openstack/diskimage-builder
Code Issues Proposed changes
Files
master
diskimage-builder/diskimage_builder/elements/centos/root.d/10-centos-cloud-image
Clif Houck ed145a9a6d Add a sha256sum check for CentOS Cloud Images 
Related-bug: 2120974
Change-Id: Iac8c315a9ebdf8a96bb483e992e19798b91c4816
Signed-off-by: Clif Houck <me@clifhouck.com>
2025-08-20 08:53:27 -05:00

68 lines
2.3 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
[ -n "$ARCH" ]
[ -n "$TARGET_ROOT" ]
if [[ "amd64 x86_64 arm64 aarch64 ppc64le" =~ "$ARCH" ]]; then
if [[ "amd64" =~ "$ARCH" ]]; then
ARCH="x86_64"
elif [[ "arm64" =~ "$ARCH" ]]; then
ARCH="aarch64"
fi
if [[ "${DIB_RELEASE}" == "9" ]]; then
dib_release_path=9-stream
else
dib_release_path=${DIB_RELEASE}
fi
DIB_CLOUD_IMAGES=${DIB_CLOUD_IMAGES:-https://cloud.centos.org/centos/${dib_release_path}/${ARCH}/images}
else
echo 'centos root element only support the x86_64, aarch64 and ppc64le values for $ARCH'
exit 1
fi
DIB_LOCAL_IMAGE=${DIB_LOCAL_IMAGE:-}
if [ -n "$DIB_LOCAL_IMAGE" ]; then
IMAGE_LOCATION=$DIB_LOCAL_IMAGE
# No need to copy a local image into the cache directory, so just specify
# the cached path as the original path.
CACHED_IMAGE=$IMAGE_LOCATION
BASE_IMAGE_FILE=$(basename $DIB_LOCAL_IMAGE)
BASE_IMAGE_TAR=$BASE_IMAGE_FILE.tgz
else
DIB_FLAVOR=${DIB_FLAVOR:-GenericCloud}
if [[ "${DIB_RELEASE}" == "9" ]]; then
dib_release_path=9-stream
else
dib_release_path=${DIB_RELEASE}
fi
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-$(head -1 < <(curl -s https://cloud.centos.org/centos/${dib_release_path}/${ARCH}/images/ | grep -o "CentOS-.[^>]*${DIB_FLAVOR}-.[^>]*.qcow2" | sort -r))}
BASE_IMAGE_TAR=$BASE_IMAGE_FILE.tgz
IMAGE_LOCATION=$DIB_CLOUD_IMAGES/$BASE_IMAGE_FILE
CACHED_IMAGE=$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE
IMAGE_SUM_FILE=$BASE_IMAGE_FILE.SHA256SUM
IMAGE_SUM_LOCATION=$IMAGE_LOCATION.SHA256SUM
CACHED_SUM=$DIB_IMAGE_CACHE/$IMAGE_SUM_FILE
# Fetching image and its hash prior to extract-image below.
# extract-image will find the cached image and continue normally.
# Until extract-image also incorporates hash checking, this is the way.
$TMP_HOOKS_PATH/bin/cache-url $IMAGE_LOCATION $CACHED_IMAGE
$TMP_HOOKS_PATH/bin/cache-url $IMAGE_SUM_LOCATION $CACHED_SUM
pushd $DIB_IMAGE_CACHE
if ! sha256sum --quiet --check $CACHED_SUM ; then
echo "ERROR: Image '$CACHED_IMAGE' failed sha256sum check!"
exit 1
fi
popd
fi
echo "Extracting image..."
$TMP_HOOKS_PATH/bin/extract-image $BASE_IMAGE_FILE $BASE_IMAGE_TAR $IMAGE_LOCATION $CACHED_IMAGE
View Git Blame Copy Permalink