On Tue, Jul 28, 2015 at 11:24:42AM +0200, Pino Toscano wrote:
Introduce a new Checksums module to handle the check of checksums,
moving part of the Sigchecker code to it.
Adapt the rest of virt-builder to this new module.
---
builder/Makefile.am | 2 ++
builder/builder.ml | 2 +-
builder/checksums.ml | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
builder/checksums.mli | 29 ++++++++++++++++++++++++++++
builder/index_parser.ml | 4 +++-
builder/sigchecker.ml | 25 ------------------------
builder/sigchecker.mli | 6 ------
po/POTFILES-ml | 1 +
8 files changed, 87 insertions(+), 33 deletions(-)
create mode 100644 builder/checksums.ml
create mode 100644 builder/checksums.mli
diff --git a/builder/Makefile.am b/builder/Makefile.am
index 2413217..28afeee 100644
--- a/builder/Makefile.am
+++ b/builder/Makefile.am
@@ -39,6 +39,7 @@ CLEANFILES = *~ *.annot *.cmi *.cmo *.cmx *.cmxa *.o virt-builder
SOURCES_MLI = \
cache.mli \
downloader.mli \
+ checksums.mli \
index_parser.mli \
ini_reader.mli \
languages.mli \
@@ -52,6 +53,7 @@ SOURCES_ML = \
utils.ml \
pxzcat.ml \
setlocale.ml \
+ checksums.ml \
ini_reader.ml \
paths.ml \
languages.ml \
diff --git a/builder/builder.ml b/builder/builder.ml
index d40ad8f..e4f40ef 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -282,7 +282,7 @@ let main () =
match entry with
(* New-style: Using a checksum. *)
| { Index_parser.checksum_sha512 = Some csum } ->
- Sigchecker.verify_checksum sigchecker (Sigchecker.SHA512 csum) template
+ Checksums.verify_checksum (Checksums.SHA512 csum) template
| { Index_parser.checksum_sha512 = None } ->
(* Old-style: detached signature. *)
diff --git a/builder/checksums.ml b/builder/checksums.ml
new file mode 100644
index 0000000..73d541f
--- /dev/null
+++ b/builder/checksums.ml
@@ -0,0 +1,51 @@
+(* virt-builder
+ * Copyright (C) 2015 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Common_gettext.Gettext
+open Common_utils
+
+open Utils
+
+open Printf
+
+type csum_t =
+| SHA512 of string
+
+let string_of_csum_t = function
+ | SHA512 _ -> "sha512"
+
+let string_of_csum = function
+ | SHA512 c -> c
+
+let verify_checksum csum filename =
+ let prog, csum_ref =
+ match csum with
+ | SHA512 c -> "sha512sum", c
+ in
+
+ let cmd = sprintf "%s %s" prog (quote filename) in
+ if verbose () then printf "%s\n%!" cmd;
+ let lines = external_command cmd in
+ match lines with
+ | [] ->
+ error (f_"%s did not return any output") prog
+ | line :: _ ->
+ let csum_actual = fst (string_split " " line) in
+ if csum_ref <> csum_actual then
+ error (f_"%s checksum of template did not match the expected checksum!\n
found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look
for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no
one has tampered with the website or your network!")
+ (string_of_csum_t csum) csum_actual csum_ref
diff --git a/builder/checksums.mli b/builder/checksums.mli
new file mode 100644
index 0000000..6833879
--- /dev/null
+++ b/builder/checksums.mli
@@ -0,0 +1,29 @@
+(* virt-builder
+ * Copyright (C) 2015 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+type csum_t =
+| SHA512 of string
+
+val verify_checksum : csum_t -> string -> unit
+(** Verify the checksum of the file. *)
+
+val string_of_csum_t : csum_t -> string
+(** Return a string representation of the checksum type. *)
+
+val string_of_csum : csum_t -> string
+(** Return a string representation of the checksum value. *)
diff --git a/builder/index_parser.ml b/builder/index_parser.ml
index aff0b00..abd685c 100644
--- a/builder/index_parser.ml
+++ b/builder/index_parser.ml
@@ -79,7 +79,9 @@ let print_entry chan (name, { printable_name = printable_name;
);
(match checksum_sha512 with
| None -> ()
- | Some uri -> fp "checksum[sha512]=%s\n" uri
+ | Some uri ->
+ fp "checksum[%s]=%s\n"
+ (Checksums.string_of_csum_t (Checksums.SHA512 uri)) uri
);
fp "revision=%d\n" revision;
(match format with
diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
index 55db7af..cb9144f 100644
--- a/builder/sigchecker.ml
+++ b/builder/sigchecker.ml
@@ -180,28 +180,3 @@ and do_verify t args =
if not (equal_fingerprints !fingerprint t.fingerprint) then
error (f_"fingerprint of signature does not match the expected fingerprint!\n
found fingerprint: %s\n expected fingerprint: %s")
!fingerprint t.fingerprint
-
-type csum_t = SHA512 of string
-
-let verify_checksum t (SHA512 csum) filename =
- let csum_file = Filename.temp_file "vbcsum" ".txt" in
- unlink_on_exit csum_file;
- let cmd = sprintf "sha512sum %s | awk '{print $1}' > %s"
- (quote filename) (quote csum_file) in
- if verbose () then printf "%s\n%!" cmd;
- let r = Sys.command cmd in
- if r <> 0 then
- error (f_"could not run sha512sum command to verify checksum");
-
- let csum_actual = read_whole_file csum_file in
-
- let csum_actual =
- let len = String.length csum_actual in
- if len > 0 && csum_actual.[len-1] = '\n' then
- String.sub csum_actual 0 (len-1)
- else
- csum_actual in
-
- if csum <> csum_actual then
- error (f_"checksum of template did not match the expected checksum!\n found
checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for
earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one
has tampered with the website or your network!")
- csum_actual csum
diff --git a/builder/sigchecker.mli b/builder/sigchecker.mli
index b670957..47bf2a3 100644
--- a/builder/sigchecker.mli
+++ b/builder/sigchecker.mli
@@ -26,9 +26,3 @@ val verify : t -> string -> unit
val verify_detached : t -> string -> string option -> unit
(** Verify the file is signed against the detached signature
(if check_signature is true). *)
-
-type csum_t = SHA512 of string
-
-val verify_checksum : t -> csum_t -> string -> unit
-(** Verify the checksum of the file. This is always verified even if
- check_signature if false. *)
diff --git a/po/POTFILES-ml b/po/POTFILES-ml
index bfed0cf..ad52110 100644
--- a/po/POTFILES-ml
+++ b/po/POTFILES-ml
@@ -1,5 +1,6 @@
builder/builder.ml
builder/cache.ml
+builder/checksums.ml
builder/cmdline.ml
builder/downloader.ml
builder/index_parser.ml
--
2.1.0
Code motion - ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html