[Libguestfs] [PATCH 02/10] builder: create and use a new Checksums module

Richard W.M. Jones rjones at redhat.com
Tue Jul 28 10:58:36 UTC 2015 

On Tue, Jul 28, 2015 at 11:24:42AM +0200, Pino Toscano wrote:
> Introduce a new Checksums module to handle the check of checksums,
> moving part of the Sigchecker code to it.
> 
> Adapt the rest of virt-builder to this new module.
> ---
>  builder/Makefile.am     |  2 ++
>  builder/builder.ml      |  2 +-
>  builder/checksums.ml    | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
>  builder/checksums.mli   | 29 ++++++++++++++++++++++++++++
>  builder/index_parser.ml |  4 +++-
>  builder/sigchecker.ml   | 25 ------------------------
>  builder/sigchecker.mli  |  6 ------
>  po/POTFILES-ml          |  1 +
>  8 files changed, 87 insertions(+), 33 deletions(-)
>  create mode 100644 builder/checksums.ml
>  create mode 100644 builder/checksums.mli
> 
> diff --git a/builder/Makefile.am b/builder/Makefile.am
> index 2413217..28afeee 100644
> --- a/builder/Makefile.am
> +++ b/builder/Makefile.am
> @@ -39,6 +39,7 @@ CLEANFILES = *~ *.annot *.cmi *.cmo *.cmx *.cmxa *.o virt-builder
>  SOURCES_MLI = \
>  	cache.mli \
>  	downloader.mli \
> +	checksums.mli \
>  	index_parser.mli \
>  	ini_reader.mli \
>  	languages.mli \
> @@ -52,6 +53,7 @@ SOURCES_ML = \
>  	utils.ml \
>  	pxzcat.ml \
>  	setlocale.ml \
> +	checksums.ml \
>  	ini_reader.ml \
>  	paths.ml \
>  	languages.ml \
> diff --git a/builder/builder.ml b/builder/builder.ml
> index d40ad8f..e4f40ef 100644
> --- a/builder/builder.ml
> +++ b/builder/builder.ml
> @@ -282,7 +282,7 @@ let main () =
>      match entry with
>      (* New-style: Using a checksum. *)
>      | { Index_parser.checksum_sha512 = Some csum } ->
> -      Sigchecker.verify_checksum sigchecker (Sigchecker.SHA512 csum) template
> +      Checksums.verify_checksum (Checksums.SHA512 csum) template
>  
>      | { Index_parser.checksum_sha512 = None } ->
>        (* Old-style: detached signature. *)
> diff --git a/builder/checksums.ml b/builder/checksums.ml
> new file mode 100644
> index 0000000..73d541f
> --- /dev/null
> +++ b/builder/checksums.ml
> @@ -0,0 +1,51 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +open Common_gettext.Gettext
> +open Common_utils
> +
> +open Utils
> +
> +open Printf
> +
> +type csum_t =
> +| SHA512 of string
> +
> +let string_of_csum_t = function
> +  | SHA512 _ -> "sha512"
> +
> +let string_of_csum = function
> +  | SHA512 c -> c
> +
> +let verify_checksum csum filename =
> +  let prog, csum_ref =
> +    match csum with
> +    | SHA512 c -> "sha512sum", c
> +  in
> +
> +  let cmd = sprintf "%s %s" prog (quote filename) in
> +  if verbose () then printf "%s\n%!" cmd;
> +  let lines = external_command cmd in
> +  match lines with
> +  | [] ->
> +    error (f_"%s did not return any output") prog
> +  | line :: _ ->
> +    let csum_actual = fst (string_split " " line) in
> +    if csum_ref <> csum_actual then
> +      error (f_"%s checksum of template did not match the expected checksum!\n  found checksum: %s\n  expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> +        (string_of_csum_t csum) csum_actual csum_ref
> diff --git a/builder/checksums.mli b/builder/checksums.mli
> new file mode 100644
> index 0000000..6833879
> --- /dev/null
> +++ b/builder/checksums.mli
> @@ -0,0 +1,29 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +type csum_t =
> +| SHA512 of string
> +
> +val verify_checksum : csum_t -> string -> unit
> +(** Verify the checksum of the file. *)
> +
> +val string_of_csum_t : csum_t -> string
> +(** Return a string representation of the checksum type. *)
> +
> +val string_of_csum : csum_t -> string
> +(** Return a string representation of the checksum value. *)
> diff --git a/builder/index_parser.ml b/builder/index_parser.ml
> index aff0b00..abd685c 100644
> --- a/builder/index_parser.ml
> +++ b/builder/index_parser.ml
> @@ -79,7 +79,9 @@ let print_entry chan (name, { printable_name = printable_name;
>    );
>    (match checksum_sha512 with
>    | None -> ()
> -  | Some uri -> fp "checksum[sha512]=%s\n" uri
> +  | Some uri ->
> +    fp "checksum[%s]=%s\n"
> +      (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
>    );
>    fp "revision=%d\n" revision;
>    (match format with
> diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
> index 55db7af..cb9144f 100644
> --- a/builder/sigchecker.ml
> +++ b/builder/sigchecker.ml
> @@ -180,28 +180,3 @@ and do_verify t args =
>    if not (equal_fingerprints !fingerprint t.fingerprint) then
>      error (f_"fingerprint of signature does not match the expected fingerprint!\n  found fingerprint: %s\n  expected fingerprint: %s")
>        !fingerprint t.fingerprint
> -
> -type csum_t = SHA512 of string
> -
> -let verify_checksum t (SHA512 csum) filename =
> -  let csum_file = Filename.temp_file "vbcsum" ".txt" in
> -  unlink_on_exit csum_file;
> -  let cmd = sprintf "sha512sum %s | awk '{print $1}' > %s"
> -    (quote filename) (quote csum_file) in
> -  if verbose () then printf "%s\n%!" cmd;
> -  let r = Sys.command cmd in
> -  if r <> 0 then
> -    error (f_"could not run sha512sum command to verify checksum");
> -
> -  let csum_actual = read_whole_file csum_file in
> -
> -  let csum_actual =
> -    let len = String.length csum_actual in
> -    if len > 0 && csum_actual.[len-1] = '\n' then
> -      String.sub csum_actual 0 (len-1)
> -    else
> -      csum_actual in
> -
> -  if csum <> csum_actual then
> -    error (f_"checksum of template did not match the expected checksum!\n  found checksum: %s\n  expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> -      csum_actual csum
> diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
> index b670957..47bf2a3 100644
> --- a/builder/sigchecker.mli
> +++ b/builder/sigchecker.mli
> @@ -26,9 +26,3 @@ val verify : t -> string -> unit
>  val verify_detached : t -> string -> string option -> unit
>  (** Verify the file is signed against the detached signature
>      (if check_signature is true). *)
> -
> -type csum_t = SHA512 of string
> -
> -val verify_checksum : t -> csum_t -> string -> unit
> -(** Verify the checksum of the file.  This is always verified even if
> -    check_signature if false. *)
> diff --git a/po/POTFILES-ml b/po/POTFILES-ml
> index bfed0cf..ad52110 100644
> --- a/po/POTFILES-ml
> +++ b/po/POTFILES-ml
> @@ -1,5 +1,6 @@
>  builder/builder.ml
>  builder/cache.ml
> +builder/checksums.ml
>  builder/cmdline.ml
>  builder/downloader.ml
>  builder/index_parser.ml
> -- 
> 2.1.0

Code motion - ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list