From patchwork Fri Mar 29 21:08:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wainer dos Santos Moschetta X-Patchwork-Id: 10877941 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ED183922 for ; Sat, 30 Mar 2019 00:31:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D7F22291DE for ; Sat, 30 Mar 2019 00:31:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CBC2329292; Sat, 30 Mar 2019 00:31:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 60376291DE for ; Sat, 30 Mar 2019 00:31:56 +0000 (UTC) Received: from localhost ([127.0.0.1]:38416 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hA1ud-000760-IV for patchwork-qemu-devel@patchwork.kernel.org; Fri, 29 Mar 2019 20:31:55 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45711) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hA12O-0000Zd-6h for qemu-devel@nongnu.org; Fri, 29 Mar 2019 19:35:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h9ykG-0004yq-DW for qemu-devel@nongnu.org; Fri, 29 Mar 2019 17:09:02 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52410) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h9ykF-0004QP-5E for qemu-devel@nongnu.org; Fri, 29 Mar 2019 17:08:59 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4C63E31688EB; Fri, 29 Mar 2019 21:08:11 +0000 (UTC) Received: from virtlab514.virt.lab.eng.bos.redhat.com (virtlab514.virt.lab.eng.bos.redhat.com [10.19.152.210]) by smtp.corp.redhat.com (Postfix) with ESMTP id 745F76E3F7; Fri, 29 Mar 2019 21:08:10 +0000 (UTC) From: Wainer dos Santos Moschetta To: qemu-devel@nongnu.org Date: Fri, 29 Mar 2019 17:08:02 -0400 Message-Id: <20190329210804.22121-4-wainersm@redhat.com> In-Reply-To: <20190329210804.22121-1-wainersm@redhat.com> References: <20190329210804.22121-1-wainersm@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 29 Mar 2019 21:08:11 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 3/5] tests/vm: Detect the image changed on server X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fam@euphon.net, peter.maydell@linaro.org, philmd@redhat.com, lersek@redhat.com, pbonzini@redhat.com, alex.bennee@linaro.org Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The current implementation of basevm does not check if the image file to be downloaded has changed on server side before honouring the cache. So any change on server-side file can go unnoticed, keeping the cached image. This change implements a simple mechanism to detect the image file changed by using the sha256sum file stored on server. It compares with the expected checksum and then abort the execution on mismatch. Signed-off-by: Wainer dos Santos Moschetta --- tests/vm/basevm.py | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py index 083befce9f..4dfad2dc9b 100755 --- a/tests/vm/basevm.py +++ b/tests/vm/basevm.py @@ -27,6 +27,7 @@ import tempfile import shutil import multiprocessing import traceback +import urllib.request SSH_KEY = open(os.path.join(os.path.dirname(__file__), "..", "keys", "id_rsa")).read() @@ -81,6 +82,18 @@ class BaseVM(object): self._data_args = [] def _download_with_cache(self, url, sha256sum=None): + + def fetch_image_hash(url): + fetch_url = "%s.sha256sum" % url + try: + with urllib.request.urlopen(fetch_url) as response: + content = response.read() + except urllib.error.URLError as error: + logging.error("Failed to fetch image checksum file: %s", + fetch_url) + raise error + return content.decode().strip() + def check_sha256sum(fname): if not sha256sum: return True @@ -91,8 +104,24 @@ class BaseVM(object): if not os.path.exists(cache_dir): os.makedirs(cache_dir) fname = os.path.join(cache_dir, hashlib.sha1(url.encode()).hexdigest()) - if os.path.exists(fname) and check_sha256sum(fname): + + if os.path.exists(fname) and sha256sum is None: return fname + + if sha256sum: + image_checksum = fetch_image_hash(url) + # Check the url points to a known image file. + if image_checksum != sha256sum: + logging.error("Image %s checksum (%s) does not match " + + "expected (%s).", url, image_checksum, sha256sum) + raise Exception("Image checksum failed.") + # Check the cached image is up to date. + if os.path.exists(fname): + if check_sha256sum(fname): + return fname + logging.warning("Invalid cached image. Attempt to download " + + "the updated one.") + logging.debug("Downloading %s to %s...", url, fname) subprocess.check_call(["wget", "-c", url, "-O", fname + ".download"], stdout=self._stdout, stderr=self._stderr)