← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81617

[Bug 1863534] [NEW] [openstacksdk] Create image doesn't validate checksum correctly using sha256 algorithm

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I have set config option ``hashing_algorithm`` value as sha256 in
glance.

Now, I'm trying to create an image using openstacksdk.

I have set hash value of the image to sha256 parameter of create_image
method but it fails with an error "Image checksum verification failed".

Reason: glance store calculates checksum using md5 algorithm and it
calculates owner_specified.openstack.sha256/os_hash_value of an image
using the algorithm that's set in ``hashing_algorithm``. In
openstacksdk, it compares the checksum as shown below:


  checksum = data.get('checksum')
  if checksum:
      valid = (checksum == md5 or checksum == sha256)
      if not valid:
          raise Exception('Image checksum verification failed')

IMO, except md5 algorithm, it should compare sha256 with the
os_hash_value that's calculated and set by glance for an image.


for cirros-0.4.0-x86_64-disk.img image:-
md5 checksum is 443b7623e27ecf03dc9e01ee93f67afe
sha256 checksum is a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8

If I pass sha256 parameter to create_image as
a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8, it
fails to create an image.

** Affects: glance
     Importance: Undecided
         Status: New

** Summary changed:

- [openstacksdk] Create image doesn't validate checksum using  sha256 algorithm
+ [openstacksdk] Create image doesn't validate checksum correctly using  sha256 algorithm

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1863534

Title:
  [openstacksdk] Create image doesn't validate checksum correctly using
  sha256 algorithm

Status in Glance:
  New

Bug description:
  I have set config option ``hashing_algorithm`` value as sha256 in
  glance.

  Now, I'm trying to create an image using openstacksdk.

  I have set hash value of the image to sha256 parameter of create_image
  method but it fails with an error "Image checksum verification
  failed".

  Reason: glance store calculates checksum using md5 algorithm and it
  calculates owner_specified.openstack.sha256/os_hash_value of an image
  using the algorithm that's set in ``hashing_algorithm``. In
  openstacksdk, it compares the checksum as shown below:

  
    checksum = data.get('checksum')
    if checksum:
        valid = (checksum == md5 or checksum == sha256)
        if not valid:
            raise Exception('Image checksum verification failed')

  IMO, except md5 algorithm, it should compare sha256 with the
  os_hash_value that's calculated and set by glance for an image.

  
  for cirros-0.4.0-x86_64-disk.img image:-
  md5 checksum is 443b7623e27ecf03dc9e01ee93f67afe
  sha256 checksum is a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8

  If I pass sha256 parameter to create_image as
  a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8, it
  fails to create an image.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1863534/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next