k3s/pkg/dataverify/dataverify.go

118 lines
3.0 KiB
Go

package dataverify
import (
"bufio"
"crypto/sha256"
"encoding/hex"
"fmt"
"io"
"os"
"path/filepath"
"strings"
"github.com/sirupsen/logrus"
)
// Verify will check the sha256sums and links from the files in a given directory
func Verify(dir string) error {
failed := false
if err := VerifySums(dir, ".sha256sums"); err != nil {
logrus.Errorf("Unable to verify sums: %s", err)
failed = true
}
if err := VerifyLinks(dir, ".links"); err != nil {
logrus.Errorf("Unable to verify links: %s", err)
failed = true
}
if failed {
return fmt.Errorf("failed to verify directory %s", dir)
}
return nil
}
// VerifySums will take a file which contains a list of hash sums for files and verify they match
func VerifySums(root, sumListFile string) error {
sums, err := fileMapFields(filepath.Join(root, sumListFile), 1, 0)
if err != nil {
return err
}
if len(sums) == 0 {
return fmt.Errorf("no entries found in %s", sumListFile)
}
numFailed := 0
for sumFile, sumExpected := range sums {
file := filepath.Join(root, sumFile)
sumActual, _ := sha256Sum(file)
if sumExpected != sumActual {
logrus.Errorf("Hash for file %s expected to be %s (fail)", sumFile, sumExpected)
numFailed++
} else {
logrus.Debugf("Verified hash %s is correct", sumFile)
}
}
if numFailed != 0 {
return fmt.Errorf("failed %d hash verifications", numFailed)
}
return nil
}
// VerifyLinks will take a file which contains a list of target links for files and verify they match
func VerifyLinks(root, linkListFile string) error {
links, err := fileMapFields(filepath.Join(root, linkListFile), 0, 1)
if err != nil {
return err
}
if len(links) == 0 {
return fmt.Errorf("no entries found in %s", linkListFile)
}
numFailed := 0
for linkFile, linkExpected := range links {
file := filepath.Join(root, linkFile)
linkActual, _ := os.Readlink(file)
if linkExpected != linkActual {
logrus.Errorf("Link for file %s expected to be %s (fail)", linkFile, linkExpected)
numFailed++
} else {
logrus.Debugf("Verified link %s is correct", linkFile)
}
}
if numFailed != 0 {
return fmt.Errorf("failed %d link verifications", numFailed)
}
return nil
}
func fileMapFields(fileName string, key, val int) (map[string]string, error) {
file, err := os.Open(fileName)
if err != nil {
return nil, err
}
defer file.Close()
result := map[string]string{}
scanner := bufio.NewScanner(file)
for scanner.Scan() {
fields := strings.Fields(scanner.Text())
if len(fields) == 0 {
continue
}
if len(fields) <= key || len(fields) <= val {
return nil, fmt.Errorf("fields for file %s (%d) smaller than required index (key: %d, val: %d)", fileName, len(fields), key, val)
}
result[fields[key]] = fields[val]
}
return result, scanner.Err()
}
func sha256Sum(filePath string) (string, error) {
file, err := os.Open(filePath)
if err != nil {
return "", err
}
defer file.Close()
hash := sha256.New()
if _, err := io.Copy(hash, file); err != nil {
return "", err
}
return hex.EncodeToString(hash.Sum(nil)), nil
}