Merge "Support sha256/sha512 with the ilo firmware upgrade logic"
This commit is contained in:
commit
9b181b83a8
@ -1379,17 +1379,17 @@ step could be::
|
||||
},
|
||||
{
|
||||
"url": "http://my_address:port/firmwares/bios_vLatest.scexe",
|
||||
"checksum": "<md5-checksum-of-this-file>",
|
||||
"checksum": "<sha256-checksum-of-this-file>",
|
||||
"component": "bios"
|
||||
},
|
||||
{
|
||||
"url": "https://my_secure_address_url/firmwares/chassis_vLatest.scexe",
|
||||
"checksum": "<md5-checksum-of-this-file>",
|
||||
"checksum": "<sha512-checksum-of-this-file>",
|
||||
"component": "chassis"
|
||||
},
|
||||
{
|
||||
"url": "file:///home/ubuntu/firmware_images/power_pic/pmc_v3.0.bin",
|
||||
"checksum": "<md5-checksum-of-this-file>",
|
||||
"checksum": "<sha256-checksum-of-this-file>",
|
||||
"component": "power_pic"
|
||||
}
|
||||
]
|
||||
@ -1412,7 +1412,7 @@ Each firmware image block is represented by a dictionary (JSON), in the form::
|
||||
|
||||
{
|
||||
"url": "<url of firmware image file>",
|
||||
"checksum": "<md5 checksum of firmware image file to verify the image>",
|
||||
"checksum": "<SHA256, SHA512, or MD5 checksum of firmware image file to verify the image>",
|
||||
"component": "<device on which firmware image will be flashed>"
|
||||
}
|
||||
|
||||
@ -1459,11 +1459,11 @@ All the fields in the firmware image block are mandatory.
|
||||
things were left off or where things failed. You can then fix or work around
|
||||
and then try again. A common cause of update failure is HPE Secure Digital
|
||||
Signature check failure for the firmware image file.
|
||||
* To compute ``md5`` checksum for your image file, you can use the following
|
||||
* To compute ``sha256`` checksum for your image file, you can use the following
|
||||
command::
|
||||
|
||||
$ md5sum image.rpm
|
||||
66cdb090c80b71daa21a67f06ecd3f33 image.rpm
|
||||
$ sha256sum image.rpm
|
||||
24f6abba6fb6921b05afdb4f9a671aed72af3add90c912b5e3989f51f1b359e5 image.rpm
|
||||
|
||||
Smart Update Manager (SUM) based firmware update
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
@ -908,7 +908,7 @@ def remove_single_or_list_of_files(file_location):
|
||||
|
||||
|
||||
def verify_image_checksum(image_location, expected_checksum):
|
||||
"""Verifies checksum (md5) of image file against the expected one.
|
||||
"""Verifies checksum of image file against the expected one.
|
||||
|
||||
This method generates the checksum of the image file on the fly and
|
||||
verifies it against the expected checksum provided as argument.
|
||||
@ -919,8 +919,24 @@ def verify_image_checksum(image_location, expected_checksum):
|
||||
verification fails.
|
||||
"""
|
||||
try:
|
||||
actual_checksum = fileutils.compute_file_checksum(image_location,
|
||||
algorithm='md5')
|
||||
if len(expected_checksum) <= 32:
|
||||
actual_checksum = fileutils.compute_file_checksum(image_location,
|
||||
algorithm='md5')
|
||||
elif len(expected_checksum) <= 64:
|
||||
actual_checksum = fileutils.compute_file_checksum(
|
||||
image_location,
|
||||
algorithm='sha256')
|
||||
elif len(expected_checksum) <= 128:
|
||||
actual_checksum = fileutils.compute_file_checksum(
|
||||
image_location,
|
||||
algorithm='sha512')
|
||||
else:
|
||||
raise exception.ImageRefValidationFailed(
|
||||
image_href=image_location,
|
||||
reason="Unable to identify checksum based upon length. "
|
||||
"Please validate your checksum and ensure it is "
|
||||
"MD5, SHA256, or SHA512")
|
||||
|
||||
except IOError as e:
|
||||
LOG.error("Error opening file: %(file)s", {'file': image_location})
|
||||
raise exception.ImageRefValidationFailed(image_href=image_location,
|
||||
|
@ -1170,6 +1170,30 @@ class IloCommonMethodsTestCase(BaseIloTest):
|
||||
# | THEN |
|
||||
# no any exception thrown
|
||||
|
||||
@mock.patch.object(builtins, 'open', autospec=True)
|
||||
def test_verify_image_checksum_sha256(self, open_mock):
|
||||
# | GIVEN |
|
||||
data = b'Yankee Doodle went to town riding on a pony;'
|
||||
file_like_object = io.BytesIO(data)
|
||||
open_mock().__enter__.return_value = file_like_object
|
||||
actual_hash = hashlib.sha256(data).hexdigest()
|
||||
# | WHEN |
|
||||
ilo_common.verify_image_checksum(file_like_object, actual_hash)
|
||||
# | THEN |
|
||||
# no any exception thrown
|
||||
|
||||
@mock.patch.object(builtins, 'open', autospec=True)
|
||||
def test_verify_image_checksum_sha512(self, open_mock):
|
||||
# | GIVEN |
|
||||
data = b'Yankee Doodle went to town riding on a pony;'
|
||||
file_like_object = io.BytesIO(data)
|
||||
open_mock().__enter__.return_value = file_like_object
|
||||
actual_hash = hashlib.sha512(data).hexdigest()
|
||||
# | WHEN |
|
||||
ilo_common.verify_image_checksum(file_like_object, actual_hash)
|
||||
# | THEN |
|
||||
# no any exception thrown
|
||||
|
||||
def test_verify_image_checksum_throws_for_nonexistent_file(self):
|
||||
# | GIVEN |
|
||||
invalid_file_path = '/some/invalid/file/path'
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The ``ilo`` hardware type firmware upgrade steps, now support checksum
|
||||
determination by legnth in order to allow SHA256 and SHA512 checksums
|
||||
to be supplied by the step caller.
|
Loading…
Reference in New Issue
Block a user