[lxc-devel] [distrobuilder/master] sources/opensuse: Fix openSUSE
monstermunchkin on Github
lxc-bot at linuxcontainers.org
Tue Mar 17 09:37:20 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 484 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200317/ec6fd5c0/attachment.bin>
-------------- next part --------------
From 7332deea9a9451b37ac7ff6efd51461234f2ad21 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Tue, 17 Mar 2020 10:37:01 +0100
Subject: [PATCH] sources/opensuse: Fix openSUSE
This changes the image verification. The checksum file no longer
contains GPG content but only the sha256 checksum.
Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
sources/opensuse-http.go | 50 ++++++++++++++++++----------------------
1 file changed, 22 insertions(+), 28 deletions(-)
diff --git a/sources/opensuse-http.go b/sources/opensuse-http.go
index aacf6a3..9866edb 100644
--- a/sources/opensuse-http.go
+++ b/sources/opensuse-http.go
@@ -4,6 +4,7 @@ import (
"crypto/sha256"
"fmt"
"io"
+ "io/ioutil"
"net/http"
"net/url"
"os"
@@ -54,57 +55,51 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, rootfsDir string) error
baseURL, fname = path.Split(resp.Request.URL.String())
- url, err := url.Parse(fmt.Sprintf("%s/%s", baseURL, fname))
+ url, err := url.Parse(fmt.Sprintf("%s%s", baseURL, fname))
if err != nil {
return err
}
fpath, err := shared.DownloadHash(definition.Image, url.String(), "", nil)
if err != nil {
- return errors.Wrap(err, "Error downloading openSUSE image")
+ return errors.Wrap(err, "Failed to download image tarball")
}
- if definition.Source.SkipVerification {
- // Unpack
- return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
+ _, err = shared.DownloadHash(definition.Image, url.String()+".sha256", "", nil)
+ if err != nil {
+ return errors.Wrap(err, "Failed to download checksum file")
}
- checksumPath := fmt.Sprintf("%s/%s.sha256", baseURL, fname)
- checksumFile := path.Base(checksumPath)
-
- shared.DownloadHash(definition.Image, checksumPath, "", nil)
- valid, err := shared.VerifyFile(filepath.Join(fpath, checksumFile), "",
- definition.Source.Keys, definition.Source.Keyserver)
+ err = s.verifyTarball(filepath.Join(fpath, fname))
if err != nil {
- return err
- }
- if !valid {
- return errors.New("Failed to verify tarball")
+ return errors.Wrap(err, "Failed to verify image")
}
- // Manually verify the checksum
- checksum, err := shared.GetSignedContent(filepath.Join(fpath, checksumFile),
- definition.Source.Keys, definition.Source.Keyserver)
+ // Unpack
+ return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
+}
+
+func (s *OpenSUSEHTTP) verifyTarball(imagePath string) error {
+ checksumPath := imagePath + ".sha256"
+
+ checksum, err := ioutil.ReadFile(checksumPath)
if err != nil {
- return errors.Wrap(err, "Failed to read signed file")
+ return errors.Wrap(err, "Failed to read checksum file")
}
- imagePath := filepath.Join(fpath, fname)
-
image, err := os.Open(imagePath)
if err != nil {
- return errors.Wrap(err, "Failed to verify image")
+ return errors.Wrap(err, "Failed to open image tarball")
}
+ defer image.Close()
hash := sha256.New()
+
_, err = io.Copy(hash, image)
if err != nil {
- image.Close()
- return errors.Wrap(err, "Failed to verify image")
+ return errors.Wrap(err, "Failed to copy tarball content")
}
- image.Close()
-
result := fmt.Sprintf("%x", hash.Sum(nil))
checksumStr := strings.TrimSpace(strings.Split(string(checksum), " ")[0])
@@ -112,8 +107,7 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, rootfsDir string) error
return fmt.Errorf("Hash mismatch for %s: %s != %s", imagePath, result, checksumStr)
}
- // Unpack
- return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, nil)
+ return nil
}
func (s *OpenSUSEHTTP) getPathToTarball(baseURL string, release string, arch string) string {
More information about the lxc-devel
mailing list