Skip to content

Commit

Permalink
Validate provided checksum after successful import
Browse files Browse the repository at this point in the history
Use the 'checksum' hash value in the yaml files to
verify the image integrity after it has been successfully
imported. Show a warning, if either the hash algorithm
or the hash value does not match the expected fields.

Fixes osism#340

Signed-off-by: Gondermann <[email protected]>
  • Loading branch information
gndrmnn committed Aug 10, 2023
1 parent 54987c8 commit f077bcd
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
22 changes: 22 additions & 0 deletions openstack_image_manager/manage.py
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,8 @@ def process_images(self, images) -> set:
versions[version["version"]]["meta"][
"image_build_date"
] = version["build_date"]
if "checksum" in version:
versions[version["version"]]["meta"]["checksum"] = version["checksum"]
if "id" in version:
versions[version["version"]]["id"] = version["id"]
except Exception:
Expand Down Expand Up @@ -611,6 +613,26 @@ def process_image(
if not self.CONF.dry_run:
import_result = self.import_image(image, name, url, versions, version)
if import_result:
if "checksum" in versions[version]["meta"]:
hashAlgo, hashValue = versions[version]["meta"]["checksum"].split(":", 2)

if hashAlgo != import_result.hash_algo:
logger.warning(
"Provided checksum algorithm '%s' does not equal the expected algorithm '%s'"
% (hashAlgo, import_result.hash_algo)
)
logger.warning(
"Checksum for '%s' will be ignored..."
% name
)
elif hashValue != import_result.hash_value:
logger.warning(
"Provided checksum for '%s' does not match backend checksum!"
% name
)
else:
logger.info("Backend checksum matches expected value")

logger.info(
"Import of '%s' successfully completed, reloading images" % name
)
Expand Down
3 changes: 2 additions & 1 deletion test/unit/test_manage.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,8 @@ def setUp(self):
self.fake_image = Image(**FAKE_IMAGE_DATA)
self.fake_name = '%s (%s)' % (self.fake_image_dict['name'], '1')
self.fake_url = 'http://url.com'
self.versions = {'1': {'url': self.fake_url, 'meta': {'image_source': self.fake_url}}}
self.fake_checksum = '1234'
self.versions = {'1': {'url': self.fake_url, 'meta': {'image_source': self.fake_url, 'checksum': self.fake_checksum}}}
self.sorted_versions = ['2', '1']
self.previous_image = self.fake_image
self.imported_image = self.fake_image
Expand Down

0 comments on commit f077bcd

Please sign in to comment.