Skip to content

Commit

Permalink
Validate provided checksum after successful import
Browse files Browse the repository at this point in the history 
Use the 'checksum' hash value in the yaml files to
verify the image integrity after it has been successfully
imported. Show a warning, if either the hash algorithm
or the hash value does not match the expected fields.

Fixes osism#340

Signed-off-by: Gondermann <[email protected]>
  • Loading branch information
@gndrmnn
gndrmnn committed Aug 10, 2023
1 parent 54987c8 commit 85e871b
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions openstack_image_manager/manage.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,8 @@ def process_images(self, images) -> set:
versions[version["version"]]["meta"][
"image_build_date"
] = version["build_date"]
if "checksum" in version:
versions[version["version"]]["meta"]["checksum"] = version["checksum"]
if "id" in version:
versions[version["version"]]["id"] = version["id"]
except Exception:
Expand Down Expand Up @@ -611,6 +613,26 @@ def process_image(
if not self.CONF.dry_run:
import_result = self.import_image(image, name, url, versions, version)
if import_result:
if "checksum" in versions[version]["meta"]:
hashAlgo, hashValue = versions[version]["meta"]["checksum"].split(":", 2)

if hashAlgo != import_result.hash_algo:
logger.warning(
"Provided checksum algorithm '%s' does not equal the expected algorithm '%s'"
% (hashAlgo, import_result.hash_algo)
)
logger.warning(
"Checksum for '%s' will be ignored..."
% name
)
elif hashValue != import_result.hash_value:
logger.warning(
"Provided checksum for '%s' does not match backend checksum!"
% name
)
else:
logger.info("Backend checksum matches expected value")

logger.info(
"Import of '%s' successfully completed, reloading images" % name
)
Expand Down

0 comments on commit 85e871b

Please sign in to comment.