Glenn Lagasse wrote:
> Hi All,
>
> I'd like to get some thoughts on a proposal to address 5265. Based on
> some earlier feedback I've received from Dave and Karen, I'm proposing
> to address 5265 thusly:
>
> Create two new keys in the DC manifest called checksum_iso and
> checksum_usb. They will specify one value, true or false. Then I will
> modify the create_iso and create_usb finalizer scripts to check for
> these values and compute checksums (for any values of true) for the
> images using a pre-defined set of checksum algorithims (at the moment I
> think MD5, SHA-1 and SHA-256 are probably more than sufficient). This
> gets us a range of image hashes with varying levels of security.
>
> My original thought was to create keys in the DC manifest so that the
> user could specify checksum types to generate for various media that a
> new finalizer step would process. So something like:
>
> <iso_checksums>
> <cksum type="md5"/>
> </iso_checksums>
> <usb_checksums>
> <cksum type="md5"/>
> <cksum type="sha1"/>
> </usb_checksums>
>
> However, while this approach is more flexible in terms of being able to
> specify which checksum types you want to create as well as creating a
> new step in the finalizer that can be resumed/paused I'm not sure that
> it's worth the added complexity at this time. I see a pretty strong
> link between creating the images (create_iso/create_usb) and generating
> checksums for those images (in my mind at least). Separating those
> steps at further glance doesn't seem to buy us all that much. And
> generating a default set of image hashes as I propose covers all but the
> most paranoid of security types in terms of hash vulnerability.
>
> If there was real interest for the additional flexibility that being
> able to specify hash types for each image DC can construct or for being
> able to pause/resume creating hashes then we could revisit this and
> implement something more intricate.
>
> So, thoughts?
>
> Thanks!
>
>
Hi Glenn,
Personally, I like the idea of having the code for generating the
checksums be part of same script that creates the images. Like you,
I see a strong link between the 2 activities.
However, I don't like the pre-defined set of crypto algorithms.
I think we should allow ppl to choose which algorithms they want to use.
I like the idea of adding the following to the manifest
<iso_checksums>
<cksum_type="md5"/>
<cksum type="sha1"/>
...
</iso_checksums>
Perhaps checksum generation will be off if that section is missing or empty.
If it is not empty, then, we generate checksum for all the algorithm
specified.
This provides the most flexibility, and people can pick and choose which
checksum
to generate, if any at all.
Also, I don't think there needs to be a separation for iso_checksums or
usb_checksums.
Perhaps just 1 checksum section is enough? The same crypto algorithm
can be used for different
type of images, iso, usb, or even the future virtual box images.
Thanks,
--Karen
