Support sha256/sha512 with the ilo firmware upgrade logic
Adds support for SHA256 and SHA512 checksums to be passed to firmware upgrade steps for the ilo hardware type. Change-Id: I5455c4bfa4741a35b0ddada37298c897887e6cea
This commit is contained in:
parent
2528bf6621
commit
23f4a7d993
@ -1379,17 +1379,17 @@ step could be::
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"url": "http://my_address:port/firmwares/bios_vLatest.scexe",
|
"url": "http://my_address:port/firmwares/bios_vLatest.scexe",
|
||||||
"checksum": "<md5-checksum-of-this-file>",
|
"checksum": "<sha256-checksum-of-this-file>",
|
||||||
"component": "bios"
|
"component": "bios"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"url": "https://my_secure_address_url/firmwares/chassis_vLatest.scexe",
|
"url": "https://my_secure_address_url/firmwares/chassis_vLatest.scexe",
|
||||||
"checksum": "<md5-checksum-of-this-file>",
|
"checksum": "<sha512-checksum-of-this-file>",
|
||||||
"component": "chassis"
|
"component": "chassis"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"url": "file:///home/ubuntu/firmware_images/power_pic/pmc_v3.0.bin",
|
"url": "file:///home/ubuntu/firmware_images/power_pic/pmc_v3.0.bin",
|
||||||
"checksum": "<md5-checksum-of-this-file>",
|
"checksum": "<sha256-checksum-of-this-file>",
|
||||||
"component": "power_pic"
|
"component": "power_pic"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
@ -1412,7 +1412,7 @@ Each firmware image block is represented by a dictionary (JSON), in the form::
|
|||||||
|
|
||||||
{
|
{
|
||||||
"url": "<url of firmware image file>",
|
"url": "<url of firmware image file>",
|
||||||
"checksum": "<md5 checksum of firmware image file to verify the image>",
|
"checksum": "<SHA256, SHA512, or MD5 checksum of firmware image file to verify the image>",
|
||||||
"component": "<device on which firmware image will be flashed>"
|
"component": "<device on which firmware image will be flashed>"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1459,11 +1459,11 @@ All the fields in the firmware image block are mandatory.
|
|||||||
things were left off or where things failed. You can then fix or work around
|
things were left off or where things failed. You can then fix or work around
|
||||||
and then try again. A common cause of update failure is HPE Secure Digital
|
and then try again. A common cause of update failure is HPE Secure Digital
|
||||||
Signature check failure for the firmware image file.
|
Signature check failure for the firmware image file.
|
||||||
* To compute ``md5`` checksum for your image file, you can use the following
|
* To compute ``sha256`` checksum for your image file, you can use the following
|
||||||
command::
|
command::
|
||||||
|
|
||||||
$ md5sum image.rpm
|
$ sha256sum image.rpm
|
||||||
66cdb090c80b71daa21a67f06ecd3f33 image.rpm
|
24f6abba6fb6921b05afdb4f9a671aed72af3add90c912b5e3989f51f1b359e5 image.rpm
|
||||||
|
|
||||||
Smart Update Manager (SUM) based firmware update
|
Smart Update Manager (SUM) based firmware update
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
@ -908,7 +908,7 @@ def remove_single_or_list_of_files(file_location):
|
|||||||
|
|
||||||
|
|
||||||
def verify_image_checksum(image_location, expected_checksum):
|
def verify_image_checksum(image_location, expected_checksum):
|
||||||
"""Verifies checksum (md5) of image file against the expected one.
|
"""Verifies checksum of image file against the expected one.
|
||||||
|
|
||||||
This method generates the checksum of the image file on the fly and
|
This method generates the checksum of the image file on the fly and
|
||||||
verifies it against the expected checksum provided as argument.
|
verifies it against the expected checksum provided as argument.
|
||||||
@ -919,8 +919,24 @@ def verify_image_checksum(image_location, expected_checksum):
|
|||||||
verification fails.
|
verification fails.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
actual_checksum = fileutils.compute_file_checksum(image_location,
|
if len(expected_checksum) <= 32:
|
||||||
algorithm='md5')
|
actual_checksum = fileutils.compute_file_checksum(image_location,
|
||||||
|
algorithm='md5')
|
||||||
|
elif len(expected_checksum) <= 64:
|
||||||
|
actual_checksum = fileutils.compute_file_checksum(
|
||||||
|
image_location,
|
||||||
|
algorithm='sha256')
|
||||||
|
elif len(expected_checksum) <= 128:
|
||||||
|
actual_checksum = fileutils.compute_file_checksum(
|
||||||
|
image_location,
|
||||||
|
algorithm='sha512')
|
||||||
|
else:
|
||||||
|
raise exception.ImageRefValidationFailed(
|
||||||
|
image_href=image_location,
|
||||||
|
reason="Unable to identify checksum based upon length. "
|
||||||
|
"Please validate your checksum and ensure it is "
|
||||||
|
"MD5, SHA256, or SHA512")
|
||||||
|
|
||||||
except IOError as e:
|
except IOError as e:
|
||||||
LOG.error("Error opening file: %(file)s", {'file': image_location})
|
LOG.error("Error opening file: %(file)s", {'file': image_location})
|
||||||
raise exception.ImageRefValidationFailed(image_href=image_location,
|
raise exception.ImageRefValidationFailed(image_href=image_location,
|
||||||
|
@ -1170,6 +1170,30 @@ class IloCommonMethodsTestCase(BaseIloTest):
|
|||||||
# | THEN |
|
# | THEN |
|
||||||
# no any exception thrown
|
# no any exception thrown
|
||||||
|
|
||||||
|
@mock.patch.object(builtins, 'open', autospec=True)
|
||||||
|
def test_verify_image_checksum_sha256(self, open_mock):
|
||||||
|
# | GIVEN |
|
||||||
|
data = b'Yankee Doodle went to town riding on a pony;'
|
||||||
|
file_like_object = io.BytesIO(data)
|
||||||
|
open_mock().__enter__.return_value = file_like_object
|
||||||
|
actual_hash = hashlib.sha256(data).hexdigest()
|
||||||
|
# | WHEN |
|
||||||
|
ilo_common.verify_image_checksum(file_like_object, actual_hash)
|
||||||
|
# | THEN |
|
||||||
|
# no any exception thrown
|
||||||
|
|
||||||
|
@mock.patch.object(builtins, 'open', autospec=True)
|
||||||
|
def test_verify_image_checksum_sha512(self, open_mock):
|
||||||
|
# | GIVEN |
|
||||||
|
data = b'Yankee Doodle went to town riding on a pony;'
|
||||||
|
file_like_object = io.BytesIO(data)
|
||||||
|
open_mock().__enter__.return_value = file_like_object
|
||||||
|
actual_hash = hashlib.sha512(data).hexdigest()
|
||||||
|
# | WHEN |
|
||||||
|
ilo_common.verify_image_checksum(file_like_object, actual_hash)
|
||||||
|
# | THEN |
|
||||||
|
# no any exception thrown
|
||||||
|
|
||||||
def test_verify_image_checksum_throws_for_nonexistent_file(self):
|
def test_verify_image_checksum_throws_for_nonexistent_file(self):
|
||||||
# | GIVEN |
|
# | GIVEN |
|
||||||
invalid_file_path = '/some/invalid/file/path'
|
invalid_file_path = '/some/invalid/file/path'
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The ``ilo`` hardware type firmware upgrade steps, now support checksum
|
||||||
|
determination by legnth in order to allow SHA256 and SHA512 checksums
|
||||||
|
to be supplied by the step caller.
|
Loading…
Reference in New Issue
Block a user