On Fri, Sep 30, 2016 at 11:30:59AM +0200, Pino Toscano wrote:
> Move the Checksums module from virt-builder mostly as it is; the only
> change is that on checksum mismatch an exception is raised rather than
> invoking "error" directly: this way users of verify_checksum &
> verify_checksums can do their own handling of the situation.
> ---
> builder/Makefile.am | 2 --
> builder/builder.ml | 6 +++++-
> builder/checksums.ml | 57
> ---------------------------------------------------
> builder/checksums.mli | 33 -----------------------------
> mllib/Makefile.am | 4 +++-
> mllib/checksums.ml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
> mllib/checksums.mli | 35 +++++++++++++++++++++++++++++++
> 7 files changed, 99 insertions(+), 94 deletions(-)
> delete mode 100644 builder/checksums.ml
> delete mode 100644 builder/checksums.mli
> create mode 100644 mllib/checksums.ml
> create mode 100644 mllib/checksums.mli
>
> diff --git a/builder/Makefile.am b/builder/Makefile.am
> index 7983223..5977d8b 100644
> --- a/builder/Makefile.am
> +++ b/builder/Makefile.am
> @@ -44,7 +44,6 @@ SOURCES_MLI = \
> cache.mli \
> cmdline.mli \
> downloader.mli \
> - checksums.mli \
> index.mli \
> index_parser.mli \
> ini_reader.mli \
> @@ -61,7 +60,6 @@ SOURCES_ML = \
> utils.ml \
> pxzcat.ml \
> setlocale.ml \
> - checksums.ml \
> index.ml \
> ini_reader.ml \
> yajl.ml \
> diff --git a/builder/builder.ml b/builder/builder.ml
> index fdbe659..799208a 100644
> --- a/builder/builder.ml
> +++ b/builder/builder.ml
> @@ -307,7 +307,11 @@ let main () =
> match entry with
> (* New-style: Using a checksum. *)
> | { Index.checksums = Some csums } ->
> - Checksums.verify_checksums csums template
> + (try Checksums.verify_checksums csums template
> + with Checksums.Mismatched_checksum (csum, csum_actual) ->
> + error (f_"%s checksum of template did not match the expected
> checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the
> '-v' option and look for earlier error messages.\n - Delete the cache:
> virt-builder --delete-cache\n - Check no one has tampered with the website or
> your network!")
> + (Checksums.string_of_csum_t csum) csum_actual
> (Checksums.string_of_csum csum)
> + )
>
> | { Index.checksums = None } ->
> (* Old-style: detached signature. *)
> diff --git a/builder/checksums.ml b/builder/checksums.ml
> deleted file mode 100644
> index c8cdc98..0000000
> --- a/builder/checksums.ml
> +++ /dev/null
> @@ -1,57 +0,0 @@
> -(* virt-builder
> - * Copyright (C) 2015 Red Hat Inc.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License along
> - * with this program; if not, write to the Free Software Foundation, Inc.,
> - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> - *)
> -
> -open Common_gettext.Gettext
> -open Common_utils
> -
> -open Utils
> -
> -open Printf
> -
> -type csum_t =
> -| SHA256 of string
> -| SHA512 of string
> -
> -let string_of_csum_t = function
> - | SHA256 _ -> "sha256"
> - | SHA512 _ -> "sha512"
> -
> -let string_of_csum = function
> - | SHA256 c -> c
> - | SHA512 c -> c
> -
> -let verify_checksum csum filename =
> - let prog, csum_ref =
> - match csum with
> - | SHA256 c -> "sha256sum", c
> - | SHA512 c -> "sha512sum", c
> - in
> -
> - let cmd = sprintf "%s %s" prog (quote filename) in
> - let lines = external_command cmd in
> - match lines with
> - | [] ->
> - error (f_"%s did not return any output") prog
> - | line :: _ ->
> - let csum_actual = fst (String.split " " line) in
> - if csum_ref <> csum_actual then
> - error (f_"%s checksum of template did not match the expected
> checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the
> '-v' option and look for earlier error messages.\n - Delete the cache:
> virt-builder --delete-cache\n - Check no one has tampered with the website or
> your network!")
> - (string_of_csum_t csum) csum_actual csum_ref
> -
> -let verify_checksums checksums filename =
> - List.iter (fun c -> verify_checksum c filename) checksums
> diff --git a/builder/checksums.mli b/builder/checksums.mli
> deleted file mode 100644
> index ef26634..0000000
> --- a/builder/checksums.mli
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -(* virt-builder
> - * Copyright (C) 2015 Red Hat Inc.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License along
> - * with this program; if not, write to the Free Software Foundation, Inc.,
> - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> - *)
> -
> -type csum_t =
> -| SHA256 of string
> -| SHA512 of string
> -
> -val verify_checksum : csum_t -> string -> unit
> -(** Verify the checksum of the file. *)
> -
> -val verify_checksums : csum_t list -> string -> unit
> -(** Verify all the checksums of the file. *)
> -
> -val string_of_csum_t : csum_t -> string
> -(** Return a string representation of the checksum type. *)
> -
> -val string_of_csum : csum_t -> string
> -(** Return a string representation of the checksum value. *)
> diff --git a/mllib/Makefile.am b/mllib/Makefile.am
> index 489529a..f100b2f 100644
> --- a/mllib/Makefile.am
> +++ b/mllib/Makefile.am
> @@ -27,6 +27,7 @@ EXTRA_DIST = \
> test-getopt.sh
>
> SOURCES_MLI = \
> + checksums.mli \
> common_utils.mli \
> curl.mli \
> dev_t.mli \
> @@ -60,7 +61,8 @@ SOURCES_ML = \
> StatVFS.ml \
> JSON.ml \
> curl.ml \
> - exit.ml
> + exit.ml \
> + checksums.ml
>
> SOURCES_C = \
> ../fish/decrypt.c \
> diff --git a/mllib/checksums.ml b/mllib/checksums.ml
> new file mode 100644
> index 0000000..918a1c2
> --- /dev/null
> +++ b/mllib/checksums.ml
> @@ -0,0 +1,56 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +open Common_gettext.Gettext
> +open Common_utils
> +
> +open Printf
> +
> +type csum_t =
> +| SHA256 of string
> +| SHA512 of string
> +
> +exception Mismatched_checksum of (csum_t * string)
> +
> +let string_of_csum_t = function
> + | SHA256 _ -> "sha256"
> + | SHA512 _ -> "sha512"
> +
> +let string_of_csum = function
> + | SHA256 c -> c
> + | SHA512 c -> c
> +
> +let verify_checksum csum filename =
> + let prog, csum_ref =
> + match csum with
> + | SHA256 c -> "sha256sum", c
> + | SHA512 c -> "sha512sum", c
> + in
> +
> + let cmd = sprintf "%s %s" prog (Filename.quote filename) in
> + let lines = external_command cmd in
> + match lines with
> + | [] ->
> + error (f_"%s did not return any output") prog
> + | line :: _ ->
> + let csum_actual = fst (String.split " " line) in
> + if csum_ref <> csum_actual then
> + raise (Mismatched_checksum (csum, csum_actual))
> +
> +let verify_checksums checksums filename =
> + List.iter (fun c -> verify_checksum c filename) checksums
> diff --git a/mllib/checksums.mli b/mllib/checksums.mli
> new file mode 100644
> index 0000000..202bdd1
> --- /dev/null
> +++ b/mllib/checksums.mli
> @@ -0,0 +1,35 @@
> +(* virt-builder
> + * Copyright (C) 2015 Red Hat Inc.
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, write to the Free Software Foundation, Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + *)
> +
> +type csum_t =
> +| SHA256 of string
> +| SHA512 of string
> +
> +exception Mismatched_checksum of (csum_t * string) (* expected checksum, got
> *)
> +
> +val verify_checksum : csum_t -> string -> unit
> +(** Verify the checksum of the file. *)
> +
> +val verify_checksums : csum_t list -> string -> unit
> +(** Verify all the checksums of the file. *)
> +
> +val string_of_csum_t : csum_t -> string
> +(** Return a string representation of the checksum type. *)
> +
> +val string_of_csum : csum_t -> string
> +(** Return a string representation of the checksum value. *)
> --
> 2.7.4
ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs
