[lxc-devel] [distrobuilder/master] sources/opensuse: Fix openSUSE

Tue, 17 Mar 2020 02:38:21 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/308

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
This changes the image verification. The checksum file no longer
contains GPG content but only the sha256 checksum.

Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>

From 7332deea9a9451b37ac7ff6efd51461234f2ad21 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.h...@canonical.com>
Date: Tue, 17 Mar 2020 10:37:01 +0100
Subject: [PATCH] sources/opensuse: Fix openSUSE

This changes the image verification. The checksum file no longer
contains GPG content but only the sha256 checksum.

Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>
---
 sources/opensuse-http.go | 50 ++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 28 deletions(-)

diff --git a/sources/opensuse-http.go b/sources/opensuse-http.go
index aacf6a3..9866edb 100644
--- a/sources/opensuse-http.go
+++ b/sources/opensuse-http.go
@@ -4,6 +4,7 @@ import (
        "crypto/sha256"
        "fmt"
        "io"
+       "io/ioutil"
        "net/http"
        "net/url"
        "os"
@@ -54,57 +55,51 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, 
rootfsDir string) error
 
        baseURL, fname = path.Split(resp.Request.URL.String())
 
-       url, err := url.Parse(fmt.Sprintf("%s/%s", baseURL, fname))
+       url, err := url.Parse(fmt.Sprintf("%s%s", baseURL, fname))
        if err != nil {
                return err
        }
 
        fpath, err := shared.DownloadHash(definition.Image, url.String(), "", 
nil)
        if err != nil {
-               return errors.Wrap(err, "Error downloading openSUSE image")
+               return errors.Wrap(err, "Failed to download image tarball")
        }
 
-       if definition.Source.SkipVerification {
-               // Unpack
-               return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, 
false, false, nil)
+       _, err = shared.DownloadHash(definition.Image, url.String()+".sha256", 
"", nil)
+       if err != nil {
+               return errors.Wrap(err, "Failed to download checksum file")
        }
 
-       checksumPath := fmt.Sprintf("%s/%s.sha256", baseURL, fname)
-       checksumFile := path.Base(checksumPath)
-
-       shared.DownloadHash(definition.Image, checksumPath, "", nil)
-       valid, err := shared.VerifyFile(filepath.Join(fpath, checksumFile), "",
-               definition.Source.Keys, definition.Source.Keyserver)
+       err = s.verifyTarball(filepath.Join(fpath, fname))
        if err != nil {
-               return err
-       }
-       if !valid {
-               return errors.New("Failed to verify tarball")
+               return errors.Wrap(err, "Failed to verify image")
        }
 
-       // Manually verify the checksum
-       checksum, err := shared.GetSignedContent(filepath.Join(fpath, 
checksumFile),
-               definition.Source.Keys, definition.Source.Keyserver)
+       // Unpack
+       return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, 
nil)
+}
+
+func (s *OpenSUSEHTTP) verifyTarball(imagePath string) error {
+       checksumPath := imagePath + ".sha256"
+
+       checksum, err := ioutil.ReadFile(checksumPath)
        if err != nil {
-               return errors.Wrap(err, "Failed to read signed file")
+               return errors.Wrap(err, "Failed to read checksum file")
        }
 
-       imagePath := filepath.Join(fpath, fname)
-
        image, err := os.Open(imagePath)
        if err != nil {
-               return errors.Wrap(err, "Failed to verify image")
+               return errors.Wrap(err, "Failed to open image tarball")
        }
+       defer image.Close()
 
        hash := sha256.New()
+
        _, err = io.Copy(hash, image)
        if err != nil {
-               image.Close()
-               return errors.Wrap(err, "Failed to verify image")
+               return errors.Wrap(err, "Failed to copy tarball content")
        }
 
-       image.Close()
-
        result := fmt.Sprintf("%x", hash.Sum(nil))
        checksumStr := strings.TrimSpace(strings.Split(string(checksum), " 
")[0])
 
@@ -112,8 +107,7 @@ func (s *OpenSUSEHTTP) Run(definition shared.Definition, 
rootfsDir string) error
                return fmt.Errorf("Hash mismatch for %s: %s != %s", imagePath, 
result, checksumStr)
        }
 
-       // Unpack
-       return lxd.Unpack(filepath.Join(fpath, fname), rootfsDir, false, false, 
nil)
+       return nil
 }
 
 func (s *OpenSUSEHTTP) getPathToTarball(baseURL string, release string, arch 
string) string {

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to