[Libguestfs] [PATCH 1/4] mllib: move Checksums from builder

Richard W.M. Jones rjones at redhat.com
Mon Oct 3 08:12:51 UTC 2016 

On Fri, Sep 30, 2016 at 11:30:59AM +0200, Pino Toscano wrote:
> Move the Checksums module from virt-builder mostly as it is; the only
> change is that on checksum mismatch an exception is raised rather than
> invoking "error" directly: this way users of verify_checksum &
> verify_checksums can do their own handling of the situation.
> ---
>  builder/Makefile.am   |  2 --
>  builder/builder.ml    |  6 +++++-
>  builder/checksums.ml  | 57 ---------------------------------------------------
>  builder/checksums.mli | 33 -----------------------------
>  mllib/Makefile.am     |  4 +++-
>  mllib/checksums.ml    | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  mllib/checksums.mli   | 35 +++++++++++++++++++++++++++++++
>  7 files changed, 99 insertions(+), 94 deletions(-)
>  delete mode 100644 builder/checksums.ml
>  delete mode 100644 builder/checksums.mli
>  create mode 100644 mllib/checksums.ml
>  create mode 100644 mllib/checksums.mli
> 
> diff --git a/builder/Makefile.am b/builder/Makefile.am
> index 7983223..5977d8b 100644
> --- a/builder/Makefile.am
> +++ b/builder/Makefile.am
> @@ -44,7 +44,6 @@ SOURCES_MLI = \
>  	cache.mli \
>  	cmdline.mli \
>  	downloader.mli \
> -	checksums.mli \
>  	index.mli \
>  	index_parser.mli \
>  	ini_reader.mli \
> @@ -61,7 +60,6 @@ SOURCES_ML = \
>  	utils.ml \
>  	pxzcat.ml \
>  	setlocale.ml \
> -	checksums.ml \
>  	index.ml \
>  	ini_reader.ml \
>  	yajl.ml \
> diff --git a/builder/builder.ml b/builder/builder.ml
> index fdbe659..799208a 100644
> --- a/builder/builder.ml
> +++ b/builder/builder.ml
> @@ -307,7 +307,11 @@ let main () =
>      match entry with
>      (* New-style: Using a checksum. *)
>      | { Index.checksums = Some csums } ->
> -      Checksums.verify_checksums csums template
> +      (try Checksums.verify_checksums csums template
> +      with Checksums.Mismatched_checksum (csum, csum_actual) ->
> +        error (f_"%s checksum of template did not match the expected checksum!\n  found checksum: %s\n  expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> +          (Checksums.string_of_csum_t csum) csum_actual (Checksums.string_of_csum csum)
> +      )
>  
>      | { Index.checksums = None } ->
>        (* Old-style: detached signature. *)
> diff --git a/builder/checksums.ml b/builder/checksums.ml
> deleted file mode 100644
> index c8cdc98..0000000
> --- a/builder/checksums.ml
> +++ /dev/null
> @@ -1,57 +0,0 @@
> -(* virt-builder
> - * Copyright (C) 2015 Red Hat Inc.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License along
> - * with this program; if not, write to the Free Software Foundation, Inc.,
> - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> - *)
> -
> -open Common_gettext.Gettext
> -open Common_utils
> -
> -open Utils
> -
> -open Printf
> -
> -type csum_t =
> -| SHA256 of string
> -| SHA512 of string
> -
> -let string_of_csum_t = function
> -  | SHA256 _ -> "sha256"
> -  | SHA512 _ -> "sha512"
> -
> -let string_of_csum = function
> -  | SHA256 c -> c
> -  | SHA512 c -> c
> -
> -let verify_checksum csum filename =
> -  let prog, csum_ref =
> -    match csum with
> -    | SHA256 c -> "sha256sum", c
> -    | SHA512 c -> "sha512sum", c
> -  in
> -
> -  let cmd = sprintf "%s %s" prog (quote filename) in
> -  let lines = external_command cmd in
> -  match lines with
> -  | [] ->
> -    error (f_"%s did not return any output") prog
> -  | line :: _ ->
> -    let csum_actual = fst (String.split " " line) in
> -    if csum_ref <> csum_actual then
> -      error (f_"%s checksum of template did not match the expected checksum!\n  found checksum: %s\n  expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!")
> -        (string_of_csum_t csum) csum_actual csum_ref
> -
> -let verify_checksums checksums filename =
> -  List.iter (fun c -> verify_checksum c filename) checksums
> diff --git a/builder/checksums.mli b/builder/checksums.mli
> deleted file mode 100644
> index ef26634..0000000
> --- a/builder/checksums.mli
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -(* virt-builder
> - * Copyright (C) 2015 Red Hat Inc.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License along
> - * with this program; if not, write to the Free Software Foundation, Inc.,
> - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> - *)
> -
> -type csum_t =
> -| SHA256 of string
> -| SHA512 of string
> -
> -val verify_checksum : csum_t -> string -> unit
> -(** Verify the checksum of the file. *)
> -
> -val verify_checksums : csum_t list -> string -> unit
> -(** Verify all the checksums of the file. *)
> -
> -val string_of_csum_t : csum_t -> string
> -(** Return a string representation of the checksum type. *)
> -
> -val string_of_csum : csum_t -> string
> -(** Return a string representation of the checksum value. *)
> diff --git a/mllib/Makefile.am b/mllib/Makefile.am
> index 489529a..f100b2f 100644
> --- a/mllib/Makefile.am
> +++ b/mllib/Makefile.am
> @@ -27,6 +27,7 @@ EXTRA_DIST = \
>  	test-getopt.sh
>  
>  SOURCES_MLI = \
> +	checksums.mli \
>  	common_utils.mli \
>  	curl.mli \
>  	dev_t.mli \
> @@ -60,7 +61,8 @@ SOURCES_ML = \
>  	StatVFS.ml \
>  	JSON.ml \
>  	curl.ml \
> -	exit.ml
> +	exit.ml \
> +	checksums.ml
>  
>  SOURCES_C = \
>  	../fish/decrypt.c \
> diff --git a/mllib/checksums.ml b/mllib/checksums.ml
> new file mode 100644
> index 0000000..918a1c2
> --- /dev/null
> +++ b/mllib/checksums.ml
> @@ -0,0 +1,56 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +open Common_gettext.Gettext
> +open Common_utils
> +
> +open Printf
> +
> +type csum_t =
> +| SHA256 of string
> +| SHA512 of string
> +
> +exception Mismatched_checksum of (csum_t * string)
> +
> +let string_of_csum_t = function
> +  | SHA256 _ -> "sha256"
> +  | SHA512 _ -> "sha512"
> +
> +let string_of_csum = function
> +  | SHA256 c -> c
> +  | SHA512 c -> c
> +
> +let verify_checksum csum filename =
> +  let prog, csum_ref =
> +    match csum with
> +    | SHA256 c -> "sha256sum", c
> +    | SHA512 c -> "sha512sum", c
> +  in
> +
> +  let cmd = sprintf "%s %s" prog (Filename.quote filename) in
> +  let lines = external_command cmd in
> +  match lines with
> +  | [] ->
> +    error (f_"%s did not return any output") prog
> +  | line :: _ ->
> +    let csum_actual = fst (String.split " " line) in
> +    if csum_ref <> csum_actual then
> +      raise (Mismatched_checksum (csum, csum_actual))
> +
> +let verify_checksums checksums filename =
> +  List.iter (fun c -> verify_checksum c filename) checksums
> diff --git a/mllib/checksums.mli b/mllib/checksums.mli
> new file mode 100644
> index 0000000..202bdd1
> --- /dev/null
> +++ b/mllib/checksums.mli
> @@ -0,0 +1,35 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +type csum_t =
> +| SHA256 of string
> +| SHA512 of string
> +
> +exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *)
> +
> +val verify_checksum : csum_t -> string -> unit
> +(** Verify the checksum of the file. *)
> +
> +val verify_checksums : csum_t list -> string -> unit
> +(** Verify all the checksums of the file. *)
> +
> +val string_of_csum_t : csum_t -> string
> +(** Return a string representation of the checksum type. *)
> +
> +val string_of_csum : csum_t -> string
> +(** Return a string representation of the checksum value. *)
> -- 
> 2.7.4

ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list