From ba7d45a5260c7e7e8563c300652e141e2251000e Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Wed, 3 May 2023 10:17:37 -0700 Subject: [PATCH] Update MD5 checksum references Change-Id: Ibc73ba24aba7644bdfc131a23f2f4060bb053f4f --- metalsmith/_cmd.py | 2 +- metalsmith/sources.py | 16 ++++++++-------- .../modules/metalsmith_instances.py | 2 +- .../roles/metalsmith_deployment/README.rst | 6 +++--- playbooks/integration/cirros-image.yaml | 8 ++++---- ...eferences-for-checksums-44206e710b0506fe.yaml | 8 ++++++++ 6 files changed, 25 insertions(+), 17 deletions(-) create mode 100644 releasenotes/notes/update-references-for-checksums-44206e710b0506fe.yaml diff --git a/metalsmith/_cmd.py b/metalsmith/_cmd.py index 6b77306..15d6d4a 100644 --- a/metalsmith/_cmd.py +++ b/metalsmith/_cmd.py @@ -147,7 +147,7 @@ def _parse_args(args, config): deploy.add_argument('--image', help='image to use (name, UUID or URL)', required=True) deploy.add_argument('--image-checksum', - help='image MD5 checksum or URL with checksums') + help='image SHA256 checksum or URL with checksums') deploy.add_argument('--image-kernel', help='URL of the image\'s kernel') deploy.add_argument('--image-ramdisk', help='URL of the image\'s ramdisk') deploy.add_argument('--network', help='network to create a port on ' diff --git a/metalsmith/sources.py b/metalsmith/sources.py index 8c9d87f..3edf693 100644 --- a/metalsmith/sources.py +++ b/metalsmith/sources.py @@ -100,10 +100,10 @@ class HttpWholeDiskImage(_Source): """Create an HTTP source. :param url: URL of the image. - :param checksum: MD5 checksum of the image. Mutually exclusive with + :param checksum: SHA256 checksum of the image. Mutually exclusive with ``checksum_url``. :param checksum_url: URL of the checksum file for the image. Has to - be in the standard format of the ``md5sum`` tool. Mutually + be in the standard format of the ``sha256sum`` tool. Mutually exclusive with ``checksum``. :param disk_format: Optional value to set for ``instance_info`` ``image_disk_format``. @@ -170,11 +170,11 @@ class HttpPartitionImage(HttpWholeDiskImage): :param url: URL of the root disk image. :param kernel_url: URL of the kernel image. :param ramdisk_url: URL of the initramfs image. - :param checksum: MD5 checksum of the root disk image. Mutually + :param checksum: SHA256 checksum of the root disk image. Mutually exclusive with ``checksum_url``. :param checksum_url: URL of the checksum file for the root disk image. - Has to be in the standard format of the ``md5sum`` tool. Mutually - exclusive with ``checksum``. + Has to be in the standard format of the ``sha256sum`` tool. + Mutually exclusive with ``checksum``. :param disk_format: Optional value to set for ``instance_info`` ``image_disk_format``. """ @@ -212,7 +212,7 @@ class FileWholeDiskImage(_Source): :param location: Location of the image, optionally starting with ``file://``. - :param checksum: MD5 checksum of the image. DEPRECATED: checksums do + :param checksum: SHA256 checksum of the image. DEPRECATED: checksums do not actually work with file images. """ if not location.startswith('file://'): @@ -250,7 +250,7 @@ class FilePartitionImage(FileWholeDiskImage): optionally starting with ``file://``. :param ramdisk_location: Location of the ramdisk of the image, optionally starting with ``file://``. - :param checksum: MD5 checksum of the image. DEPRECATED: checksums do + :param checksum: SHA256 checksum of the image. DEPRECATED: checksums do not actually work with file images. """ super(FilePartitionImage, self).__init__(location, checksum) @@ -286,7 +286,7 @@ def detect(image, kernel=None, ramdisk=None, checksum=None): ``http://``, ``https://`` link or a Glance image name or UUID. :param ramdisk: Location of the ramdisk (if present): ``file://``, ``http://``, ``https://`` link or a Glance image name or UUID. - :param checksum: MD5 checksum of the image: ``http://`` or ``https://`` + :param checksum: SHA256 checksum of the image: ``http://`` or ``https://`` link or a string. :return: A valid source object. :raises: ValueError if the given parameters do not correspond to any diff --git a/metalsmith_ansible/ansible_plugins/modules/metalsmith_instances.py b/metalsmith_ansible/ansible_plugins/modules/metalsmith_instances.py index fc28918..355bd2c 100644 --- a/metalsmith_ansible/ansible_plugins/modules/metalsmith_instances.py +++ b/metalsmith_ansible/ansible_plugins/modules/metalsmith_instances.py @@ -80,7 +80,7 @@ options: required: True checksum : description: - - Image MD5 checksum or URL with checksums + - Image SHA256, or SHA512 checksum or URL with checksums. MD5 is deprecated. type: str kernel: description: diff --git a/metalsmith_ansible/roles/metalsmith_deployment/README.rst b/metalsmith_ansible/roles/metalsmith_deployment/README.rst index 6078c20..1dbecd4 100644 --- a/metalsmith_ansible/roles/metalsmith_deployment/README.rst +++ b/metalsmith_ansible/roles/metalsmith_deployment/README.rst @@ -83,7 +83,7 @@ Each instances has the following attributes: ``image`` (defaults to ``metalsmith_image``) UUID, name or HTTP(s) URL of the image to use for deployment. Mandatory. ``image_checksum`` (defaults to ``metalsmith_image_checksum``) - MD5 checksum or checksum file URL for an HTTP(s) image. + SHA256 checksum or checksum file URL for an HTTP(s) image. ``image_kernel`` (defaults to ``metalsmith_image_kernel``) URL of the kernel image if and only if the ``image`` is a URL of a partition image. @@ -203,8 +203,8 @@ Example image: https://example.com/images/custom-1.0.root.img image_kernel: https://example.com/images/custom-1.0.vmlinuz image_ramdisk: https://example.com/images/custom-1.0.initrd - image_checksum: https://example.com/images/MD5SUMS + image_checksum: https://example.com/images/SHA256SUMS - hostname: custom-whole-disk-image resource_class: custom image: https://example.com/images/custom-1.0.qcow2 - image_checksum: https://example.com/images/MD5SUMS + image_checksum: https://example.com/images/SHA256SUMS diff --git a/playbooks/integration/cirros-image.yaml b/playbooks/integration/cirros-image.yaml index 6ffd236..c6a769b 100644 --- a/playbooks/integration/cirros-image.yaml +++ b/playbooks/integration/cirros-image.yaml @@ -54,8 +54,8 @@ creates: /opt/stack/data/ironic/httpboot/metalsmith/{{ cirros_partition_image_result.stdout }}.img become: yes - - name: Create MD5 checksums file for images - shell: md5sum cirros-* > CHECKSUMS + - name: Create SHA256 checksums file for images + shell: sha256sum cirros-* > CHECKSUMS args: chdir: /opt/stack/data/ironic/httpboot/metalsmith become: yes @@ -69,9 +69,9 @@ mode: a+r become: yes - - name: Calculate MD5 checksum for HTTP disk image + - name: Calculate SHA256 checksum for HTTP disk image shell: | - md5sum /opt/stack/devstack/files/{{ cirros_disk_image_result.stdout }}.img \ + sha256sum /opt/stack/devstack/files/{{ cirros_disk_image_result.stdout }}.img \ | awk '{ print $1; }' register: cirros_disk_image_checksum_result failed_when: cirros_disk_image_checksum_result.stdout == "" diff --git a/releasenotes/notes/update-references-for-checksums-44206e710b0506fe.yaml b/releasenotes/notes/update-references-for-checksums-44206e710b0506fe.yaml new file mode 100644 index 0000000..2107096 --- /dev/null +++ b/releasenotes/notes/update-references-for-checksums-44206e710b0506fe.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + During the *bobcat* development cycle, the Ironic community updated the + MD5 checksum logic in the ``ironic-python-agent`` to be explicitly + disabled, and added support for the checksums to be conveyed as a + SHA256 or SHA512 checksum. + With this upgrade, we have updated our references and playbooks.