mirror of https://github.com/k3s-io/k3s
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
117 lines
3.0 KiB
117 lines
3.0 KiB
package dataverify |
|
|
|
import ( |
|
"bufio" |
|
"crypto/sha256" |
|
"encoding/hex" |
|
"fmt" |
|
"io" |
|
"os" |
|
"path/filepath" |
|
"strings" |
|
|
|
"github.com/sirupsen/logrus" |
|
) |
|
|
|
// Verify will check the sha256sums and links from the files in a given directory |
|
func Verify(dir string) error { |
|
failed := false |
|
if err := VerifySums(dir, ".sha256sums"); err != nil { |
|
logrus.Errorf("Unable to verify sums: %s", err) |
|
failed = true |
|
} |
|
if err := VerifyLinks(dir, ".links"); err != nil { |
|
logrus.Errorf("Unable to verify links: %s", err) |
|
failed = true |
|
} |
|
if failed { |
|
return fmt.Errorf("failed to verify directory %s", dir) |
|
} |
|
return nil |
|
} |
|
|
|
// VerifySums will take a file which contains a list of hash sums for files and verify they match |
|
func VerifySums(root, sumListFile string) error { |
|
sums, err := fileMapFields(filepath.Join(root, sumListFile), 1, 0) |
|
if err != nil { |
|
return err |
|
} |
|
if len(sums) == 0 { |
|
return fmt.Errorf("no entries found in %s", sumListFile) |
|
} |
|
numFailed := 0 |
|
for sumFile, sumExpected := range sums { |
|
file := filepath.Join(root, sumFile) |
|
sumActual, _ := sha256Sum(file) |
|
if sumExpected != sumActual { |
|
logrus.Errorf("Hash for file %s expected to be %s (fail)", sumFile, sumExpected) |
|
numFailed++ |
|
} else { |
|
logrus.Debugf("Verified hash %s is correct", sumFile) |
|
} |
|
} |
|
if numFailed != 0 { |
|
return fmt.Errorf("failed %d hash verifications", numFailed) |
|
} |
|
return nil |
|
} |
|
|
|
// VerifyLinks will take a file which contains a list of target links for files and verify they match |
|
func VerifyLinks(root, linkListFile string) error { |
|
links, err := fileMapFields(filepath.Join(root, linkListFile), 0, 1) |
|
if err != nil { |
|
return err |
|
} |
|
if len(links) == 0 { |
|
return fmt.Errorf("no entries found in %s", linkListFile) |
|
} |
|
numFailed := 0 |
|
for linkFile, linkExpected := range links { |
|
file := filepath.Join(root, linkFile) |
|
linkActual, _ := os.Readlink(file) |
|
if linkExpected != linkActual { |
|
logrus.Errorf("Link for file %s expected to be %s (fail)", linkFile, linkExpected) |
|
numFailed++ |
|
} else { |
|
logrus.Debugf("Verified link %s is correct", linkFile) |
|
} |
|
} |
|
if numFailed != 0 { |
|
return fmt.Errorf("failed %d link verifications", numFailed) |
|
} |
|
return nil |
|
} |
|
|
|
func fileMapFields(fileName string, key, val int) (map[string]string, error) { |
|
file, err := os.Open(fileName) |
|
if err != nil { |
|
return nil, err |
|
} |
|
defer file.Close() |
|
result := map[string]string{} |
|
scanner := bufio.NewScanner(file) |
|
for scanner.Scan() { |
|
fields := strings.Fields(scanner.Text()) |
|
if len(fields) == 0 { |
|
continue |
|
} |
|
if len(fields) <= key || len(fields) <= val { |
|
return nil, fmt.Errorf("fields for file %s (%d) smaller than required index (key: %d, val: %d)", fileName, len(fields), key, val) |
|
} |
|
result[fields[key]] = fields[val] |
|
} |
|
return result, scanner.Err() |
|
} |
|
|
|
func sha256Sum(filePath string) (string, error) { |
|
file, err := os.Open(filePath) |
|
if err != nil { |
|
return "", err |
|
} |
|
defer file.Close() |
|
hash := sha256.New() |
|
if _, err := io.Copy(hash, file); err != nil { |
|
return "", err |
|
} |
|
return hex.EncodeToString(hash.Sum(nil)), nil |
|
}
|
|
|