[lxc-devel] [distrobuilder/master] sources/opensuse: Fix openSUSE

Tue Mar 17 09:37:20 UTC 2020

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 484 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200317/ec6fd5c0/attachment.bin>
-------------- next part --------------
From 7332deea9a9451b37ac7ff6efd51461234f2ad21 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 17 Mar 2020 10:37:01 +0100
Subject: [PATCH] sources/opensuse: Fix openSUSE

This changes the image verification. The checksum file no longer
contains GPG content but only the sha256 checksum.

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 sources/opensuse-http.go | 50 ++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 28 deletions(-)

diff --git a/sources/opensuse-http.go b/sources/opensuse-http.go
index aacf6a3..9866edb 100644
--- a/sources/opensuse-http.go
+++ b/sources/opensuse-http.go
@@ -4,6 +4,7 @@ import (
 	"crypto/sha256"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
@@ -54,57 +55,51 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, rootfsDir string) error
 
 	baseURL, fname = path.Split(resp.Request.URL.String())
 
-	url, err := url.Parse(fmt.Sprintf("%s/%s", baseURL, fname))
+	url, err := url.Parse(fmt.Sprintf("%s%s", baseURL, fname))
 	if err != nil {
 		return err
 	}
 
 	fpath, err := shared.DownloadHash(definition.Image, url.String(), "", nil)
 	if err != nil {
-		return errors.Wrap(err, "Error downloading openSUSE image")
+		return errors.Wrap(err, "Failed to download image tarball")
 	}
 
-	if definition.Source.SkipVerification {
-		// Unpack
-		return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
+	_, err = shared.DownloadHash(definition.Image, url.String()+".sha256", "", nil)
+	if err != nil {
+		return errors.Wrap(err, "Failed to download checksum file")
 	}
 
-	checksumPath := fmt.Sprintf("%s/%s.sha256", baseURL, fname)
-	checksumFile := path.Base(checksumPath)
-
-	shared.DownloadHash(definition.Image, checksumPath, "", nil)
-	valid, err := shared.VerifyFile(filepath.Join(fpath, checksumFile), "",
-		definition.Source.Keys, definition.Source.Keyserver)
+	err = s.verifyTarball(filepath.Join(fpath, fname))
 	if err != nil {
-		return err
-	}
-	if !valid {
-		return errors.New("Failed to verify tarball")
+		return errors.Wrap(err, "Failed to verify image")
 	}
 
-	// Manually verify the checksum
-	checksum, err := shared.GetSignedContent(filepath.Join(fpath, checksumFile),
-		definition.Source.Keys, definition.Source.Keyserver)
+	// Unpack
+	return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
+}
+
+func (s *OpenSUSEHTTP) verifyTarball(imagePath string) error {
+	checksumPath := imagePath + ".sha256"
+
+	checksum, err := ioutil.ReadFile(checksumPath)
 	if err != nil {
-		return errors.Wrap(err, "Failed to read signed file")
+		return errors.Wrap(err, "Failed to read checksum file")
 	}
 
-	imagePath := filepath.Join(fpath, fname)
-
 	image, err := os.Open(imagePath)
 	if err != nil {
-		return errors.Wrap(err, "Failed to verify image")
+		return errors.Wrap(err, "Failed to open image tarball")
 	}
+	defer image.Close()
 
 	hash := sha256.New()
+
 	_, err = io.Copy(hash, image)
 	if err != nil {
-		image.Close()
-		return errors.Wrap(err, "Failed to verify image")
+		return errors.Wrap(err, "Failed to copy tarball content")
 	}
 
-	image.Close()
-
 	result := fmt.Sprintf("%x", hash.Sum(nil))
 	checksumStr := strings.TrimSpace(strings.Split(string(checksum), " ")[0])
 
@@ -112,8 +107,7 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, rootfsDir string) error
 		return fmt.Errorf("Hash mismatch for %s: %s != %s", imagePath, result, checksumStr)
 	}
 
-	// Unpack
-	return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
+	return nil
 }
 
 func (s *OpenSUSEHTTP) getPathToTarball(baseURL string, release string, arch string) string {
