[virt-tools-list] [PATCH libosinfo 1/3] Fill out media for all Ubuntu distros

Zeeshan Ali (Khattak) zeeshanak at gnome.org
Thu Feb 23 12:30:35 UTC 2012 

On Thu, Feb 23, 2012 at 12:01 PM, Daniel P. Berrange
<berrange at redhat.com> wrote:
> On Thu, Feb 23, 2012 at 01:44:35AM +0200, Zeeshan Ali (Khattak) wrote:
>> On Thu, Feb 23, 2012 at 1:25 AM, Daniel P. Berrange <berrange at redhat.com> wrote:
>> > On Thu, Feb 23, 2012 at 12:44:15AM +0200, Zeeshan Ali (Khattak) wrote:
>> >> On Tue, Feb 21, 2012 at 7:46 PM, Daniel P. Berrange <berrange at redhat.com> wrote:
>> >> > From: "Daniel P. Berrange" <berrange at redhat.com>
>> >>
>> >> I really should have paid more attention before ACKing some of the
>> >> patches. :) Here is the problem introduced by this one:
>> >>
>> >> > ---
>> >> >  data/oses/ubuntu.xml |  731 ++++++++++++++++++++++++++++++++++++++++++++++++--
>> >> >  1 files changed, 711 insertions(+), 20 deletions(-)
>> >> >
>> >> > diff --git a/data/oses/ubuntu.xml b/data/oses/ubuntu.xml
>> >> > index 78239f6..fb331a3 100644
>> >> > --- a/data/oses/ubuntu.xml
>> >> > +++ b/data/oses/ubuntu.xml
>> >> > @@ -6,6 +6,35 @@
>> >> >     <version>4.10</version>
>> >> >     <vendor>Canonical</vendor>
>> >> >     <family>Linux</family>
>> >> > +
>> >> > +    <media arch="i386">
>> >> > +      <url>http://old-releases.ubuntu.com/releases/warty/warty-release-install-i386.iso</url>
>> >> > +      <iso>
>> >> > +        <volume-id>Ubuntu 4.10 i386</volume-id>
>> >> > +        <system-id>LINUX</system-id>
>> >> > +      </iso>
>> >> > +      <kernel>casper/vmlinuz</kernel>
>> >> > +      <initrd>casper/initrd.img</initrd>
>> >> > +    </media>
>> >> ..
>> >> > +
>> >> > +    <media arch="i386" live="true" installer="false">
>> >> > +      <url>http://old-releases.ubuntu.com/releases/warty/warty-release-live-i386.iso</url>
>> >> > +      <iso>
>> >> > +        <volume-id>Ubuntu 4.10 i386</volume-id>
>> >> > +        <system-id>LINUX</system-id>
>> >> > +      </iso>
>> >> > +      <kernel>casper/vmlinuz</kernel>
>> >> > +      <initrd>casper/initrd.img</initrd>
>> >> > +    </media>
>> >>
>> >> With volume and system ID being identical for both medias, only the
>> >> first media will be matched against both types of medias. Same goes
>> >> for other medias you added in this patch. Wonder what could be a
>> >> solution here though. Perhaps detection code should check if there is
>> >> multiple matches and it there are, match basename of known URL against
>> >> that of media's patch?
>> >
>> > Yep, the name is about the only difference between them - all the ISO
>> > metadata is identical. The other thing I considered is to add an MD5
>> > checksum of the ISO file, which would trivially distinguish them,
>> > but I fear that would make it too unique.
>>
>> That might be a very good idea actually (Christophe was meaning to do
>> that any ways?) but calculation of md5 takes a very long time:
>>
>> $ time md5sum ~/ISOs/Fedora-16-x86_64-DVD.iso
>> bb38ea1fe4b2fc69e7a6e15cf1c69c91  /home/zeenix/ISOs/Fedora-16-x86_64-DVD.iso
>>
>> real  0m23.348s
>> user  0m9.276s
>> sys   0m1.654s
>>
>> so I'll recommend to restrict it to first N bytes, where we could
>> think/discuss the value of N but 1MiB should be good enough and takes
>> very little time:
>>
>> $ time dd if=~/ISOs/Fedora-16-x86_64-DVD.iso bs=1M count=1 2> /dev/null |md5sum
>> e25ea147176f24239d38a46f501bd25e  -
>>
>> real  0m0.011s
>> user  0m0.004s
>> sys   0m0.008s
>>
>> Actually if we start using md5sum for detection, we can pretty much
>> remove all other detection logic/extraction.
>
> Actually I really wouldn't want to remove the other logic - I think
> that a checksum could well be too strict, eliminating matches that
> should otherwise be allowed. I'd prefer just to use it to resolve
> ambiguity when we have multiple matches. A 1 MB checksum would very
> likely be sufficient here.
>
> I think we should also have a full checksum in the database to, so
> that if an app downloads a remote ISO based on an osinfo URL, it can
> verify the download is correct

Believe it or not, I had the same exact thought yesterday after
sending my previous mail but I didn't bother to get up from bed to
reply again thinking that Daniel will probably come to the same
conclusion. :)

> Some remote download sites actually provide checksum files, so it
> might be desirable to have either
>
>   <checksum url="http:/...."/>
>   <checksum value="XXXXXXXXXXXXXX"/>
>
> And once we do this kind of thing, we might also consider having a
> GPG signature URL too, for sites that publish those.

Didn't think of these but yeah, sounds good except that I think we
could do with just one checksum element per ISO:

<checksum url="http:/...."/>XXXXXX</checksum>

where "XXXXXX" code could just be "" if url is provided. Then we can
also add an attribute for md5 of first 1MiB:


<checksum url="http:/...." first-5-mib="YYYYY">XXXXXX</checksum>

Open to suggestion about better name for 'first-5-mib' here.

-- 
Regards,

Zeeshan Ali (Khattak)
FSF member#5124

More information about the virt-tools-list mailing list