[PATCH] virtinst adding in disk signature support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This will add in disk signature support for ISV's and others folks that wish to verify the disk has not been altered prior to running virt-image. Supports md5 and sha1signatures. 

Sample image.xml attached



diff -r 58a909b4f71c doc/image.rng
--- a/doc/image.rng	Mon Sep 22 11:32:11 2008 -0400
+++ b/doc/image.rng	Wed Sep 24 13:56:34 2008 -0400
@@ -197,6 +197,14 @@
             </choice>
           </attribute>
         </optional>
+        <optional>
+          <element name="checksum">
+            <attribute name="type">
+              <value>sha1</value>
+            </attribute>
+            <text/>
+          </element>
+        </optional>
       </element>
     </oneOrMore>
   </define>
diff -r 58a909b4f71c virt-image
--- a/virt-image	Mon Sep 22 11:32:11 2008 -0400
+++ b/virt-image	Wed Sep 24 13:56:34 2008 -0400
@@ -97,6 +97,8 @@
                       help=_("Number of vcpus to configure for your guest"))
     parser.add_option("", "--check-cpu", action="store_true", dest="check_cpu",
                       help=_("Check that vcpus do not exceed physical CPUs and warn if they do."))
+    parser.add_option("", "--checksum-ignore", action="store_true", dest="checksum_ignore",
+                      help=_("Ignore unmatching checksum values for disk signatures."))
 
     # network options
     parser.add_option("-m", "--mac", type="string",
@@ -188,6 +190,10 @@
     # now let's get some of the common questions out of the way
     get_name(options.name, image.name, guest)
     get_memory(options.memory, image.domain.memory, guest)
+
+    if not options.checksum_ignore:
+        cli.check_disk_signature(image,guest)
+
     cli.get_uuid(options.uuid, guest)
     get_vcpus(options.vcpus, image.domain.vcpu, options.check_cpu,
               guest, conn)
diff -r 58a909b4f71c virtinst/ImageParser.py
--- a/virtinst/ImageParser.py	Mon Sep 22 11:32:11 2008 -0400
+++ b/virtinst/ImageParser.py	Wed Sep 24 13:56:34 2008 -0400
@@ -213,7 +213,8 @@
         self.format = xpathString(node, "@format", Disk.FORMAT_RAW)
         self.size = xpathString(node, "@size")
         self.use = xpathString(node, "@use", Disk.USE_SYSTEM)
-
+        self.checksum = xpathString(node, "checksum") 
+        self.checksumtype = xpathString(node, "checksum/@type")
         formats = [Disk.FORMAT_RAW, Disk.FORMAT_QCOW, Disk.FORMAT_QCOW2, Disk.FORMAT_VMDK, Disk.FORMAT_ISO]
         validate (formats.count(self.format) > 0,
                   _("The format for disk %s must be one of %s") %
diff -r 58a909b4f71c virtinst/cli.py
--- a/virtinst/cli.py	Mon Sep 22 11:32:11 2008 -0400
+++ b/virtinst/cli.py	Wed Sep 24 13:56:34 2008 -0400
@@ -352,6 +352,27 @@
     if sound:
         guest.sound_devs.append(VirtualAudio(model="es1370"))
 
+def check_disk_signature(image,guest):
+    i = 0
+    disks = {}
+    for k in image.storage.keys():
+        disks[i] = image.storage[k]
+        if disks[i].checksumtype == "sha1" or disks[i].checksumtype == "md5" and not None:
+            checksum = os.popen("/usr/bin/%ssum %s|awk {'print $1'}" % (disks[i].checksumtype,disks[i].file))
+            print _("\n\nChecking disk signature for: %s...") % disks[i].file 
+            checksum = checksum.read().strip()
+            if checksum != disks[i].checksum:
+                fail(_("Disk signature for %s does not match \n Expected: %s \n Received: %s\n\n To override the signature check add the --checksum-ignore option" % (disks[i].file,disks[i].checksum,checksum)))
+            else:
+                continue
+            i = i + 1
+        else:
+            if disks[i].checksumtype is None:
+                continue
+            else:
+                fail(_("\"%s\" is an invalid disk signature type for %s" % (disks[i].checksumtype,disks[i].file)))
+    return
+
 ### Option parsing
 def check_before_store(option, opt_str, value, parser):
     if len(value) == 0:

<image>
  <name>test-appliance</name>
  <label>A simple test appliance</label>
  <domain>
    <boot type='xen'>
      <guest>
        <arch>i686</arch>
        <features><pae/></features>
      </guest>
      <os>
        <kernel>vmlinuz-2.6.18-8.el5xen</kernel>
        <cmdline>ro root=/dev/xvda2 selinux=0 3</cmdline>
      </os>
      <drive disk="root.raw" target="xvda"/>
      <drive disk="data.raw" target="xvdb"/>
      <drive disk="scratch.raw" target="xvdc"/>
    </boot>
    <boot type="hvm">
      <guest>
        <arch>i686</arch>
        <features><pae/></features>
      </guest>
      <os>
        <loader dev="hd"/>
      </os>
      <drive disk="root.raw" target="hda"/>
      <drive disk="data.raw" target="hdb"/>
      <drive disk="scratch.raw" target="hdd"/>
    </boot>
    <devices>
      <vcpu>7</vcpu>
      <memory>262144</memory>
      <interface/>
      <graphics/>
    </devices>
  </domain>
  <storage>
    <disk file="root.raw" format="raw" size="4096" use="system">
      <checksum type="sha1">0a86ef9d2e3bbc87a809a7f7e1d6d105b2f0089c</checksum>
    </disk>
    <disk file="data.raw" format="raw" size='2048' use="user">
      <checksum type="sha1">84724eae0e611fedfc01955194c082719d1d593e</checksum>
    </disk>
    <disk file="scratch.raw" format="raw" size='100' use='scratch'/>
  </storage>
</image>

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
[Index of Archives]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux