On Tue, Jul 28, 2015 at 11:24:44AM +0200, Pino Toscano wrote:
Extend Index_parser.entry to hold a list of checksums to validate,
and
validate all of them.
This does change nothing currently, as only sha512 is read, while still
allowing us to fetch more checksums if needed.
---
builder/builder.ml | 6 +++---
builder/checksums.ml | 3 +++
builder/checksums.mli | 3 +++
builder/index_parser.ml | 22 +++++++++++++++-------
builder/index_parser.mli | 2 +-
5 files changed, 25 insertions(+), 11 deletions(-)
diff --git a/builder/builder.ml b/builder/builder.ml
index e4f40ef..6f2b4bd 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -281,10 +281,10 @@ let main () =
let () =
match entry with
(* New-style: Using a checksum. *)
- | { Index_parser.checksum_sha512 = Some csum } ->
- Checksums.verify_checksum (Checksums.SHA512 csum) template
+ | { Index_parser.checksums = Some csums } ->
+ Checksums.verify_checksums csums template
- | { Index_parser.checksum_sha512 = None } ->
+ | { Index_parser.checksums = None } ->
(* Old-style: detached signature. *)
let sigfile =
match entry with
diff --git a/builder/checksums.ml b/builder/checksums.ml
index 25b3328..5663832 100644
--- a/builder/checksums.ml
+++ b/builder/checksums.ml
@@ -53,3 +53,6 @@ let verify_checksum csum filename =
if csum_ref <> csum_actual then
error (f_"%s checksum of template did not match the expected checksum!\n
found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look
for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no
one has tampered with the website or your network!")
(string_of_csum_t csum) csum_actual csum_ref
+
+let verify_checksums checksums filename =
+ List.iter (fun c -> verify_checksum c filename) checksums
diff --git a/builder/checksums.mli b/builder/checksums.mli
index 4dc9dc0..ef26634 100644
--- a/builder/checksums.mli
+++ b/builder/checksums.mli
@@ -23,6 +23,9 @@ type csum_t =
val verify_checksum : csum_t -> string -> unit
(** Verify the checksum of the file. *)
+val verify_checksums : csum_t list -> string -> unit
+(** Verify all the checksums of the file. *)
+
val string_of_csum_t : csum_t -> string
(** Return a string representation of the checksum type. *)
diff --git a/builder/index_parser.ml b/builder/index_parser.ml
index abd685c..1164ab5 100644
--- a/builder/index_parser.ml
+++ b/builder/index_parser.ml
@@ -31,7 +31,7 @@ and entry = {
file_uri : string;
arch : string;
signature_uri : string option; (* deprecated, will be removed in 1.26 *)
- checksum_sha512 : string option;
+ checksums : Checksums.csum_t list option;
revision : int;
format : string option;
size : int64;
@@ -51,7 +51,7 @@ let print_entry chan (name, { printable_name = printable_name;
arch = arch;
osinfo = osinfo;
signature_uri = signature_uri;
- checksum_sha512 = checksum_sha512;
+ checksums = checksums;
revision = revision;
format = format;
size = size;
@@ -77,11 +77,14 @@ let print_entry chan (name, { printable_name = printable_name;
| None -> ()
| Some uri -> fp "sig=%s\n" uri
);
- (match checksum_sha512 with
+ (match checksums with
| None -> ()
- | Some uri ->
- fp "checksum[%s]=%s\n"
- (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
+ | Some checksums ->
+ List.iter (
+ fun c ->
+ fp "checksum[%s]=%s\n"
+ (Checksums.string_of_csum_t c) (Checksums.string_of_csum c)
+ ) checksums
);
fp "revision=%d\n" revision;
(match format with
@@ -260,12 +263,17 @@ let get_index ~downloader ~sigchecker
| [] -> None
| l -> Some l in
+ let checksums =
+ match checksum_sha512 with
+ | Some c -> Some [Checksums.SHA512 c]
+ | None -> None in
+
let entry = { printable_name = printable_name;
osinfo = osinfo;
file_uri = file_uri;
arch = arch;
signature_uri = signature_uri;
- checksum_sha512 = checksum_sha512;
+ checksums = checksums;
revision = revision;
format = format;
size = size;
diff --git a/builder/index_parser.mli b/builder/index_parser.mli
index 2e6ba77..f5b98b7 100644
--- a/builder/index_parser.mli
+++ b/builder/index_parser.mli
@@ -23,7 +23,7 @@ and entry = {
file_uri : string;
arch : string;
signature_uri : string option; (* deprecated, will be removed in 1.26 *)
- checksum_sha512 : string option;
+ checksums : Checksums.csum_t list option;
revision : int;
format : string option;
size : int64;
Straightforward refactoring, ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html