qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 3/5] tests/vm: Detect the image changed on server

From: Wainer dos Santos Moschetta
Subject: [Qemu-devel] [PATCH 3/5] tests/vm: Detect the image changed on server
Date: Fri, 29 Mar 2019 17:08:02 -0400 
The current implementation of basevm does not check if the image
file to be downloaded has changed on server side before honouring
the cache. So any change on server-side file can go unnoticed,
keeping the cached image.

This change implements a simple mechanism to detect the image
file changed by using the sha256sum file stored on server. It
compares with the expected checksum and then abort the execution
on mismatch.

Signed-off-by: Wainer dos Santos Moschetta <address@hidden>
---
 tests/vm/basevm.py | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py
index 083befce9f..4dfad2dc9b 100755
--- a/tests/vm/basevm.py
+++ b/tests/vm/basevm.py
@@ -27,6 +27,7 @@ import tempfile
 import shutil
 import multiprocessing
 import traceback
+import urllib.request
 
 SSH_KEY = open(os.path.join(os.path.dirname(__file__),
                "..", "keys", "id_rsa")).read()
@@ -81,6 +82,18 @@ class BaseVM(object):
         self._data_args = []
 
     def _download_with_cache(self, url, sha256sum=None):
+
+        def fetch_image_hash(url):
+            fetch_url = "%s.sha256sum" % url
+            try:
+                with urllib.request.urlopen(fetch_url) as response:
+                    content = response.read()
+            except  urllib.error.URLError as error:
+                logging.error("Failed to fetch image checksum file: %s",
+                        fetch_url)
+                raise error
+            return content.decode().strip()
+
         def check_sha256sum(fname):
             if not sha256sum:
                 return True
@@ -91,8 +104,24 @@ class BaseVM(object):
         if not os.path.exists(cache_dir):
             os.makedirs(cache_dir)
         fname = os.path.join(cache_dir, hashlib.sha1(url.encode()).hexdigest())
-        if os.path.exists(fname) and check_sha256sum(fname):
+
+        if os.path.exists(fname) and sha256sum is None:
             return fname
+
+        if sha256sum:
+            image_checksum = fetch_image_hash(url)
+            # Check the url points to a known image file.
+            if image_checksum != sha256sum:
+                logging.error("Image %s checksum (%s) does not match " +
+                        "expected (%s).", url, image_checksum, sha256sum)
+                raise Exception("Image checksum failed.")
+            # Check the cached image is up to date.
+            if os.path.exists(fname):
+                if check_sha256sum(fname):
+                    return fname
+                logging.warning("Invalid cached image. Attempt to download " +
+                        "the updated one.")
+
         logging.debug("Downloading %s to %s...", url, fname)
         subprocess.check_call(["wget", "-c", url, "-O", fname + ".download"],
                               stdout=self._stdout, stderr=self._stderr)
-- 
2.18.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]