New API: checksums-out for checksumming many files.

Useful API for verifying the integrity of virtual machines.

diff --git a/daemon/checksum.c b/daemon/checksum.c
index 4ee6231..f7e2d12 100644 (file)
--- a/daemon/checksum.c
+++ b/daemon/checksum.c
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>

+#include <sys/stat.h>

 
 #include "../src/guestfs_protocol.h"
 #include "daemon.h"
 
 #include "../src/guestfs_protocol.h"
 #include "daemon.h"


@@ -99,3 +100,86 @@ do_checksum_device (const char *csumtype, const char *device)
 {
   return checksum (csumtype, device);
 }
 {
   return checksum (csumtype, device);
 }

+
+/* Has one FileOut parameter. */
+int
+do_checksums_out (const char *csumtype, const char *dir)
+{
+  struct stat statbuf;
+  int r;
+
+  const char *program = program_of_csum (csumtype);
+  if (program == NULL)
+    return -1;
+
+  char *sysrootdir = sysroot_path (dir);
+  if (!sysrootdir) {
+    reply_with_perror ("malloc");
+    return -1;
+  }
+
+  r = stat (sysrootdir, &statbuf);
+  if (r == -1) {
+    reply_with_perror ("%s", dir);
+    free (sysrootdir);
+    return -1;
+  }
+  if (!S_ISDIR (statbuf.st_mode)) {
+    reply_with_error ("%s: not a directory", dir);
+    free (sysrootdir);
+    return -1;
+  }
+
+  char *cmd;
+  if (asprintf_nowarn (&cmd, "cd %Q && find -type f -print0 | xargs -0 %s",
+                       sysrootdir, program) == -1) {
+    reply_with_perror ("asprintf");
+    free (sysrootdir);
+    return -1;
+  }
+  free (sysrootdir);
+
+  if (verbose)
+    fprintf (stderr, "%s\n", cmd);
+
+  FILE *fp = popen (cmd, "r");
+  if (fp == NULL) {
+    reply_with_perror ("%s", cmd);
+    free (cmd);
+    return -1;
+  }
+  free (cmd);
+
+  /* Now we must send the reply message, before the file contents.  After
+   * this there is no opportunity in the protocol to send any error
+   * message back.  Instead we can only cancel the transfer.
+   */
+  reply (NULL, NULL);
+
+  char str[GUESTFS_MAX_CHUNK_SIZE];
+
+  while ((r = fread (str, 1, GUESTFS_MAX_CHUNK_SIZE, fp)) > 0) {
+    if (send_file_write (str, r) < 0) {
+      pclose (fp);
+      return -1;
+    }
+  }
+
+  if (ferror (fp)) {
+    perror (dir);
+    send_file_end (1);                /* Cancel. */
+    pclose (fp);
+    return -1;
+  }
+
+  if (pclose (fp) != 0) {
+    perror (dir);
+    send_file_end (1);                /* Cancel. */
+    return -1;
+  }
+
+  if (send_file_end (0))        /* Normal end of file. */
+    return -1;
+
+  return 0;
+}

diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index 77f8323..7f05eed 100644 (file)
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-243
+244

diff --git a/src/generator.ml b/src/generator.ml
index c51df38..14cf462 100755 (executable)
--- a/src/generator.ml
+++ b/src/generator.ml
@@ -2028,7 +2028,9 @@ Compute the SHA512 hash (using the C<sha512sum> program).
 
 The checksum is returned as a printable string.
 
 
 The checksum is returned as a printable string.
 

-To get the checksum for a device, use C<guestfs_checksum_device>.");
+To get the checksum for a device, use C<guestfs_checksum_device>.
+
+To get the checksums for many files, use C<guestfs_checksums_out>.");

 
   ("tar_in", (RErr, [FileIn "tarfile"; Pathname "directory"]), 69, [],
    [InitBasicFS, Always, TestOutput (
 
   ("tar_in", (RErr, [FileIn "tarfile"; Pathname "directory"]), 69, [],
    [InitBasicFS, Always, TestOutput (


@@ -4546,6 +4548,22 @@ to C<filename>.");
 This command downloads the contents of C<filename>, writing
 it out to local file C<base64file> encoded as base64.");
 
 This command downloads the contents of C<filename>, writing
 it out to local file C<base64file> encoded as base64.");
 

+  ("checksums_out", (RErr, [String "csumtype"; Pathname "directory"; FileOut "sumsfile"]), 244, [],
+   [],
+   "compute MD5, SHAx or CRC checksum of files in a directory",
+   "\
+This command computes the checksums of all regular files in
+C<directory> and then emits a list of those checksums to
+the local output file C<sumsfile>.
+
+This can be used for verifying the integrity of a virtual
+machine.  However to be properly secure you should pay
+attention to the output of the checksum command (it uses
+the ones from GNU coreutils).  In particular when the
+filename is not printable, coreutils uses a special
+backslash syntax.  For more information, see the GNU
+coreutils info file.");
+

 ]
 
 let all_functions = non_daemon_functions @ daemon_functions
 ]
 
 let all_functions = non_daemon_functions @ daemon_functions