mirror of https://github.com/k3s-io/k3s
118 lines
3.0 KiB
Go
118 lines
3.0 KiB
Go
package dataverify
|
|
|
|
import (
|
|
"bufio"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// Verify will check the sha256sums and links from the files in a given directory
|
|
func Verify(dir string) error {
|
|
failed := false
|
|
if err := VerifySums(dir, ".sha256sums"); err != nil {
|
|
logrus.Errorf("Unable to verify sums: %s", err)
|
|
failed = true
|
|
}
|
|
if err := VerifyLinks(dir, ".links"); err != nil {
|
|
logrus.Errorf("Unable to verify links: %s", err)
|
|
failed = true
|
|
}
|
|
if failed {
|
|
return fmt.Errorf("failed to verify directory %s", dir)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// VerifySums will take a file which contains a list of hash sums for files and verify they match
|
|
func VerifySums(root, sumListFile string) error {
|
|
sums, err := fileMapFields(filepath.Join(root, sumListFile), 1, 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(sums) == 0 {
|
|
return fmt.Errorf("no entries found in %s", sumListFile)
|
|
}
|
|
numFailed := 0
|
|
for sumFile, sumExpected := range sums {
|
|
file := filepath.Join(root, sumFile)
|
|
sumActual, _ := sha256Sum(file)
|
|
if sumExpected != sumActual {
|
|
logrus.Errorf("Hash for file %s expected to be %s (fail)", sumFile, sumExpected)
|
|
numFailed++
|
|
} else {
|
|
logrus.Debugf("Verified hash %s is correct", sumFile)
|
|
}
|
|
}
|
|
if numFailed != 0 {
|
|
return fmt.Errorf("failed %d hash verifications", numFailed)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// VerifyLinks will take a file which contains a list of target links for files and verify they match
|
|
func VerifyLinks(root, linkListFile string) error {
|
|
links, err := fileMapFields(filepath.Join(root, linkListFile), 0, 1)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(links) == 0 {
|
|
return fmt.Errorf("no entries found in %s", linkListFile)
|
|
}
|
|
numFailed := 0
|
|
for linkFile, linkExpected := range links {
|
|
file := filepath.Join(root, linkFile)
|
|
linkActual, _ := os.Readlink(file)
|
|
if linkExpected != linkActual {
|
|
logrus.Errorf("Link for file %s expected to be %s (fail)", linkFile, linkExpected)
|
|
numFailed++
|
|
} else {
|
|
logrus.Debugf("Verified link %s is correct", linkFile)
|
|
}
|
|
}
|
|
if numFailed != 0 {
|
|
return fmt.Errorf("failed %d link verifications", numFailed)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func fileMapFields(fileName string, key, val int) (map[string]string, error) {
|
|
file, err := os.Open(fileName)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer file.Close()
|
|
result := map[string]string{}
|
|
scanner := bufio.NewScanner(file)
|
|
for scanner.Scan() {
|
|
fields := strings.Fields(scanner.Text())
|
|
if len(fields) == 0 {
|
|
continue
|
|
}
|
|
if len(fields) <= key || len(fields) <= val {
|
|
return nil, fmt.Errorf("fields for file %s (%d) smaller than required index (key: %d, val: %d)", fileName, len(fields), key, val)
|
|
}
|
|
result[fields[key]] = fields[val]
|
|
}
|
|
return result, scanner.Err()
|
|
}
|
|
|
|
func sha256Sum(filePath string) (string, error) {
|
|
file, err := os.Open(filePath)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
defer file.Close()
|
|
hash := sha256.New()
|
|
if _, err := io.Copy(hash, file); err != nil {
|
|
return "", err
|
|
}
|
|
return hex.EncodeToString(hash.Sum(nil)), nil
|
|
}
|