[Libguestfs] [PATCH 04/10] builder: internally use a list of checksums for indexes
Richard W.M. Jones
rjones at redhat.com
Tue Jul 28 11:02:57 UTC 2015
On Tue, Jul 28, 2015 at 11:24:44AM +0200, Pino Toscano wrote:
> Extend Index_parser.entry to hold a list of checksums to validate, and
> validate all of them.
>
> This does change nothing currently, as only sha512 is read, while still
> allowing us to fetch more checksums if needed.
> ---
> builder/builder.ml | 6 +++---
> builder/checksums.ml | 3 +++
> builder/checksums.mli | 3 +++
> builder/index_parser.ml | 22 +++++++++++++++-------
> builder/index_parser.mli | 2 +-
> 5 files changed, 25 insertions(+), 11 deletions(-)
>
> diff --git a/builder/builder.ml b/builder/builder.ml
> index e4f40ef..6f2b4bd 100644
> --- a/builder/builder.ml
> +++ b/builder/builder.ml
> @@ -281,10 +281,10 @@ let main () =
> let () =
> match entry with
> (* New-style: Using a checksum. *)
> - | { Index_parser.checksum_sha512 = Some csum } ->
> - Checksums.verify_checksum (Checksums.SHA512 csum) template
> + | { Index_parser.checksums = Some csums } ->
> + Checksums.verify_checksums csums template
>
> - | { Index_parser.checksum_sha512 = None } ->
> + | { Index_parser.checksums = None } ->
> (* Old-style: detached signature. *)
> let sigfile =
> match entry with
> diff --git a/builder/checksums.ml b/builder/checksums.ml
> index 25b3328..5663832 100644
> --- a/builder/checksums.ml
> +++ b/builder/checksums.ml
> @@ -53,3 +53,6 @@ let verify_checksum csum filename =
> if csum_ref <> csum_actual then
> error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> (string_of_csum_t csum) csum_actual csum_ref
> +
> +let verify_checksums checksums filename =
> + List.iter (fun c -> verify_checksum c filename) checksums
> diff --git a/builder/checksums.mli b/builder/checksums.mli
> index 4dc9dc0..ef26634 100644
> --- a/builder/checksums.mli
> +++ b/builder/checksums.mli
> @@ -23,6 +23,9 @@ type csum_t =
> val verify_checksum : csum_t -> string -> unit
> (** Verify the checksum of the file. *)
>
> +val verify_checksums : csum_t list -> string -> unit
> +(** Verify all the checksums of the file. *)
> +
> val string_of_csum_t : csum_t -> string
> (** Return a string representation of the checksum type. *)
>
> diff --git a/builder/index_parser.ml b/builder/index_parser.ml
> index abd685c..1164ab5 100644
> --- a/builder/index_parser.ml
> +++ b/builder/index_parser.ml
> @@ -31,7 +31,7 @@ and entry = {
> file_uri : string;
> arch : string;
> signature_uri : string option; (* deprecated, will be removed in 1.26 *)
> - checksum_sha512 : string option;
> + checksums : Checksums.csum_t list option;
> revision : int;
> format : string option;
> size : int64;
> @@ -51,7 +51,7 @@ let print_entry chan (name, { printable_name = printable_name;
> arch = arch;
> osinfo = osinfo;
> signature_uri = signature_uri;
> - checksum_sha512 = checksum_sha512;
> + checksums = checksums;
> revision = revision;
> format = format;
> size = size;
> @@ -77,11 +77,14 @@ let print_entry chan (name, { printable_name = printable_name;
> | None -> ()
> | Some uri -> fp "sig=%s\n" uri
> );
> - (match checksum_sha512 with
> + (match checksums with
> | None -> ()
> - | Some uri ->
> - fp "checksum[%s]=%s\n"
> - (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
> + | Some checksums ->
> + List.iter (
> + fun c ->
> + fp "checksum[%s]=%s\n"
> + (Checksums.string_of_csum_t c) (Checksums.string_of_csum c)
> + ) checksums
> );
> fp "revision=%d\n" revision;
> (match format with
> @@ -260,12 +263,17 @@ let get_index ~downloader ~sigchecker
> | [] -> None
> | l -> Some l in
>
> + let checksums =
> + match checksum_sha512 with
> + | Some c -> Some [Checksums.SHA512 c]
> + | None -> None in
> +
> let entry = { printable_name = printable_name;
> osinfo = osinfo;
> file_uri = file_uri;
> arch = arch;
> signature_uri = signature_uri;
> - checksum_sha512 = checksum_sha512;
> + checksums = checksums;
> revision = revision;
> format = format;
> size = size;
> diff --git a/builder/index_parser.mli b/builder/index_parser.mli
> index 2e6ba77..f5b98b7 100644
> --- a/builder/index_parser.mli
> +++ b/builder/index_parser.mli
> @@ -23,7 +23,7 @@ and entry = {
> file_uri : string;
> arch : string;
> signature_uri : string option; (* deprecated, will be removed in 1.26 *)
> - checksum_sha512 : string option;
> + checksums : Checksums.csum_t list option;
> revision : int;
> format : string option;
> size : int64;
Straightforward refactoring, ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
More information about the Libguestfs
mailing list