diff options
author | Zuul <zuul@review.opendev.org> | 2023-05-09 23:45:15 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-05-09 23:45:15 +0000 |
commit | 832275015af5f187105e1de2558f7811b64a6d03 (patch) | |
tree | 1603d59c6d3f9017de1614423e7f250d4d04ca8b | |
parent | 1d0818cba2d948902ca056e6f82f873838415c0e (diff) | |
parent | 03cd9788e6ad658641b0c3328d10636c5aab96a4 (diff) | |
download | ironic-832275015af5f187105e1de2558f7811b64a6d03.tar.gz |
Merge "Support longer checksums for redfish firmware upgrade"
4 files changed, 47 insertions, 3 deletions
diff --git a/doc/source/admin/drivers/redfish.rst b/doc/source/admin/drivers/redfish.rst index 771908838..6628f48df 100644 --- a/doc/source/admin/drivers/redfish.rst +++ b/doc/source/admin/drivers/redfish.rst @@ -407,7 +407,7 @@ The ``update_firmware`` cleaning step accepts JSON in the following format:: "firmware_images":[ { "url": "<url_to_firmware_image1>", - "checksum": "<checksum for image, uses SHA1>", + "checksum": "<checksum for image, uses SHA1, SHA256, or SHA512>", "source": "<optional override source setting for image>", "wait": <number_of_seconds_to_wait> }, diff --git a/ironic/drivers/modules/redfish/firmware_utils.py b/ironic/drivers/modules/redfish/firmware_utils.py index c73cb80dd..feeec2df2 100644 --- a/ironic/drivers/modules/redfish/firmware_utils.py +++ b/ironic/drivers/modules/redfish/firmware_utils.py @@ -137,8 +137,22 @@ def verify_checksum(node, checksum, file_path): :param file_path: File path for which to verify checksum :raises RedfishError: When checksum does not match """ - calculated_checksum = fileutils.compute_file_checksum( - file_path, algorithm='sha1') + if len(checksum) <= 41: + # SHA1: 40 bytes long + calculated_checksum = fileutils.compute_file_checksum( + file_path, algorithm='sha1') + elif len(checksum) <= 64: + calculated_checksum = fileutils.compute_file_checksum( + file_path, algorithm='sha256') + elif len(checksum) <= 128: + calculated_checksum = fileutils.compute_file_checksum( + file_path, algorithm='sha512') + else: + raise exception.RedfishError( + _('Unable to identify checksum to perform firmware file checksum ' + 'calculation. Please validate your input in and try again. ' + 'Received: %(checksum)s') + % {'checksum': checksum}) if checksum != calculated_checksum: raise exception.RedfishError( _('For node %(node)s firmware file %(temp_file)s checksums do not ' diff --git a/ironic/tests/unit/drivers/modules/redfish/test_firmware_utils.py b/ironic/tests/unit/drivers/modules/redfish/test_firmware_utils.py index 61bc23e48..0bbc38eba 100644 --- a/ironic/tests/unit/drivers/modules/redfish/test_firmware_utils.py +++ b/ironic/tests/unit/drivers/modules/redfish/test_firmware_utils.py @@ -256,6 +256,30 @@ class FirmwareUtilsTestCase(base.TestCase): mock_compute_file_checksum.assert_called_with( file_path, algorithm='sha1') + @mock.patch.object(fileutils, 'compute_file_checksum', autospec=True) + def test_verify_checksum_sha256(self, mock_compute_file_checksum): + checksum = 'a' * 64 + file_path = '/tmp/bios.exe' + mock_compute_file_checksum.return_value = checksum + node = mock.Mock(uuid='9f0f6795-f74e-4b5a-850e-72f586a92435') + + firmware_utils.verify_checksum(node, checksum, file_path) + + mock_compute_file_checksum.assert_called_with( + file_path, algorithm='sha256') + + @mock.patch.object(fileutils, 'compute_file_checksum', autospec=True) + def test_verify_checksum_sha512(self, mock_compute_file_checksum): + checksum = 'a' * 128 + file_path = '/tmp/bios.exe' + mock_compute_file_checksum.return_value = checksum + node = mock.Mock(uuid='9f0f6795-f74e-4b5a-850e-72f586a92435') + + firmware_utils.verify_checksum(node, checksum, file_path) + + mock_compute_file_checksum.assert_called_with( + file_path, algorithm='sha512') + @mock.patch.object(os, 'makedirs', autospec=True) @mock.patch.object(shutil, 'copyfile', autospec=True) @mock.patch.object(os, 'link', autospec=True) diff --git a/releasenotes/notes/redfish-firmware-sha256-sha512-3e40c3a087fe42b4.yaml b/releasenotes/notes/redfish-firmware-sha256-sha512-3e40c3a087fe42b4.yaml new file mode 100644 index 000000000..f6614df97 --- /dev/null +++ b/releasenotes/notes/redfish-firmware-sha256-sha512-3e40c3a087fe42b4.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + The Redfish firmware upgrade interface now supports checksum determination + by length, and ``sha256`` and ``sha512`` checksums may now be supplied to + the step arguments. |