From 41ee105aabaf1e9a7efc437b87d9536d3dc14a75 Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Fri, 23 Apr 2010 14:14:26 +0100 Subject: [PATCH] New API: checksums-out for checksumming many files. Useful API for verifying the integrity of virtual machines. --- daemon/checksum.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ src/MAX_PROC_NR | 2 +- src/generator.ml | 20 ++++++++++++- 3 files changed, 104 insertions(+), 2 deletions(-) diff --git a/daemon/checksum.c b/daemon/checksum.c index 4ee6231..f7e2d12 100644 --- a/daemon/checksum.c +++ b/daemon/checksum.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "../src/guestfs_protocol.h" #include "daemon.h" @@ -99,3 +100,86 @@ do_checksum_device (const char *csumtype, const char *device) { return checksum (csumtype, device); } + +/* Has one FileOut parameter. */ +int +do_checksums_out (const char *csumtype, const char *dir) +{ + struct stat statbuf; + int r; + + const char *program = program_of_csum (csumtype); + if (program == NULL) + return -1; + + char *sysrootdir = sysroot_path (dir); + if (!sysrootdir) { + reply_with_perror ("malloc"); + return -1; + } + + r = stat (sysrootdir, &statbuf); + if (r == -1) { + reply_with_perror ("%s", dir); + free (sysrootdir); + return -1; + } + if (!S_ISDIR (statbuf.st_mode)) { + reply_with_error ("%s: not a directory", dir); + free (sysrootdir); + return -1; + } + + char *cmd; + if (asprintf_nowarn (&cmd, "cd %Q && find -type f -print0 | xargs -0 %s", + sysrootdir, program) == -1) { + reply_with_perror ("asprintf"); + free (sysrootdir); + return -1; + } + free (sysrootdir); + + if (verbose) + fprintf (stderr, "%s\n", cmd); + + FILE *fp = popen (cmd, "r"); + if (fp == NULL) { + reply_with_perror ("%s", cmd); + free (cmd); + return -1; + } + free (cmd); + + /* Now we must send the reply message, before the file contents. After + * this there is no opportunity in the protocol to send any error + * message back. Instead we can only cancel the transfer. + */ + reply (NULL, NULL); + + char str[GUESTFS_MAX_CHUNK_SIZE]; + + while ((r = fread (str, 1, GUESTFS_MAX_CHUNK_SIZE, fp)) > 0) { + if (send_file_write (str, r) < 0) { + pclose (fp); + return -1; + } + } + + if (ferror (fp)) { + perror (dir); + send_file_end (1); /* Cancel. */ + pclose (fp); + return -1; + } + + if (pclose (fp) != 0) { + perror (dir); + send_file_end (1); /* Cancel. */ + return -1; + } + + if (send_file_end (0)) /* Normal end of file. */ + return -1; + + return 0; +} diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR index 77f8323..7f05eed 100644 --- a/src/MAX_PROC_NR +++ b/src/MAX_PROC_NR @@ -1 +1 @@ -243 +244 diff --git a/src/generator.ml b/src/generator.ml index c51df38..14cf462 100755 --- a/src/generator.ml +++ b/src/generator.ml @@ -2028,7 +2028,9 @@ Compute the SHA512 hash (using the C program). The checksum is returned as a printable string. -To get the checksum for a device, use C."); +To get the checksum for a device, use C. + +To get the checksums for many files, use C."); ("tar_in", (RErr, [FileIn "tarfile"; Pathname "directory"]), 69, [], [InitBasicFS, Always, TestOutput ( @@ -4546,6 +4548,22 @@ to C."); This command downloads the contents of C, writing it out to local file C encoded as base64."); + ("checksums_out", (RErr, [String "csumtype"; Pathname "directory"; FileOut "sumsfile"]), 244, [], + [], + "compute MD5, SHAx or CRC checksum of files in a directory", + "\ +This command computes the checksums of all regular files in +C and then emits a list of those checksums to +the local output file C. + +This can be used for verifying the integrity of a virtual +machine. However to be properly secure you should pay +attention to the output of the checksum command (it uses +the ones from GNU coreutils). In particular when the +filename is not printable, coreutils uses a special +backslash syntax. For more information, see the GNU +coreutils info file."); + ] let all_functions = non_daemon_functions @ daemon_functions -- 1.8.3.1