Support longer checksums for redfish firmware upgrade
Previoulsy only SHA1 hashes were supported, now we support SHA256 and SHA512 by length. Change-Id: Iddb196faca4008837595a3d0923f55d0e9d2aea5
This commit is contained in:
parent
7f281392c2
commit
03cd9788e6
@ -407,7 +407,7 @@ The ``update_firmware`` cleaning step accepts JSON in the following format::
|
||||
"firmware_images":[
|
||||
{
|
||||
"url": "<url_to_firmware_image1>",
|
||||
"checksum": "<checksum for image, uses SHA1>",
|
||||
"checksum": "<checksum for image, uses SHA1, SHA256, or SHA512>",
|
||||
"source": "<optional override source setting for image>",
|
||||
"wait": <number_of_seconds_to_wait>
|
||||
},
|
||||
|
@ -137,8 +137,22 @@ def verify_checksum(node, checksum, file_path):
|
||||
:param file_path: File path for which to verify checksum
|
||||
:raises RedfishError: When checksum does not match
|
||||
"""
|
||||
calculated_checksum = fileutils.compute_file_checksum(
|
||||
file_path, algorithm='sha1')
|
||||
if len(checksum) <= 41:
|
||||
# SHA1: 40 bytes long
|
||||
calculated_checksum = fileutils.compute_file_checksum(
|
||||
file_path, algorithm='sha1')
|
||||
elif len(checksum) <= 64:
|
||||
calculated_checksum = fileutils.compute_file_checksum(
|
||||
file_path, algorithm='sha256')
|
||||
elif len(checksum) <= 128:
|
||||
calculated_checksum = fileutils.compute_file_checksum(
|
||||
file_path, algorithm='sha512')
|
||||
else:
|
||||
raise exception.RedfishError(
|
||||
_('Unable to identify checksum to perform firmware file checksum '
|
||||
'calculation. Please validate your input in and try again. '
|
||||
'Received: %(checksum)s')
|
||||
% {'checksum': checksum})
|
||||
if checksum != calculated_checksum:
|
||||
raise exception.RedfishError(
|
||||
_('For node %(node)s firmware file %(temp_file)s checksums do not '
|
||||
|
@ -256,6 +256,30 @@ class FirmwareUtilsTestCase(base.TestCase):
|
||||
mock_compute_file_checksum.assert_called_with(
|
||||
file_path, algorithm='sha1')
|
||||
|
||||
@mock.patch.object(fileutils, 'compute_file_checksum', autospec=True)
|
||||
def test_verify_checksum_sha256(self, mock_compute_file_checksum):
|
||||
checksum = 'a' * 64
|
||||
file_path = '/tmp/bios.exe'
|
||||
mock_compute_file_checksum.return_value = checksum
|
||||
node = mock.Mock(uuid='9f0f6795-f74e-4b5a-850e-72f586a92435')
|
||||
|
||||
firmware_utils.verify_checksum(node, checksum, file_path)
|
||||
|
||||
mock_compute_file_checksum.assert_called_with(
|
||||
file_path, algorithm='sha256')
|
||||
|
||||
@mock.patch.object(fileutils, 'compute_file_checksum', autospec=True)
|
||||
def test_verify_checksum_sha512(self, mock_compute_file_checksum):
|
||||
checksum = 'a' * 128
|
||||
file_path = '/tmp/bios.exe'
|
||||
mock_compute_file_checksum.return_value = checksum
|
||||
node = mock.Mock(uuid='9f0f6795-f74e-4b5a-850e-72f586a92435')
|
||||
|
||||
firmware_utils.verify_checksum(node, checksum, file_path)
|
||||
|
||||
mock_compute_file_checksum.assert_called_with(
|
||||
file_path, algorithm='sha512')
|
||||
|
||||
@mock.patch.object(os, 'makedirs', autospec=True)
|
||||
@mock.patch.object(shutil, 'copyfile', autospec=True)
|
||||
@mock.patch.object(os, 'link', autospec=True)
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The Redfish firmware upgrade interface now supports checksum determination
|
||||
by length, and ``sha256`` and ``sha512`` checksums may now be supplied to
|
||||
the step arguments.
|
Loading…
Reference in New Issue
Block a user