[et-mgmt-tools] [patch] virt-convert add disk signature into virt-image format export

[Daniel P. Berrange]

On Wed, Oct 01, 2008 at 09:43:54AM -0400, Cole Robinson wrote:
> Daniel P. Berrange wrote:
> > On Tue, Sep 30, 2008 at 05:39:13PM -0400, Joey Boggs wrote:
> >> Here's a sample that works, just want to verify it's alright. Is 64MB 
> >> too much/too little to read at one time?
> >>
> >>
> >> f = open("test.raw","r")
> >> m = sha.new()
> >> while 1:
> >>    chunk = f.read(65536)
> >>    if not chunk:
> >>        break
> >>    m.update(chunk)
> >> print m.hexdigest()
> > 
> > Both md5 and sha1 are becoming obsolete, and indeed forbidden by some
> > of the more paranoid organizations. I'd recommend we go straight
> > to using at least sha256. Also the docs recommend using  hashlib module
> > directly, eg
> > 
> >     import hashlib
> > 
> >     m = hashlib.sha256()
> >     while 1:
> >       chunk = f.read(65536)
> >       if not chunk:
> >         break
> >       m.update(chunk)
> >     print m.hexdigest()
> > 
> > Daniel
> 
> Yeah, the only problem with hashlib is that it's python2.5
> only. But we could just catch the import error and disable
> the functionality if need be.
> 
> As far as md5 or sha1, no comment, though we probably want
> to support whatever other config formats use (if any do
> indeed offer hash support).

I suggest then we include multiple checksums. Either a md5 or sha1 
checksum which we can do everywhere, and a second sha256 checksum
for stronger validation where available.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|