This will add in disk signature support for ISV's and others folks that
wish to verify the disk has not been altered prior to running
virt-image. Supports md5 and sha1signatures.
Sample image.xml attached
diff -r 58a909b4f71c doc/image.rng
--- a/doc/image.rng Mon Sep 22 11:32:11 2008 -0400
+++ b/doc/image.rng Wed Sep 24 13:56:34 2008 -0400
@@ -197,6 +197,14 @@
</choice>
</attribute>
</optional>
+ <optional>
+ <element name="checksum">
+ <attribute name="type">
+ <value>sha1</value>
+ </attribute>
+ <text/>
+ </element>
+ </optional>
</element>
</oneOrMore>
</define>
diff -r 58a909b4f71c virt-image
--- a/virt-image Mon Sep 22 11:32:11 2008 -0400
+++ b/virt-image Wed Sep 24 13:56:34 2008 -0400
@@ -97,6 +97,8 @@
help=_("Number of vcpus to configure for your guest"))
parser.add_option("", "--check-cpu", action="store_true", dest="check_cpu",
help=_("Check that vcpus do not exceed physical CPUs and warn if they do."))
+ parser.add_option("", "--checksum-ignore", action="store_true", dest="checksum_ignore",
+ help=_("Ignore unmatching checksum values for disk signatures."))
# network options
parser.add_option("-m", "--mac", type="string",
@@ -188,6 +190,10 @@
# now let's get some of the common questions out of the way
get_name(options.name, image.name, guest)
get_memory(options.memory, image.domain.memory, guest)
+
+ if not options.checksum_ignore:
+ cli.check_disk_signature(image,guest)
+
cli.get_uuid(options.uuid, guest)
get_vcpus(options.vcpus, image.domain.vcpu, options.check_cpu,
guest, conn)
diff -r 58a909b4f71c virtinst/ImageParser.py
--- a/virtinst/ImageParser.py Mon Sep 22 11:32:11 2008 -0400
+++ b/virtinst/ImageParser.py Wed Sep 24 13:56:34 2008 -0400
@@ -213,7 +213,8 @@
self.format = xpathString(node, "@format", Disk.FORMAT_RAW)
self.size = xpathString(node, "@size")
self.use = xpathString(node, "@use", Disk.USE_SYSTEM)
-
+ self.checksum = xpathString(node, "checksum")
+ self.checksumtype = xpathString(node, "checksum/@type")
formats = [Disk.FORMAT_RAW, Disk.FORMAT_QCOW, Disk.FORMAT_QCOW2, Disk.FORMAT_VMDK, Disk.FORMAT_ISO]
validate (formats.count(self.format) > 0,
_("The format for disk %s must be one of %s") %
diff -r 58a909b4f71c virtinst/cli.py
--- a/virtinst/cli.py Mon Sep 22 11:32:11 2008 -0400
+++ b/virtinst/cli.py Wed Sep 24 13:56:34 2008 -0400
@@ -352,6 +352,27 @@
if sound:
guest.sound_devs.append(VirtualAudio(model="es1370"))
+def check_disk_signature(image,guest):
+ i = 0
+ disks = {}
+ for k in image.storage.keys():
+ disks[i] = image.storage[k]
+ if disks[i].checksumtype == "sha1" or disks[i].checksumtype == "md5" and not None:
+ checksum = os.popen("/usr/bin/%ssum %s|awk {'print $1'}" % (disks[i].checksumtype,disks[i].file))
+ print _("\n\nChecking disk signature for: %s...") % disks[i].file
+ checksum = checksum.read().strip()
+ if checksum != disks[i].checksum:
+ fail(_("Disk signature for %s does not match \n Expected: %s \n Received: %s\n\n To override the signature check add the --checksum-ignore option" % (disks[i].file,disks[i].checksum,checksum)))
+ else:
+ continue
+ i = i + 1
+ else:
+ if disks[i].checksumtype is None:
+ continue
+ else:
+ fail(_("\"%s\" is an invalid disk signature type for %s" % (disks[i].checksumtype,disks[i].file)))
+ return
+
### Option parsing
def check_before_store(option, opt_str, value, parser):
if len(value) == 0:
<image>
<name>test-appliance</name>
<label>A simple test appliance</label>
<domain>
<boot type='xen'>
<guest>
<arch>i686</arch>
<features><pae/></features>
</guest>
<os>
<kernel>vmlinuz-2.6.18-8.el5xen</kernel>
<cmdline>ro root=/dev/xvda2 selinux=0 3</cmdline>
</os>
<drive disk="root.raw" target="xvda"/>
<drive disk="data.raw" target="xvdb"/>
<drive disk="scratch.raw" target="xvdc"/>
</boot>
<boot type="hvm">
<guest>
<arch>i686</arch>
<features><pae/></features>
</guest>
<os>
<loader dev="hd"/>
</os>
<drive disk="root.raw" target="hda"/>
<drive disk="data.raw" target="hdb"/>
<drive disk="scratch.raw" target="hdd"/>
</boot>
<devices>
<vcpu>7</vcpu>
<memory>262144</memory>
<interface/>
<graphics/>
</devices>
</domain>
<storage>
<disk file="root.raw" format="raw" size="4096" use="system">
<checksum type="sha1">0a86ef9d2e3bbc87a809a7f7e1d6d105b2f0089c</checksum>
</disk>
<disk file="data.raw" format="raw" size='2048' use="user">
<checksum type="sha1">84724eae0e611fedfc01955194c082719d1d593e</checksum>
</disk>
<disk file="scratch.raw" format="raw" size='100' use='scratch'/>
</storage>
</image>
_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools