mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 01:32:18 +02:00
Update md5sum to sha512sum (#11134)
* Update md5sum to sha512sum * Move SQL to schema-42100to42200.sql
This commit is contained in:
Wei Zhou
GitHub
parent
3ddd8023d0
commit
66a584624f
2
debian/rules
vendored
2
debian/rules
vendored
@ -87,7 +87,7 @@ override_dh_auto_install:
|
||||
cp client/target/lib/*jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/
|
||||
cp -r engine/schema/dist/systemvm-templates/* $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/
|
||||
cp -r plugins/integrations/kubernetes-service/src/main/resources/conf/* $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/
|
||||
rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/md5sum.txt
|
||||
rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/sha512sum.txt
|
||||
|
||||
# Bundle cmk in cloudstack-management
|
||||
wget https://github.com/apache/cloudstack-cloudmonkey/releases/download/$(CMK_REL)/cmk.linux.x86-64 -O $(DESTDIR)/usr/bin/cmk
|
||||
|
||||
@ -106,7 +106,7 @@
|
||||
templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-xen")
|
||||
templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-ovm")
|
||||
templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-hyperv")
|
||||
File file = new File("./engine/schema/dist/systemvm-templates/md5sum.txt")
|
||||
File file = new File("./engine/schema/dist/systemvm-templates/sha512sum.txt")
|
||||
def lines = file.readLines()
|
||||
for (template in templateList) {
|
||||
def data = lines.findAll { it.contains(template) }
|
||||
@ -135,7 +135,7 @@
|
||||
<goal>wget</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/md5sum.txt</url>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/sha512sum.txt</url>
|
||||
<outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
|
||||
<skipCache>true</skipCache>
|
||||
<overwrite>true</overwrite>
|
||||
@ -205,7 +205,7 @@
|
||||
<checkSignature>true</checkSignature>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-kvm.qcow2.bz2</url>
|
||||
<outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
|
||||
<md5>${kvm.checksum}</md5>
|
||||
<sha512>${kvm.checksum}</sha512>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
@ -241,7 +241,7 @@
|
||||
<checkSignature>true</checkSignature>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-vmware.ova</url>
|
||||
<outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
|
||||
<md5>${vmware.checksum}</md5>
|
||||
<sha512>${vmware.checksum}</sha512>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
@ -277,7 +277,7 @@
|
||||
<checkSignature>true</checkSignature>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-xen.vhd.bz2</url>
|
||||
<outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
|
||||
<md5>${xen.checksum}</md5>
|
||||
<sha512>${xen.checksum}</sha512>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
@ -313,7 +313,7 @@
|
||||
<checkSignature>true</checkSignature>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-ovm.raw.bz2</url>
|
||||
<outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
|
||||
<md5>${ovm.checksum}</md5>
|
||||
<sha512>${ovm.checksum}</sha512>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
@ -349,7 +349,7 @@
|
||||
<checkSignature>true</checkSignature>
|
||||
<url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-hyperv.vhd.zip</url>
|
||||
<outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
|
||||
<md5>${hyperv.checksum}</md5>
|
||||
<sha512>${hyperv.checksum}</sha512>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
|
||||
@ -18,3 +18,6 @@
|
||||
--;
|
||||
-- Schema upgrade from 4.21.0.0 to 4.22.0.0
|
||||
--;
|
||||
|
||||
-- Increase length of scripts_version column to 128 due to md5sum to sha512sum change
|
||||
CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('cloud.domain_router', 'scripts_version', 'scripts_version', 'VARCHAR(128)');
|
||||
|
||||
@ -94,5 +94,5 @@ PARENTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/dist/systemvm-
|
||||
mkdir -p $PARENTPATH
|
||||
METADATAFILE=${PARENTPATH}"metadata.ini"
|
||||
echo > $METADATAFILE
|
||||
SOURCEFILE=${PARENTPATH}'md5sum.txt'
|
||||
SOURCEFILE=${PARENTPATH}'sha512sum.txt'
|
||||
createMetadataFile
|
||||
|
||||
@ -317,7 +317,7 @@ install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-n
|
||||
# SystemVM template
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
|
||||
cp -r engine/schema/dist/systemvm-templates/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm/md5sum.txt
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm/sha512sum.txt
|
||||
|
||||
# Sample Extensions
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/extensions
|
||||
|
||||
@ -4052,7 +4052,7 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error("Failed to register systemVM template(s)");
|
||||
logger.error("Failed to register systemVM template(s) due to: ", e);
|
||||
} finally {
|
||||
SystemVmTemplateRegistration.unmountStore(filePath);
|
||||
txn.close();
|
||||
|
||||
@ -118,6 +118,10 @@ bootstrap() {
|
||||
/opt/cloud/bin/setup/default.sh
|
||||
fi
|
||||
|
||||
if [ -f /var/cache/cloud/cloud-scripts.tgz ];then
|
||||
sha512sum /var/cache/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
|
||||
fi
|
||||
|
||||
log_it "Finished setting up systemvm"
|
||||
exit 0
|
||||
}
|
||||
|
||||
@ -32,12 +32,12 @@ log_it() {
|
||||
}
|
||||
|
||||
validate_checksums() {
|
||||
local oldmd5=
|
||||
[ -f ${1} ] && oldmd5=$(cat ${1})
|
||||
local newmd5=
|
||||
[ -f ${2} ] && newmd5=$(md5sum ${2} | awk '{print $1}')
|
||||
log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5" >> /dev/null 2>&1
|
||||
echo "oldmd5='${oldmd5}'; newmd5='${newmd5}'"
|
||||
local oldchecksum=
|
||||
[ -f ${1} ] && oldchecksum=$(cat ${1})
|
||||
local newchecksum=
|
||||
[ -f ${2} ] && newchecksum=$(sha512sum ${2} | awk '{print $1}')
|
||||
log_it "Scripts checksum detected: oldchecksum=$oldchecksum newchecksum=$newchecksum" >> /dev/null 2>&1
|
||||
echo "oldchecksum='${oldchecksum}'; newchecksum='${newchecksum}'"
|
||||
}
|
||||
|
||||
patch() {
|
||||
@ -46,15 +46,15 @@ patch() {
|
||||
local oldpatchfile=/usr/share/cloud/$PATCH_SCRIPTS
|
||||
local patchfile=$PATCH_MOUNT/$PATCH_SCRIPTS
|
||||
local privkey=$PATCH_MOUNT/authorized_keys
|
||||
local md5file=/var/cache/cloud/cloud-scripts-signature
|
||||
local checksumfile=/var/cache/cloud/cloud-scripts-signature
|
||||
mkdir -p $PATCH_MOUNT
|
||||
|
||||
if [ -f /var/cache/cloud/authorized_keys ]; then
|
||||
privkey=/var/cache/cloud/authorized_keys
|
||||
fi
|
||||
|
||||
eval $(validate_checksums $md5file $oldpatchfile)
|
||||
if [ "$oldmd5" == "$newmd5" ] && [ -d /usr/local/cloud/systemvm ] && [ "$(ls -A /usr/local/cloud/systemvm)" ]; then
|
||||
eval $(validate_checksums $checksumfile $oldpatchfile)
|
||||
if [ "$oldchecksum" == "$newchecksum" ] && [ -d /usr/local/cloud/systemvm ] && [ "$(ls -A /usr/local/cloud/systemvm)" ]; then
|
||||
log_it "Checksum matches, no need to patch"
|
||||
return 0
|
||||
fi
|
||||
@ -67,11 +67,11 @@ patch() {
|
||||
while [ $retry -gt 0 ]
|
||||
do
|
||||
if tar tf $patchfile &> /dev/null; then
|
||||
eval $(validate_checksums $md5file $patchfile)
|
||||
if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
|
||||
eval $(validate_checksums $checksumfile $patchfile)
|
||||
if [ "$oldchecksum" != "$newchecksum" ] && [ -f ${patchfile} ] && [ "$newchecksum" != "" ]
|
||||
then
|
||||
tar xzf $patchfile -C /
|
||||
echo ${newmd5} > ${md5file}
|
||||
echo ${newchecksum} > ${checksumfile}
|
||||
log_it "Patched scripts using $patchfile"
|
||||
touch /var/cache/cloud/patch.required
|
||||
fi
|
||||
|
||||
@ -40,18 +40,18 @@ setup_router() {
|
||||
# To save router public interface and gw ip information
|
||||
touch /var/cache/cloud/ifaceGwIp
|
||||
|
||||
oldmd5=
|
||||
[ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
|
||||
oldchecksum=
|
||||
[ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldchecksum=$(sha512sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
|
||||
|
||||
log_it "Checking udev NIC assignment order changes"
|
||||
if [ "$NIC_MACS" != "" ]
|
||||
then
|
||||
init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
|
||||
newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
|
||||
newchecksum=$(sha512sum "/tmp/udev-rules" | awk '{print $1}')
|
||||
rm /tmp/interfaces
|
||||
rm /tmp/udev-rules
|
||||
|
||||
if [ "$oldmd5" != "$newmd5" ]
|
||||
if [ "$oldchecksum" != "$newchecksum" ]
|
||||
then
|
||||
log_it "Reloading udev for new udev NIC assignment"
|
||||
udevadm control --reload-rules && udevadm trigger
|
||||
|
||||
@ -21,7 +21,7 @@ backupfolder=/var/cache/cloud/bkpup_live_patch
|
||||
logfile="/var/log/livepatchsystemvm.log"
|
||||
newpath="/var/cache/cloud/"
|
||||
CMDLINE=/var/cache/cloud/cmdline
|
||||
md5file=/var/cache/cloud/cloud-scripts-signature
|
||||
checksumfile=/var/cache/cloud/cloud-scripts-signature
|
||||
svcfile=/var/cache/cloud/enabled_svcs
|
||||
TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE)
|
||||
patchfailed=0
|
||||
@ -40,7 +40,7 @@ backup_old_package() {
|
||||
zip -r $backupfolder/agent.zip * >> $logfile 2>&1 2>&1
|
||||
cd -
|
||||
fi
|
||||
cp $md5file $backupfolder
|
||||
cp $checksumfile $backupfolder
|
||||
echo "Backing up cloud-scripts file" >> $logfile 2>&1
|
||||
tar -zcvf $backupfolder/cloud-scripts.tgz /etc/ /var/ /opt/ /root/ >> $logfile 2>&1
|
||||
}
|
||||
@ -57,13 +57,13 @@ restore_backup() {
|
||||
fi
|
||||
backuprestored=1
|
||||
restart_services
|
||||
cp $backupfolder/cloud-scripts-signature $md5file
|
||||
cp $backupfolder/cloud-scripts-signature $checksumfile
|
||||
}
|
||||
|
||||
update_checksum() {
|
||||
newmd5=$(md5sum $1 | awk '{print $1}')
|
||||
echo "checksum: " ${newmd5} >> $logfile 2>&1
|
||||
echo ${newmd5} > ${md5file}
|
||||
newchecksum=$(sha512sum $1 | awk '{print $1}')
|
||||
echo "checksum: " ${newchecksum} >> $logfile 2>&1
|
||||
echo ${newchecksum} > ${checksumfile}
|
||||
}
|
||||
|
||||
restart_services() {
|
||||
@ -144,7 +144,7 @@ patch_systemvm
|
||||
cleanup_systemVM
|
||||
|
||||
if [ $patchfailed == 0 ]; then
|
||||
echo "version:$(cat ${md5file}) "
|
||||
echo "version:$(cat ${checksumfile}) "
|
||||
fi
|
||||
|
||||
exit $patchfailed
|
||||
|
||||
@ -78,7 +78,7 @@ function install_cloud_scripts() {
|
||||
function do_signature() {
|
||||
mkdir -p /var/cache/cloud/ /usr/share/cloud/
|
||||
(cd ./cloud_scripts/; tar -cvf - * | gzip > /usr/share/cloud/cloud-scripts.tgz)
|
||||
md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
|
||||
sha512sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
|
||||
echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
|
||||
}
|
||||
|
||||
|
||||
@ -28,7 +28,6 @@ public class ChecksumUtil {
|
||||
if (cloudScriptsPath == null) {
|
||||
throw new CloudRuntimeException(String.format("Unable to find cloudScripts path, cannot update SystemVM %s", name));
|
||||
}
|
||||
String md5sum = DigestHelper.calculateChecksum(new File(cloudScriptsPath));
|
||||
return md5sum;
|
||||
return DigestHelper.calculateChecksum(new File(cloudScriptsPath));
|
||||
}
|
||||
}
|
||||
|
||||
@ -43,9 +43,9 @@ public class DigestHelper {
|
||||
while ((read = is.read(buffer)) > 0) {
|
||||
digest.update(buffer, 0, read);
|
||||
}
|
||||
byte[] md5sum = digest.digest();
|
||||
byte[] checksumValue = digest.digest();
|
||||
// TODO make sure this is valid for all types of checksums !?!
|
||||
BigInteger bigInt = new BigInteger(1, md5sum);
|
||||
BigInteger bigInt = new BigInteger(1, checksumValue);
|
||||
checksum = new ChecksumValue(digest.getAlgorithm(), getPaddedDigestString(digest,bigInt));
|
||||
return checksum;
|
||||
}
|
||||
@ -141,9 +141,9 @@ public class DigestHelper {
|
||||
|
||||
public static String calculateChecksum(File file) {
|
||||
try (InputStream is = Files.newInputStream(Paths.get(file.getPath()))) {
|
||||
return DigestUtils.md5Hex(is);
|
||||
return DigestUtils.sha512Hex(is);
|
||||
} catch (IOException e) {
|
||||
String errMsg = "Failed to calculate template checksum";
|
||||
String errMsg = "Failed to calculate sha512 checksum of template";
|
||||
LOGGER.error(errMsg);
|
||||
throw new CloudRuntimeException(errMsg, e);
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ import java.io.InputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
||||
import com.amazonaws.util.StringInputStream;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
@ -36,6 +37,8 @@ public class DigestHelperTest {
|
||||
private final static String INPUT_STRING_NO3 = "01234567890123456789012345678901234567890123456789012345678901234567890123456789h\n";
|
||||
private final static String SHA256_CHECKSUM = "{SHA-256}c6ab15af7842d23d3c06c138b53a7d09c5e351a79c4eb3c8ca8d65e5ce8900ab";
|
||||
private final static String SHA256_NO_PREFIX_CHECKSUM = "c6ab15af7842d23d3c06c138b53a7d09c5e351a79c4eb3c8ca8d65e5ce8900ab";
|
||||
private final static String SHA512_CHECKSUM_NO_PREFIX = "e34efddea0cb6bfc960f902ffc16596aaaaff4b12999f720361a0b27e68932b5a73995ccffcf7418fabc4a684c4add13f8bb379f80cabf01220dd0a31cdc28eb";
|
||||
private final static String SHA512_CHECKSUM = "{SHA-512}" + SHA512_CHECKSUM_NO_PREFIX;
|
||||
private final static String SHA1_CHECKSUM = "{SHA-1}49e4b2f4292b63e88597c127d11bc2cc0f2ca0ff";
|
||||
private final static String MD5_CHECKSUM = "{MD5}d141a8eeaf6bba779d1d1dc5102a81c5";
|
||||
private final static String MD5_NO_PREFIX_CHECKSUM = "d141a8eeaf6bba779d1d1dc5102a81c5";
|
||||
@ -43,6 +46,7 @@ public class DigestHelperTest {
|
||||
private final static String ZERO_PADDED_SHA256_CHECKSUM = "{SHA-256}08b5ae0c7d7d45d8ed406d7c3c7da695b81187903694314d97f8a37752a6b241";
|
||||
private static final String MD5 = "MD5";
|
||||
private static final String SHA_256 = "SHA-256";
|
||||
private static final String SHA_512 = "SHA-512";
|
||||
private static InputStream inputStream;
|
||||
private InputStream inputStream2;
|
||||
|
||||
@ -68,6 +72,13 @@ public class DigestHelperTest {
|
||||
Assert.assertEquals(SHA256_CHECKSUM, result);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDigestSHA512() throws Exception {
|
||||
String result = DigestHelper.digest(SHA_512, inputStream).toString();
|
||||
Assert.assertEquals(SHA512_CHECKSUM, result);
|
||||
Assert.assertEquals(SHA512_CHECKSUM_NO_PREFIX, DigestUtils.sha512Hex(INPUT_STRING));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDigestSHA1() throws Exception {
|
||||
String result = DigestHelper.digest("SHA-1", inputStream).toString();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user