdbe659..799208a 100644 > --- a/builder/builder.ml > +++ b/builder/builder.ml > @@ -307,7 +307,11 @@ let main () > match entry with > (* New-style: Using a checksum. *) > | { Index.checksums = Some csums } -> > - Checksums.verify_checksums csums template > + (try Checksums.verify_checksums csums template > + with Checksums.Mismatched_checksum (csum, csum_actual) -> > + error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!") > + (Checksums.string_of_csum_t csum) csum_actual (Checksums.string_of_csum csum) > + ) > > | { Index.checksums = None } -> > (* Old-style: detached signature. *) > diff --git a/builder/checksums.ml b/builder/checksums.ml > deleted file mode 100644 > index c8cdc98..0000000 > --- a/builder/checksums.ml > +++ /dev/null > @@ -1,57 +0,0 @@ > -(* virt-builder > - * Copyright (C) 2015 Red Hat Inc. > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License along > - * with this program; if not, write to the Free Software Foundation, Inc., > - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > - *) > - > -open Common_gettext.Gettext > -open Common_utils > - > -open Utils > - > -open Printf > - > -type csum_t > -| SHA256 of string > -| SHA512 of string > - > -let string_of_csum_t = function > - | SHA256 _ -> "sha256" > - | SHA512 _ -> "sha512" > - > -let string_of_csum = function > - | SHA256 c -> c > - | SHA512 c -> c > - > -let verify_checksum csum filename > - let prog, csum_ref > - match csum with > - | SHA256 c -> "sha256sum", c > - | SHA512 c -> "sha512sum", c > - in > - > - let cmd = sprintf "%s %s" prog (quote filename) in > - let lines = external_command cmd in > - match lines with > - | [] -> > - error (f_"%s did not return any output") prog > - | line :: _ -> > - let csum_actual = fst (String.split " " line) in > - if csum_ref <> csum_actual then > - error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!") > - (string_of_csum_t csum) csum_actual csum_ref > - > -let verify_checksums checksums filename > - List.iter (fun c -> verify_checksum c filename) checksums > diff --git a/builder/checksums.mli b/builder/checksums.mli > deleted file mode 100644 > index ef26634..0000000 > --- a/builder/checksums.mli > +++ /dev/null > @@ -1,33 +0,0 @@ > -(* virt-builder > - * Copyright (C) 2015 Red Hat Inc. > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License along > - * with this program; if not, write to the Free Software Foundation, Inc., > - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > - *) > - > -type csum_t > -| SHA256 of string > -| SHA512 of string > - > -val verify_checksum : csum_t -> string -> unit > -(** Verify the checksum of the file. *) > - > -val verify_checksums : csum_t list -> string -> unit > -(** Verify all the checksums of the file. *) > - > -val string_of_csum_t : csum_t -> string > -(** Return a string representation of the checksum type. *) > - > -val string_of_csum : csum_t -> string > -(** Return a string representation of the checksum value. *) > diff --git a/mllib/Makefile.am b/mllib/Makefile.am > index 489529a..f100b2f 100644 > --- a/mllib/Makefile.am > +++ b/mllib/Makefile.am > @@ -27,6 +27,7 @@ EXTRA_DIST = \ > test-getopt.sh > > SOURCES_MLI = \ > + checksums.mli \ > common_utils.mli \ > curl.mli \ > dev_t.mli \ > @@ -60,7 +61,8 @@ SOURCES_ML = \ > StatVFS.ml \ > JSON.ml \ > curl.ml \ > - exit.ml > + exit.ml \ > + checksums.ml > > SOURCES_C = \ > ../fish/decrypt.c \ > diff --git a/mllib/checksums.ml b/mllib/checksums.ml > new file mode 100644 > index 0000000..918a1c2 > --- /dev/null > +++ b/mllib/checksums.ml > @@ -0,0 +1,56 @@ > +(* virt-builder > + * Copyright (C) 2015 Red Hat Inc. > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License along > + * with this program; if not, write to the Free Software Foundation, Inc., > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > + *) > + > +open Common_gettext.Gettext > +open Common_utils > + > +open Printf > + > +type csum_t > +| SHA256 of string > +| SHA512 of string > + > +exception Mismatched_checksum of (csum_t * string) > + > +let string_of_csum_t = function > + | SHA256 _ -> "sha256" > + | SHA512 _ -> "sha512" > + > +let string_of_csum = function > + | SHA256 c -> c > + | SHA512 c -> c > + > +let verify_checksum csum filename > + let prog, csum_ref > + match csum with > + | SHA256 c -> "sha256sum", c > + | SHA512 c -> "sha512sum", c > + in > + > + let cmd = sprintf "%s %s" prog (Filename.quote filename) in > + let lines = external_command cmd in > + match lines with > + | [] -> > + error (f_"%s did not return any output") prog > + | line :: _ -> > + let csum_actual = fst (String.split " " line) in > + if csum_ref <> csum_actual then > + raise (Mismatched_checksum (csum, csum_actual)) > + > +let verify_checksums checksums filename > + List.iter (fun c -> verify_checksum c filename) checksums > diff --git a/mllib/checksums.mli b/mllib/checksums.mli > new file mode 100644 > index 0000000..202bdd1 > --- /dev/null > +++ b/mllib/checksums.mli > @@ -0,0 +1,35 @@ > +(* virt-builder > + * Copyright (C) 2015 Red Hat Inc. > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License along > + * with this program; if not, write to the Free Software Foundation, Inc., > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > + *) > + > +type csum_t > +| SHA256 of string > +| SHA512 of string > + > +exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *) > + > +val verify_checksum : csum_t -> string -> unit > +(** Verify the checksum of the file. *) > + > +val verify_checksums : csum_t list -> string -> unit > +(** Verify all the checksums of the file. *) > + > +val string_of_csum_t : csum_t -> string > +(** Return a string representation of the checksum type. *) > + > +val string_of_csum : csum_t -> string > +(** Return a string representation of the checksum value. *) > -- > 2.7.4ACK. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html
Richard W.M. Jones
2016-Oct-03 08:40 UTC
Re: [Libguestfs] [PATCH 4/4] v2v: -i ova: use Checksums
On Fri, Sep 30, 2016 at 11:31:02AM +0200, Pino Toscano wrote:> Make use of the Checksums module to ease the verification of the SHA1 > checksums in manifests. > --- > v2v/input_ova.ml | 17 +++++------------ > 1 file changed, 5 insertions(+), 12 deletions(-) > > diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml > index 4f848e2..5731a45 100644 > --- a/v2v/input_ova.ml > +++ b/v2v/input_ova.ml > @@ -143,18 +143,11 @@ object > if Str.string_match rex line 0 then ( > let disk = Str.matched_group 1 line in > let expected = Str.matched_group 2 line in > - let cmd = sprintf "sha1sum %s" (quote (mf_folder // disk)) in > - let out = external_command cmd in > - match out with > - | [] -> > - error (f_"no output from sha1sum command, see previous errors") > - | [line] -> > - let actual, _ = String.split " " line in > - if actual <> expected then > - error (f_"checksum of disk %s does not match manifest %s (actual sha1(%s) = %s, expected sha1 (%s) = %s)") > - disk mf disk actual disk expected; > - debug "sha1 of %s matches expected checksum %s" disk expected > - | _::_ -> error (f_"cannot parse output of sha1sum command") > + let csum = Checksums.SHA1 expected in > + try Checksums.verify_checksum csum (mf_folder // disk) > + with Checksums.Mismatched_checksum (_, actual) -> > + error (f_"checksum of disk %s does not match manifest %s (actual sha1(%s) = %s, expected sha1 (%s) = %s)") > + disk mf disk actual disk expected; > ) > in > (try loop () with End_of_file -> ());ACK series. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/
Possibly Parallel Threads
- Re: [PATCH v2 1/7] mllib: factorize code to add Checksum.get_checksum function
- [PATCH 0/3] v2v: Miscellaneous refactoring and fixes.
- [PATCH 00/10] RFC: builder: first support for Simple Streams metadata
- [PATCH v2 0/7] Introducing virt-builder-repository
- [PATCH v2 0/9] v2v: -i ova: Handle OVAs containing snapshots.