[Libguestfs] [PATCH 04/10] builder: internally use a list of checksums for indexes

Pino Toscano ptoscano at redhat.com
Tue Jul 28 09:24:44 UTC 2015 

Extend Index_parser.entry to hold a list of checksums to validate, and
validate all of them.

This does change nothing currently, as only sha512 is read, while still
allowing us to fetch more checksums if needed.
---
 builder/builder.ml       |  6 +++---
 builder/checksums.ml     |  3 +++
 builder/checksums.mli    |  3 +++
 builder/index_parser.ml  | 22 +++++++++++++++-------
 builder/index_parser.mli |  2 +-
 5 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/builder/builder.ml b/builder/builder.ml
index e4f40ef..6f2b4bd 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -281,10 +281,10 @@ let main () =
   let () =
     match entry with
     (* New-style: Using a checksum. *)
-    | { Index_parser.checksum_sha512 = Some csum } ->
-      Checksums.verify_checksum (Checksums.SHA512 csum) template
+    | { Index_parser.checksums = Some csums } ->
+      Checksums.verify_checksums csums template
 
-    | { Index_parser.checksum_sha512 = None } ->
+    | { Index_parser.checksums = None } ->
       (* Old-style: detached signature. *)
       let sigfile =
         match entry with
diff --git a/builder/checksums.ml b/builder/checksums.ml
index 25b3328..5663832 100644
--- a/builder/checksums.ml
+++ b/builder/checksums.ml
@@ -53,3 +53,6 @@ let verify_checksum csum filename =
     if csum_ref <> csum_actual then
       error (f_"%s checksum of template did not match the expected checksum!\n  found checksum: %s\n  expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
         (string_of_csum_t csum) csum_actual csum_ref
+
+let verify_checksums checksums filename =
+  List.iter (fun c -> verify_checksum c filename) checksums
diff --git a/builder/checksums.mli b/builder/checksums.mli
index 4dc9dc0..ef26634 100644
--- a/builder/checksums.mli
+++ b/builder/checksums.mli
@@ -23,6 +23,9 @@ type csum_t =
 val verify_checksum : csum_t -> string -> unit
 (** Verify the checksum of the file. *)
 
+val verify_checksums : csum_t list -> string -> unit
+(** Verify all the checksums of the file. *)
+
 val string_of_csum_t : csum_t -> string
 (** Return a string representation of the checksum type. *)
 
diff --git a/builder/index_parser.ml b/builder/index_parser.ml
index abd685c..1164ab5 100644
--- a/builder/index_parser.ml
+++ b/builder/index_parser.ml
@@ -31,7 +31,7 @@ and entry = {
   file_uri : string;
   arch : string;
   signature_uri : string option;        (* deprecated, will be removed in 1.26 *)
-  checksum_sha512 : string option;
+  checksums : Checksums.csum_t list option;
   revision : int;
   format : string option;
   size : int64;
@@ -51,7 +51,7 @@ let print_entry chan (name, { printable_name = printable_name;
                               arch = arch;
                               osinfo = osinfo;
                               signature_uri = signature_uri;
-                              checksum_sha512 = checksum_sha512;
+                              checksums = checksums;
                               revision = revision;
                               format = format;
                               size = size;
@@ -77,11 +77,14 @@ let print_entry chan (name, { printable_name = printable_name;
   | None -> ()
   | Some uri -> fp "sig=%s\n" uri
   );
-  (match checksum_sha512 with
+  (match checksums with
   | None -> ()
-  | Some uri ->
-    fp "checksum[%s]=%s\n"
-      (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
+  | Some checksums ->
+    List.iter (
+      fun c ->
+        fp "checksum[%s]=%s\n"
+          (Checksums.string_of_csum_t c) (Checksums.string_of_csum c)
+    ) checksums
   );
   fp "revision=%d\n" revision;
   (match format with
@@ -260,12 +263,17 @@ let get_index ~downloader ~sigchecker
             | [] -> None
             | l -> Some l in
 
+          let checksums =
+            match checksum_sha512 with
+            | Some c -> Some [Checksums.SHA512 c]
+            | None -> None in
+
           let entry = { printable_name = printable_name;
                         osinfo = osinfo;
                         file_uri = file_uri;
                         arch = arch;
                         signature_uri = signature_uri;
-                        checksum_sha512 = checksum_sha512;
+                        checksums = checksums;
                         revision = revision;
                         format = format;
                         size = size;
diff --git a/builder/index_parser.mli b/builder/index_parser.mli
index 2e6ba77..f5b98b7 100644
--- a/builder/index_parser.mli
+++ b/builder/index_parser.mli
@@ -23,7 +23,7 @@ and entry = {
   file_uri : string;
   arch : string;
   signature_uri : string option;        (* deprecated, will be removed in 1.26 *)
-  checksum_sha512 : string option;
+  checksums : Checksums.csum_t list option;
   revision : int;
   format : string option;
   size : int64;
-- 
2.1.0

More information about the Libguestfs mailing list