Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(467)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 13842044: Validate tools using sha256 checksum (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
11 years, 6 months ago by wallyworld
Modified:
11 years, 6 months ago
Reviewers:
mp+187150, mue, jameinel, rog
Visibility:
Public.

Description

Validate tools using sha256 checksum The simplestreams tools metadata includes a sha256 checksum and the size of the tarball. When tools are unpacked, and when they are downloaded to the bootstrap node, the checksum and size are matched against the tarball and an error is raised if there is a mismatch. Legacy tools loading does not support checksums so tests needed to be changed accordingly. In so doing, some common tools helpers were moved to environs/testing/tools.go. This also has the benefit of keeping the tools related test code in one place, making it easier to swap out the legacy code later. https://code.launchpad.net/~wallyworld/juju-core/check-tools-checksum/+merge/187150 (do not edit description out of merge proposal)

Patch Set 1 #

Total comments: 22
Unified diffs Side-by-side diffs Delta from patch set Stats (+356 lines, -183 lines) Patch
A [revision details] View 1 chunk +2 lines, -0 lines 0 comments Download
M agent/tools/diskmanager_test.go View 3 chunks +17 lines, -8 lines 0 comments Download
M agent/tools/tools_test.go View 11 chunks +81 lines, -36 lines 0 comments Download
M agent/tools/toolsdir.go View 5 chunks +39 lines, -18 lines 6 comments Download
M cmd/juju/status_test.go View 1 chunk +3 lines, -1 line 0 comments Download
M cmd/juju/upgradejuju_test.go View 3 chunks +35 lines, -3 lines 0 comments Download
M cmd/jujud/agent_test.go View 6 chunks +11 lines, -40 lines 0 comments Download
M cmd/jujud/machine_test.go View 1 chunk +1 line, -1 line 0 comments Download
M cmd/jujud/unit_test.go View 1 chunk +1 line, -1 line 0 comments Download
M environs/cloudinit/cloudinit.go View 3 chunks +13 lines, -3 lines 10 comments Download
M environs/cloudinit/cloudinit_test.go View 5 chunks +22 lines, -8 lines 0 comments Download
M environs/testing/tools.go View 2 chunks +54 lines, -5 lines 0 comments Download
M environs/tools/storage_test.go View 1 chunk +5 lines, -0 lines 0 comments Download
M state/machine.go View 1 chunk +3 lines, -0 lines 0 comments Download
M state/machine_test.go View 2 chunks +4 lines, -0 lines 0 comments Download
M state/state_test.go View 1 chunk +3 lines, -1 line 0 comments Download
M state/tools_test.go View 2 chunks +4 lines, -0 lines 0 comments Download
M state/unit.go View 1 chunk +3 lines, -0 lines 2 comments Download
M testing/targz.go View 3 chunks +9 lines, -3 lines 4 comments Download
M tools/marshal.go View 3 chunks +5 lines, -1 line 0 comments Download
M tools/marshal_test.go View 2 chunks +4 lines, -0 lines 0 comments Download
M tools/tools.go View 1 chunk +4 lines, -4 lines 0 comments Download
M worker/deployer/simple_test.go View 3 chunks +7 lines, -2 lines 0 comments Download
M worker/provisioner/lxc-broker_test.go View 2 chunks +6 lines, -2 lines 0 comments Download
M worker/upgrader/upgrader_test.go View 11 chunks +20 lines, -46 lines 0 comments Download

Messages

Total messages: 6
wallyworld
Please take a look.
11 years, 6 months ago (2013-09-24 05:51:52 UTC) #1
mue
LGTM
11 years, 6 months ago (2013-09-24 10:44:02 UTC) #2
jameinel
a thought https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.go File environs/cloudinit/cloudinit.go (right): https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.go#newcode155 environs/cloudinit/cloudinit.go:155: cfg.Tools.SHA256, cfg.Tools.Version.String()), don't we need to check ...
11 years, 6 months ago (2013-09-24 11:07:07 UTC) #3
wallyworld
https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.go File environs/cloudinit/cloudinit.go (right): https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.go#newcode155 environs/cloudinit/cloudinit.go:155: cfg.Tools.SHA256, cfg.Tools.Version.String()), On 2013/09/24 11:07:07, jameinel wrote: > don't ...
11 years, 6 months ago (2013-09-24 11:17:46 UTC) #4
rog
LGTM modulo the comments below, based on reading the actual code changes. I haven't looked ...
11 years, 6 months ago (2013-09-24 11:48:33 UTC) #5
wallyworld
11 years, 6 months ago (2013-09-25 00:19:15 UTC) #6 
https://codereview.appspot.com/13842044/diff/1/agent/tools/toolsdir.go
File agent/tools/toolsdir.go (right):

https://codereview.appspot.com/13842044/diff/1/agent/tools/toolsdir.go#newcode45
agent/tools/toolsdir.go:45: gzipBytes, err := io.Copy(buf, r)
On 2013/09/24 11:48:34, rog wrote:
> Storing all this in memory isn't great, and
> it's something that was specifically avoided before.
> 
> Please could we unpack to a temporary file,
> checksumming when we do that (see io.TeeReader), then untar
> from that file if the checksum matches.

I've done that but we lose the size check. I don't that that matters in practise
because we are using the checksum.

https://codereview.appspot.com/13842044/diff/1/agent/tools/toolsdir.go#newcod...
agent/tools/toolsdir.go:140: // ReadTools checks that the tools information for
the given version exist
On 2013/09/24 11:48:34, rog wrote:
> s/exist/exists/

Done.

https://codereview.appspot.com/13842044/diff/1/agent/tools/toolsdir.go#newcod...
agent/tools/toolsdir.go:142: // The tools information is json encoded in a text
file named by the toolsFile constant.
On 2013/09/24 11:48:34, rog wrote:
> That's not a very useful doc comment when the toolsFile constant
> so isn't actually available to the reader of the documentation.
> Please export the constant or state the path explicitly in the
> doc command.

I'm not sure what effect exporting the constant will have? Why can't the reader
just click through to the constant declaration if they are reading the code if
they want to know what the value is?
I'll replace the reference to the constant with it's actual value, but it means
now there's a place that can get stale if the constant ever changes which is
unfortunate.

https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.go
File environs/cloudinit/cloudinit.go (right):

https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.g...
environs/cloudinit/cloudinit.go:144: toolsJson, err := json.Marshal(cfg.Tools)
On 2013/09/24 11:48:34, rog wrote:
> I'm probably blind, but where is toolsJson used?

Down below - it's written to downloaded-tools.txt

https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.g...
environs/cloudinit/cloudinit.go:152: shquote(cfg.Tools.URL),
cfg.Tools.Version.String()),
On 2013/09/24 11:48:34, rog wrote:
> s/.String()//
> 
> (it's redundant, as %s already calls the String method if appropriate)

Done.

https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.g...
environs/cloudinit/cloudinit.go:154: fmt.Sprintf(`grep "%s  -"
$bin/juju%s.sha256 || (echo "Tools checksum mismatch"; exit 1)`,
On 2013/09/24 11:48:34, rog wrote:
> I think I'd just do:
> 
> `grep '%s' ...
> 
> so that we're not dependent on the two spaces that seem
> to be printed by sha256sum. Given that we're grepping
> for the full checksum, that's just as safe.
> 
> (also, in general I like to see single quotes where possible,
> just for the reassurance that no funny shell expansions
> are going on, even if it may be theoretically impossible
> for that to happen in this case).

Done.

https://codereview.appspot.com/13842044/diff/1/environs/cloudinit/cloudinit.g...
environs/cloudinit/cloudinit.go:157: fmt.Sprintf("echo -n %s >
$bin/downloaded-tools.txt", shquote(string(toolsJson))),
On 2013/09/24 11:48:34, rog wrote:
> I suppose we should probably use printf(1) here now.

Done.

https://codereview.appspot.com/13842044/diff/1/state/unit.go
File state/unit.go (right):

https://codereview.appspot.com/13842044/diff/1/state/unit.go#newcode182
state/unit.go:182: if t.URL != "" && (t.Size == 0 || t.SHA256 == "") {
On 2013/09/24 11:48:34, rog wrote:
> Given the duplication with machine.go, it might be
> worth factoring this logic out into function:
> 
> // checkToolsValidity checks whether the given
> // tools are suitable for passing to SetAgentTools.
> func checkToolsValidity(t *tools.Tools) error

Done.

https://codereview.appspot.com/13842044/diff/1/testing/targz.go
File testing/targz.go (right):

https://codereview.appspot.com/13842044/diff/1/testing/targz.go#newcode51
testing/targz.go:51: // TarGz returns the given files in gzipped tar-archive
format, along with the tarball size and sha256 checksum.
On 2013/09/24 11:48:34, rog wrote:
> This comment could do with reformatting.
> 
> Also, why return the size? It's always len(data)
> and hence redundant (and potentially misleading)
> to return it separately.

Done.

https://codereview.appspot.com/13842044/diff/1/testing/targz.go#newcode54
testing/targz.go:54: gzw := gzip.NewWriter(&buf)
On 2013/09/24 11:48:34, rog wrote:
> You could do:
> 
> var buf bytes.Buffer
> sha256hash := sha256.New()
> gzw := gzip.New(io.MultiWriter(&buf, sha256hash))
> 
> which saves 4 or 5 lines below.

Done.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b