[Libguestfs] [PATCH 02/10] builder: create and use a new Checksums module
Richard W.M. Jones
rjones at redhat.com
Tue Jul 28 10:58:36 UTC 2015
On Tue, Jul 28, 2015 at 11:24:42AM +0200, Pino Toscano wrote:
> Introduce a new Checksums module to handle the check of checksums,
> moving part of the Sigchecker code to it.
>
> Adapt the rest of virt-builder to this new module.
> ---
> builder/Makefile.am | 2 ++
> builder/builder.ml | 2 +-
> builder/checksums.ml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
> builder/checksums.mli | 29 ++++++++++++++++++++++++++++
> builder/index_parser.ml | 4 +++-
> builder/sigchecker.ml | 25 ------------------------
> builder/sigchecker.mli | 6 ------
> po/POTFILES-ml | 1 +
> 8 files changed, 87 insertions(+), 33 deletions(-)
> create mode 100644 builder/checksums.ml
> create mode 100644 builder/checksums.mli
>
> diff --git a/builder/Makefile.am b/builder/Makefile.am
> index 2413217..28afeee 100644
> --- a/builder/Makefile.am
> +++ b/builder/Makefile.am
> @@ -39,6 +39,7 @@ CLEANFILES = *~ *.annot *.cmi *.cmo *.cmx *.cmxa *.o virt-builder
> SOURCES_MLI = \
> cache.mli \
> downloader.mli \
> + checksums.mli \
> index_parser.mli \
> ini_reader.mli \
> languages.mli \
> @@ -52,6 +53,7 @@ SOURCES_ML = \
> utils.ml \
> pxzcat.ml \
> setlocale.ml \
> + checksums.ml \
> ini_reader.ml \
> paths.ml \
> languages.ml \
> diff --git a/builder/builder.ml b/builder/builder.ml
> index d40ad8f..e4f40ef 100644
> --- a/builder/builder.ml
> +++ b/builder/builder.ml
> @@ -282,7 +282,7 @@ let main () =
> match entry with
> (* New-style: Using a checksum. *)
> | { Index_parser.checksum_sha512 = Some csum } ->
> - Sigchecker.verify_checksum sigchecker (Sigchecker.SHA512 csum) template
> + Checksums.verify_checksum (Checksums.SHA512 csum) template
>
> | { Index_parser.checksum_sha512 = None } ->
> (* Old-style: detached signature. *)
> diff --git a/builder/checksums.ml b/builder/checksums.ml
> new file mode 100644
> index 0000000..73d541f
> --- /dev/null
> +++ b/builder/checksums.ml
> @@ -0,0 +1,51 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +open Common_gettext.Gettext
> +open Common_utils
> +
> +open Utils
> +
> +open Printf
> +
> +type csum_t =
> +| SHA512 of string
> +
> +let string_of_csum_t = function
> + | SHA512 _ -> "sha512"
> +
> +let string_of_csum = function
> + | SHA512 c -> c
> +
> +let verify_checksum csum filename =
> + let prog, csum_ref =
> + match csum with
> + | SHA512 c -> "sha512sum", c
> + in
> +
> + let cmd = sprintf "%s %s" prog (quote filename) in
> + if verbose () then printf "%s\n%!" cmd;
> + let lines = external_command cmd in
> + match lines with
> + | [] ->
> + error (f_"%s did not return any output") prog
> + | line :: _ ->
> + let csum_actual = fst (string_split " " line) in
> + if csum_ref <> csum_actual then
> + error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> + (string_of_csum_t csum) csum_actual csum_ref
> diff --git a/builder/checksums.mli b/builder/checksums.mli
> new file mode 100644
> index 0000000..6833879
> --- /dev/null
> +++ b/builder/checksums.mli
> @@ -0,0 +1,29 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +type csum_t =
> +| SHA512 of string
> +
> +val verify_checksum : csum_t -> string -> unit
> +(** Verify the checksum of the file. *)
> +
> +val string_of_csum_t : csum_t -> string
> +(** Return a string representation of the checksum type. *)
> +
> +val string_of_csum : csum_t -> string
> +(** Return a string representation of the checksum value. *)
> diff --git a/builder/index_parser.ml b/builder/index_parser.ml
> index aff0b00..abd685c 100644
> --- a/builder/index_parser.ml
> +++ b/builder/index_parser.ml
> @@ -79,7 +79,9 @@ let print_entry chan (name, { printable_name = printable_name;
> );
> (match checksum_sha512 with
> | None -> ()
> - | Some uri -> fp "checksum[sha512]=%s\n" uri
> + | Some uri ->
> + fp "checksum[%s]=%s\n"
> + (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
> );
> fp "revision=%d\n" revision;
> (match format with
> diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
> index 55db7af..cb9144f 100644
> --- a/builder/sigchecker.ml
> +++ b/builder/sigchecker.ml
> @@ -180,28 +180,3 @@ and do_verify t args =
> if not (equal_fingerprints !fingerprint t.fingerprint) then
> error (f_"fingerprint of signature does not match the expected fingerprint!\n found fingerprint: %s\n expected fingerprint: %s")
> !fingerprint t.fingerprint
> -
> -type csum_t = SHA512 of string
> -
> -let verify_checksum t (SHA512 csum) filename =
> - let csum_file = Filename.temp_file "vbcsum" ".txt" in
> - unlink_on_exit csum_file;
> - let cmd = sprintf "sha512sum %s | awk '{print $1}' > %s"
> - (quote filename) (quote csum_file) in
> - if verbose () then printf "%s\n%!" cmd;
> - let r = Sys.command cmd in
> - if r <> 0 then
> - error (f_"could not run sha512sum command to verify checksum");
> -
> - let csum_actual = read_whole_file csum_file in
> -
> - let csum_actual =
> - let len = String.length csum_actual in
> - if len > 0 && csum_actual.[len-1] = '\n' then
> - String.sub csum_actual 0 (len-1)
> - else
> - csum_actual in
> -
> - if csum <> csum_actual then
> - error (f_"checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> - csum_actual csum
> diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
> index b670957..47bf2a3 100644
> --- a/builder/sigchecker.mli
> +++ b/builder/sigchecker.mli
> @@ -26,9 +26,3 @@ val verify : t -> string -> unit
> val verify_detached : t -> string -> string option -> unit
> (** Verify the file is signed against the detached signature
> (if check_signature is true). *)
> -
> -type csum_t = SHA512 of string
> -
> -val verify_checksum : t -> csum_t -> string -> unit
> -(** Verify the checksum of the file. This is always verified even if
> - check_signature if false. *)
> diff --git a/po/POTFILES-ml b/po/POTFILES-ml
> index bfed0cf..ad52110 100644
> --- a/po/POTFILES-ml
> +++ b/po/POTFILES-ml
> @@ -1,5 +1,6 @@
> builder/builder.ml
> builder/cache.ml
> +builder/checksums.ml
> builder/cmdline.ml
> builder/downloader.ml
> builder/index_parser.ml
> --
> 2.1.0
Code motion - ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
More information about the Libguestfs
mailing list