diff options
-rw-r--r-- | daemon/checksum.c | 84 | ||||
-rw-r--r-- | src/MAX_PROC_NR | 2 | ||||
-rwxr-xr-x | src/generator.ml | 20 |
3 files changed, 104 insertions, 2 deletions
diff --git a/daemon/checksum.c b/daemon/checksum.c index 4ee62318..f7e2d125 100644 --- a/daemon/checksum.c +++ b/daemon/checksum.c @@ -22,6 +22,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <sys/stat.h> #include "../src/guestfs_protocol.h" #include "daemon.h" @@ -99,3 +100,86 @@ do_checksum_device (const char *csumtype, const char *device) { return checksum (csumtype, device); } + +/* Has one FileOut parameter. */ +int +do_checksums_out (const char *csumtype, const char *dir) +{ + struct stat statbuf; + int r; + + const char *program = program_of_csum (csumtype); + if (program == NULL) + return -1; + + char *sysrootdir = sysroot_path (dir); + if (!sysrootdir) { + reply_with_perror ("malloc"); + return -1; + } + + r = stat (sysrootdir, &statbuf); + if (r == -1) { + reply_with_perror ("%s", dir); + free (sysrootdir); + return -1; + } + if (!S_ISDIR (statbuf.st_mode)) { + reply_with_error ("%s: not a directory", dir); + free (sysrootdir); + return -1; + } + + char *cmd; + if (asprintf_nowarn (&cmd, "cd %Q && find -type f -print0 | xargs -0 %s", + sysrootdir, program) == -1) { + reply_with_perror ("asprintf"); + free (sysrootdir); + return -1; + } + free (sysrootdir); + + if (verbose) + fprintf (stderr, "%s\n", cmd); + + FILE *fp = popen (cmd, "r"); + if (fp == NULL) { + reply_with_perror ("%s", cmd); + free (cmd); + return -1; + } + free (cmd); + + /* Now we must send the reply message, before the file contents. After + * this there is no opportunity in the protocol to send any error + * message back. Instead we can only cancel the transfer. + */ + reply (NULL, NULL); + + char str[GUESTFS_MAX_CHUNK_SIZE]; + + while ((r = fread (str, 1, GUESTFS_MAX_CHUNK_SIZE, fp)) > 0) { + if (send_file_write (str, r) < 0) { + pclose (fp); + return -1; + } + } + + if (ferror (fp)) { + perror (dir); + send_file_end (1); /* Cancel. */ + pclose (fp); + return -1; + } + + if (pclose (fp) != 0) { + perror (dir); + send_file_end (1); /* Cancel. */ + return -1; + } + + if (send_file_end (0)) /* Normal end of file. */ + return -1; + + return 0; +} diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR index 77f83230..7f05eede 100644 --- a/src/MAX_PROC_NR +++ b/src/MAX_PROC_NR @@ -1 +1 @@ -243 +244 diff --git a/src/generator.ml b/src/generator.ml index c51df382..14cf462a 100755 --- a/src/generator.ml +++ b/src/generator.ml @@ -2028,7 +2028,9 @@ Compute the SHA512 hash (using the C<sha512sum> program). The checksum is returned as a printable string. -To get the checksum for a device, use C<guestfs_checksum_device>."); +To get the checksum for a device, use C<guestfs_checksum_device>. + +To get the checksums for many files, use C<guestfs_checksums_out>."); ("tar_in", (RErr, [FileIn "tarfile"; Pathname "directory"]), 69, [], [InitBasicFS, Always, TestOutput ( @@ -4546,6 +4548,22 @@ to C<filename>."); This command downloads the contents of C<filename>, writing it out to local file C<base64file> encoded as base64."); + ("checksums_out", (RErr, [String "csumtype"; Pathname "directory"; FileOut "sumsfile"]), 244, [], + [], + "compute MD5, SHAx or CRC checksum of files in a directory", + "\ +This command computes the checksums of all regular files in +C<directory> and then emits a list of those checksums to +the local output file C<sumsfile>. + +This can be used for verifying the integrity of a virtual +machine. However to be properly secure you should pay +attention to the output of the checksum command (it uses +the ones from GNU coreutils). In particular when the +filename is not printable, coreutils uses a special +backslash syntax. For more information, see the GNU +coreutils info file."); + ] let all_functions = non_daemon_functions @ daemon_functions |