summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--daemon/checksum.c84
-rw-r--r--src/MAX_PROC_NR2
-rwxr-xr-xsrc/generator.ml20
3 files changed, 104 insertions, 2 deletions
diff --git a/daemon/checksum.c b/daemon/checksum.c
index 4ee62318..f7e2d125 100644
--- a/daemon/checksum.c
+++ b/daemon/checksum.c
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <sys/stat.h>
#include "../src/guestfs_protocol.h"
#include "daemon.h"
@@ -99,3 +100,86 @@ do_checksum_device (const char *csumtype, const char *device)
{
return checksum (csumtype, device);
}
+
+/* Has one FileOut parameter. */
+int
+do_checksums_out (const char *csumtype, const char *dir)
+{
+ struct stat statbuf;
+ int r;
+
+ const char *program = program_of_csum (csumtype);
+ if (program == NULL)
+ return -1;
+
+ char *sysrootdir = sysroot_path (dir);
+ if (!sysrootdir) {
+ reply_with_perror ("malloc");
+ return -1;
+ }
+
+ r = stat (sysrootdir, &statbuf);
+ if (r == -1) {
+ reply_with_perror ("%s", dir);
+ free (sysrootdir);
+ return -1;
+ }
+ if (!S_ISDIR (statbuf.st_mode)) {
+ reply_with_error ("%s: not a directory", dir);
+ free (sysrootdir);
+ return -1;
+ }
+
+ char *cmd;
+ if (asprintf_nowarn (&cmd, "cd %Q && find -type f -print0 | xargs -0 %s",
+ sysrootdir, program) == -1) {
+ reply_with_perror ("asprintf");
+ free (sysrootdir);
+ return -1;
+ }
+ free (sysrootdir);
+
+ if (verbose)
+ fprintf (stderr, "%s\n", cmd);
+
+ FILE *fp = popen (cmd, "r");
+ if (fp == NULL) {
+ reply_with_perror ("%s", cmd);
+ free (cmd);
+ return -1;
+ }
+ free (cmd);
+
+ /* Now we must send the reply message, before the file contents. After
+ * this there is no opportunity in the protocol to send any error
+ * message back. Instead we can only cancel the transfer.
+ */
+ reply (NULL, NULL);
+
+ char str[GUESTFS_MAX_CHUNK_SIZE];
+
+ while ((r = fread (str, 1, GUESTFS_MAX_CHUNK_SIZE, fp)) > 0) {
+ if (send_file_write (str, r) < 0) {
+ pclose (fp);
+ return -1;
+ }
+ }
+
+ if (ferror (fp)) {
+ perror (dir);
+ send_file_end (1); /* Cancel. */
+ pclose (fp);
+ return -1;
+ }
+
+ if (pclose (fp) != 0) {
+ perror (dir);
+ send_file_end (1); /* Cancel. */
+ return -1;
+ }
+
+ if (send_file_end (0)) /* Normal end of file. */
+ return -1;
+
+ return 0;
+}
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index 77f83230..7f05eede 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-243
+244
diff --git a/src/generator.ml b/src/generator.ml
index c51df382..14cf462a 100755
--- a/src/generator.ml
+++ b/src/generator.ml
@@ -2028,7 +2028,9 @@ Compute the SHA512 hash (using the C<sha512sum> program).
The checksum is returned as a printable string.
-To get the checksum for a device, use C<guestfs_checksum_device>.");
+To get the checksum for a device, use C<guestfs_checksum_device>.
+
+To get the checksums for many files, use C<guestfs_checksums_out>.");
("tar_in", (RErr, [FileIn "tarfile"; Pathname "directory"]), 69, [],
[InitBasicFS, Always, TestOutput (
@@ -4546,6 +4548,22 @@ to C<filename>.");
This command downloads the contents of C<filename>, writing
it out to local file C<base64file> encoded as base64.");
+ ("checksums_out", (RErr, [String "csumtype"; Pathname "directory"; FileOut "sumsfile"]), 244, [],
+ [],
+ "compute MD5, SHAx or CRC checksum of files in a directory",
+ "\
+This command computes the checksums of all regular files in
+C<directory> and then emits a list of those checksums to
+the local output file C<sumsfile>.
+
+This can be used for verifying the integrity of a virtual
+machine. However to be properly secure you should pay
+attention to the output of the checksum command (it uses
+the ones from GNU coreutils). In particular when the
+filename is not printable, coreutils uses a special
+backslash syntax. For more information, see the GNU
+coreutils info file.");
+
]
let all_functions = non_daemon_functions @ daemon_functions