[Libguestfs] [PATCH 04/10] builder: internally use a list of checksums for indexes

Richard W.M. Jones rjones at redhat.com
Tue Jul 28 11:02:57 UTC 2015 

On Tue, Jul 28, 2015 at 11:24:44AM +0200, Pino Toscano wrote:
> Extend Index_parser.entry to hold a list of checksums to validate, and
> validate all of them.
> 
> This does change nothing currently, as only sha512 is read, while still
> allowing us to fetch more checksums if needed.
> ---
>  builder/builder.ml       |  6 +++---
>  builder/checksums.ml     |  3 +++
>  builder/checksums.mli    |  3 +++
>  builder/index_parser.ml  | 22 +++++++++++++++-------
>  builder/index_parser.mli |  2 +-
>  5 files changed, 25 insertions(+), 11 deletions(-)
> 
> diff --git a/builder/builder.ml b/builder/builder.ml
> index e4f40ef..6f2b4bd 100644
> --- a/builder/builder.ml
> +++ b/builder/builder.ml
> @@ -281,10 +281,10 @@ let main () =
>    let () =
>      match entry with
>      (* New-style: Using a checksum. *)
> -    | { Index_parser.checksum_sha512 = Some csum } ->
> -      Checksums.verify_checksum (Checksums.SHA512 csum) template
> +    | { Index_parser.checksums = Some csums } ->
> +      Checksums.verify_checksums csums template
>  
> -    | { Index_parser.checksum_sha512 = None } ->
> +    | { Index_parser.checksums = None } ->
>        (* Old-style: detached signature. *)
>        let sigfile =
>          match entry with
> diff --git a/builder/checksums.ml b/builder/checksums.ml
> index 25b3328..5663832 100644
> --- a/builder/checksums.ml
> +++ b/builder/checksums.ml
> @@ -53,3 +53,6 @@ let verify_checksum csum filename =
>      if csum_ref <> csum_actual then
>        error (f_"%s checksum of template did not match the expected checksum!\n  found checksum: %s\n  expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
>          (string_of_csum_t csum) csum_actual csum_ref
> +
> +let verify_checksums checksums filename =
> +  List.iter (fun c -> verify_checksum c filename) checksums
> diff --git a/builder/checksums.mli b/builder/checksums.mli
> index 4dc9dc0..ef26634 100644
> --- a/builder/checksums.mli
> +++ b/builder/checksums.mli
> @@ -23,6 +23,9 @@ type csum_t =
>  val verify_checksum : csum_t -> string -> unit
>  (** Verify the checksum of the file. *)
>  
> +val verify_checksums : csum_t list -> string -> unit
> +(** Verify all the checksums of the file. *)
> +
>  val string_of_csum_t : csum_t -> string
>  (** Return a string representation of the checksum type. *)
>  
> diff --git a/builder/index_parser.ml b/builder/index_parser.ml
> index abd685c..1164ab5 100644
> --- a/builder/index_parser.ml
> +++ b/builder/index_parser.ml
> @@ -31,7 +31,7 @@ and entry = {
>    file_uri : string;
>    arch : string;
>    signature_uri : string option;        (* deprecated, will be removed in 1.26 *)
> -  checksum_sha512 : string option;
> +  checksums : Checksums.csum_t list option;
>    revision : int;
>    format : string option;
>    size : int64;
> @@ -51,7 +51,7 @@ let print_entry chan (name, { printable_name = printable_name;
>                                arch = arch;
>                                osinfo = osinfo;
>                                signature_uri = signature_uri;
> -                              checksum_sha512 = checksum_sha512;
> +                              checksums = checksums;
>                                revision = revision;
>                                format = format;
>                                size = size;
> @@ -77,11 +77,14 @@ let print_entry chan (name, { printable_name = printable_name;
>    | None -> ()
>    | Some uri -> fp "sig=%s\n" uri
>    );
> -  (match checksum_sha512 with
> +  (match checksums with
>    | None -> ()
> -  | Some uri ->
> -    fp "checksum[%s]=%s\n"
> -      (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
> +  | Some checksums ->
> +    List.iter (
> +      fun c ->
> +        fp "checksum[%s]=%s\n"
> +          (Checksums.string_of_csum_t c) (Checksums.string_of_csum c)
> +    ) checksums
>    );
>    fp "revision=%d\n" revision;
>    (match format with
> @@ -260,12 +263,17 @@ let get_index ~downloader ~sigchecker
>              | [] -> None
>              | l -> Some l in
>  
> +          let checksums =
> +            match checksum_sha512 with
> +            | Some c -> Some [Checksums.SHA512 c]
> +            | None -> None in
> +
>            let entry = { printable_name = printable_name;
>                          osinfo = osinfo;
>                          file_uri = file_uri;
>                          arch = arch;
>                          signature_uri = signature_uri;
> -                        checksum_sha512 = checksum_sha512;
> +                        checksums = checksums;
>                          revision = revision;
>                          format = format;
>                          size = size;
> diff --git a/builder/index_parser.mli b/builder/index_parser.mli
> index 2e6ba77..f5b98b7 100644
> --- a/builder/index_parser.mli
> +++ b/builder/index_parser.mli
> @@ -23,7 +23,7 @@ and entry = {
>    file_uri : string;
>    arch : string;
>    signature_uri : string option;        (* deprecated, will be removed in 1.26 *)
> -  checksum_sha512 : string option;
> +  checksums : Checksums.csum_t list option;
>    revision : int;
>    format : string option;
>    size : int64;

Straightforward refactoring, ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list