diff --git a/debian/rules b/debian/rules
index d178afa67307..f8a6efbafe5e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -85,7 +85,7 @@ override_dh_auto_install:
cp client/target/lib/*jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/
cp -r engine/schema/dist/systemvm-templates/* $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/
cp -r plugins/integrations/kubernetes-service/src/main/resources/conf/* $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/
- rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/md5sum.txt
+ rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/sha512sum.txt
# Bundle cmk in cloudstack-management
wget https://github.com/apache/cloudstack-cloudmonkey/releases/download/$(CMK_REL)/cmk.linux.x86-64 -O $(DESTDIR)/usr/bin/cmk
diff --git a/engine/schema/pom.xml b/engine/schema/pom.xml
index b888b5dd474c..af6ff034af8e 100644
--- a/engine/schema/pom.xml
+++ b/engine/schema/pom.xml
@@ -106,7 +106,7 @@
templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-xen")
templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-ovm")
templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-hyperv")
- File file = new File("./engine/schema/dist/systemvm-templates/md5sum.txt")
+ File file = new File("./engine/schema/dist/systemvm-templates/sha512sum.txt")
def lines = file.readLines()
for (template in templateList) {
def data = lines.findAll { it.contains(template) }
@@ -135,7 +135,7 @@
wget
- ${project.systemvm.template.location}/${cs.version}/md5sum.txt
+ ${project.systemvm.template.location}/${cs.version}/sha512sum.txt
${basedir}/dist/systemvm-templates/
true
true
@@ -205,7 +205,7 @@
true
${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-kvm.qcow2.bz2
${basedir}/dist/systemvm-templates/
- ${kvm.checksum}
+ ${kvm.checksum}
@@ -241,7 +241,7 @@
true
${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-vmware.ova
${basedir}/dist/systemvm-templates/
- ${vmware.checksum}
+ ${vmware.checksum}
@@ -277,7 +277,7 @@
true
${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-xen.vhd.bz2
${basedir}/dist/systemvm-templates/
- ${xen.checksum}
+ ${xen.checksum}
@@ -313,7 +313,7 @@
true
${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-ovm.raw.bz2
${basedir}/dist/systemvm-templates/
- ${ovm.checksum}
+ ${ovm.checksum}
@@ -349,7 +349,7 @@
true
${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-hyperv.vhd.zip
${basedir}/dist/systemvm-templates/
- ${hyperv.checksum}
+ ${hyperv.checksum}
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
index 5a50b96d8f2a..630739b85528 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -203,3 +203,6 @@ SET `sort_key` = CASE
ELSE `sort_key`
END;
-- End: Changes for Guest OS category cleanup
+
+-- Increase length of scripts_version column to 128 due to md5sum to sha512sum change
+CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('cloud.domain_router', 'scripts_version', 'scripts_version', 'VARCHAR(128)');
diff --git a/engine/schema/templateConfig.sh b/engine/schema/templateConfig.sh
index bed51a48a8fe..d54bfcf901fc 100644
--- a/engine/schema/templateConfig.sh
+++ b/engine/schema/templateConfig.sh
@@ -84,5 +84,5 @@ PARENTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/dist/systemvm-
mkdir -p $PARENTPATH
METADATAFILE=${PARENTPATH}"metadata.ini"
echo > $METADATAFILE
-SOURCEFILE=${PARENTPATH}'md5sum.txt'
+SOURCEFILE=${PARENTPATH}'sha512sum.txt'
createMetadataFile
diff --git a/packaging/el8/cloud.spec b/packaging/el8/cloud.spec
index 2c6898cac7c6..72d6b3f39102 100644
--- a/packaging/el8/cloud.spec
+++ b/packaging/el8/cloud.spec
@@ -317,7 +317,7 @@ install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-n
# SystemVM template
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
cp -r engine/schema/dist/systemvm-templates/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
-rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm/md5sum.txt
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm/sha512sum.txt
# UI
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/ui
diff --git a/server/src/main/java/com/cloud/storage/StorageManagerImpl.java b/server/src/main/java/com/cloud/storage/StorageManagerImpl.java
index 5de7ade696ac..2107dbaef166 100644
--- a/server/src/main/java/com/cloud/storage/StorageManagerImpl.java
+++ b/server/src/main/java/com/cloud/storage/StorageManagerImpl.java
@@ -4046,7 +4046,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
}
}
} catch (Exception e) {
- logger.error("Failed to register systemVM template(s)");
+ logger.error("Failed to register systemVM template(s) due to: ", e);
} finally {
SystemVmTemplateRegistration.unmountStore(filePath);
txn.close();
diff --git a/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh b/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh
index 05edc3fbf61f..f7c071c8cc0e 100755
--- a/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh
@@ -118,6 +118,10 @@ bootstrap() {
/opt/cloud/bin/setup/default.sh
fi
+ if [ -f /var/cache/cloud/cloud-scripts.tgz ];then
+ sha512sum /var/cache/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
+ fi
+
log_it "Finished setting up systemvm"
exit 0
}
diff --git a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config
index 6e5cba93e5be..ee1e872f627c 100755
--- a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config
+++ b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config
@@ -32,12 +32,12 @@ log_it() {
}
validate_checksums() {
- local oldmd5=
- [ -f ${1} ] && oldmd5=$(cat ${1})
- local newmd5=
- [ -f ${2} ] && newmd5=$(md5sum ${2} | awk '{print $1}')
- log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5" >> /dev/null 2>&1
- echo "oldmd5='${oldmd5}'; newmd5='${newmd5}'"
+ local oldchecksum=
+ [ -f ${1} ] && oldchecksum=$(cat ${1})
+ local newchecksum=
+ [ -f ${2} ] && newchecksum=$(sha512sum ${2} | awk '{print $1}')
+ log_it "Scripts checksum detected: oldchecksum=$oldchecksum newchecksum=$newchecksum" >> /dev/null 2>&1
+ echo "oldchecksum='${oldchecksum}'; newchecksum='${newchecksum}'"
}
patch() {
@@ -46,15 +46,15 @@ patch() {
local oldpatchfile=/usr/share/cloud/$PATCH_SCRIPTS
local patchfile=$PATCH_MOUNT/$PATCH_SCRIPTS
local privkey=$PATCH_MOUNT/authorized_keys
- local md5file=/var/cache/cloud/cloud-scripts-signature
+ local checksumfile=/var/cache/cloud/cloud-scripts-signature
mkdir -p $PATCH_MOUNT
if [ -f /var/cache/cloud/authorized_keys ]; then
privkey=/var/cache/cloud/authorized_keys
fi
- eval $(validate_checksums $md5file $oldpatchfile)
- if [ "$oldmd5" == "$newmd5" ] && [ -d /usr/local/cloud/systemvm ] && [ "$(ls -A /usr/local/cloud/systemvm)" ]; then
+ eval $(validate_checksums $checksumfile $oldpatchfile)
+ if [ "$oldchecksum" == "$newchecksum" ] && [ -d /usr/local/cloud/systemvm ] && [ "$(ls -A /usr/local/cloud/systemvm)" ]; then
log_it "Checksum matches, no need to patch"
return 0
fi
@@ -67,11 +67,11 @@ patch() {
while [ $retry -gt 0 ]
do
if tar tf $patchfile &> /dev/null; then
- eval $(validate_checksums $md5file $patchfile)
- if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
+ eval $(validate_checksums $checksumfile $patchfile)
+ if [ "$oldchecksum" != "$newchecksum" ] && [ -f ${patchfile} ] && [ "$newchecksum" != "" ]
then
tar xzf $patchfile -C /
- echo ${newmd5} > ${md5file}
+ echo ${newchecksum} > ${checksumfile}
log_it "Patched scripts using $patchfile"
touch /var/cache/cloud/patch.required
fi
diff --git a/systemvm/debian/opt/cloud/bin/setup/router.sh b/systemvm/debian/opt/cloud/bin/setup/router.sh
index ee4972c6fa2b..5c72105f47a3 100755
--- a/systemvm/debian/opt/cloud/bin/setup/router.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/router.sh
@@ -40,18 +40,18 @@ setup_router() {
# To save router public interface and gw ip information
touch /var/cache/cloud/ifaceGwIp
- oldmd5=
- [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
+ oldchecksum=
+ [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldchecksum=$(sha512sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
log_it "Checking udev NIC assignment order changes"
if [ "$NIC_MACS" != "" ]
then
init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
- newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
+ newchecksum=$(sha512sum "/tmp/udev-rules" | awk '{print $1}')
rm /tmp/interfaces
rm /tmp/udev-rules
- if [ "$oldmd5" != "$newmd5" ]
+ if [ "$oldchecksum" != "$newchecksum" ]
then
log_it "Reloading udev for new udev NIC assignment"
udevadm control --reload-rules && udevadm trigger
diff --git a/systemvm/patch-sysvms.sh b/systemvm/patch-sysvms.sh
index f24136155f81..a0d0561a6589 100644
--- a/systemvm/patch-sysvms.sh
+++ b/systemvm/patch-sysvms.sh
@@ -21,7 +21,7 @@ backupfolder=/var/cache/cloud/bkpup_live_patch
logfile="/var/log/livepatchsystemvm.log"
newpath="/var/cache/cloud/"
CMDLINE=/var/cache/cloud/cmdline
-md5file=/var/cache/cloud/cloud-scripts-signature
+checksumfile=/var/cache/cloud/cloud-scripts-signature
svcfile=/var/cache/cloud/enabled_svcs
TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE)
patchfailed=0
@@ -40,7 +40,7 @@ backup_old_package() {
zip -r $backupfolder/agent.zip * >> $logfile 2>&1 2>&1
cd -
fi
- cp $md5file $backupfolder
+ cp $checksumfile $backupfolder
echo "Backing up cloud-scripts file" >> $logfile 2>&1
tar -zcvf $backupfolder/cloud-scripts.tgz /etc/ /var/ /opt/ /root/ >> $logfile 2>&1
}
@@ -57,13 +57,13 @@ restore_backup() {
fi
backuprestored=1
restart_services
- cp $backupfolder/cloud-scripts-signature $md5file
+ cp $backupfolder/cloud-scripts-signature $checksumfile
}
update_checksum() {
- newmd5=$(md5sum $1 | awk '{print $1}')
- echo "checksum: " ${newmd5} >> $logfile 2>&1
- echo ${newmd5} > ${md5file}
+ newchecksum=$(sha512sum $1 | awk '{print $1}')
+ echo "checksum: " ${newchecksum} >> $logfile 2>&1
+ echo ${newchecksum} > ${checksumfile}
}
restart_services() {
@@ -144,7 +144,7 @@ patch_systemvm
cleanup_systemVM
if [ $patchfailed == 0 ]; then
- echo "version:$(cat ${md5file}) "
+ echo "version:$(cat ${checksumfile}) "
fi
exit $patchfailed
diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
index 4467e2fff789..02a5c39dc712 100644
--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -78,7 +78,7 @@ function install_cloud_scripts() {
function do_signature() {
mkdir -p /var/cache/cloud/ /usr/share/cloud/
(cd ./cloud_scripts/; tar -cvf - * | gzip > /usr/share/cloud/cloud-scripts.tgz)
- md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
+ sha512sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
}
diff --git a/utils/src/main/java/com/cloud/utils/validation/ChecksumUtil.java b/utils/src/main/java/com/cloud/utils/validation/ChecksumUtil.java
index b1b675bca0a0..298ab7ab78da 100644
--- a/utils/src/main/java/com/cloud/utils/validation/ChecksumUtil.java
+++ b/utils/src/main/java/com/cloud/utils/validation/ChecksumUtil.java
@@ -28,7 +28,6 @@ public static String calculateCurrentChecksum(String name, String path) {
if (cloudScriptsPath == null) {
throw new CloudRuntimeException(String.format("Unable to find cloudScripts path, cannot update SystemVM %s", name));
}
- String md5sum = DigestHelper.calculateChecksum(new File(cloudScriptsPath));
- return md5sum;
+ return DigestHelper.calculateChecksum(new File(cloudScriptsPath));
}
}
diff --git a/utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java b/utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java
index e7219f1122b8..4b57ec2dad0e 100644
--- a/utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java
+++ b/utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java
@@ -43,9 +43,9 @@ public static ChecksumValue digest(String algorithm, InputStream is) throws NoSu
while ((read = is.read(buffer)) > 0) {
digest.update(buffer, 0, read);
}
- byte[] md5sum = digest.digest();
+ byte[] checksumValue = digest.digest();
// TODO make sure this is valid for all types of checksums !?!
- BigInteger bigInt = new BigInteger(1, md5sum);
+ BigInteger bigInt = new BigInteger(1, checksumValue);
checksum = new ChecksumValue(digest.getAlgorithm(), getPaddedDigestString(digest,bigInt));
return checksum;
}
@@ -141,9 +141,9 @@ public static String getHashValueFromChecksumValue(String checksum) {
public static String calculateChecksum(File file) {
try (InputStream is = Files.newInputStream(Paths.get(file.getPath()))) {
- return DigestUtils.md5Hex(is);
+ return DigestUtils.sha512Hex(is);
} catch (IOException e) {
- String errMsg = "Failed to calculate template checksum";
+ String errMsg = "Failed to calculate sha512 checksum of template";
LOGGER.error(errMsg);
throw new CloudRuntimeException(errMsg, e);
}
diff --git a/utils/src/test/java/org/apache/cloudstack/utils/security/DigestHelperTest.java b/utils/src/test/java/org/apache/cloudstack/utils/security/DigestHelperTest.java
index 17ed09572f5c..d2f248363b6d 100644
--- a/utils/src/test/java/org/apache/cloudstack/utils/security/DigestHelperTest.java
+++ b/utils/src/test/java/org/apache/cloudstack/utils/security/DigestHelperTest.java
@@ -21,6 +21,7 @@
import java.io.UnsupportedEncodingException;
import com.amazonaws.util.StringInputStream;
+import org.apache.commons.codec.digest.DigestUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -36,6 +37,8 @@ public class DigestHelperTest {
private final static String INPUT_STRING_NO3 = "01234567890123456789012345678901234567890123456789012345678901234567890123456789h\n";
private final static String SHA256_CHECKSUM = "{SHA-256}c6ab15af7842d23d3c06c138b53a7d09c5e351a79c4eb3c8ca8d65e5ce8900ab";
private final static String SHA256_NO_PREFIX_CHECKSUM = "c6ab15af7842d23d3c06c138b53a7d09c5e351a79c4eb3c8ca8d65e5ce8900ab";
+ private final static String SHA512_CHECKSUM_NO_PREFIX = "e34efddea0cb6bfc960f902ffc16596aaaaff4b12999f720361a0b27e68932b5a73995ccffcf7418fabc4a684c4add13f8bb379f80cabf01220dd0a31cdc28eb";
+ private final static String SHA512_CHECKSUM = "{SHA-512}" + SHA512_CHECKSUM_NO_PREFIX;
private final static String SHA1_CHECKSUM = "{SHA-1}49e4b2f4292b63e88597c127d11bc2cc0f2ca0ff";
private final static String MD5_CHECKSUM = "{MD5}d141a8eeaf6bba779d1d1dc5102a81c5";
private final static String MD5_NO_PREFIX_CHECKSUM = "d141a8eeaf6bba779d1d1dc5102a81c5";
@@ -43,6 +46,7 @@ public class DigestHelperTest {
private final static String ZERO_PADDED_SHA256_CHECKSUM = "{SHA-256}08b5ae0c7d7d45d8ed406d7c3c7da695b81187903694314d97f8a37752a6b241";
private static final String MD5 = "MD5";
private static final String SHA_256 = "SHA-256";
+ private static final String SHA_512 = "SHA-512";
private static InputStream inputStream;
private InputStream inputStream2;
@@ -68,6 +72,13 @@ public void testDigestSHA256() throws Exception {
Assert.assertEquals(SHA256_CHECKSUM, result);
}
+ @Test
+ public void testDigestSHA512() throws Exception {
+ String result = DigestHelper.digest(SHA_512, inputStream).toString();
+ Assert.assertEquals(SHA512_CHECKSUM, result);
+ Assert.assertEquals(SHA512_CHECKSUM_NO_PREFIX, DigestUtils.sha512Hex(INPUT_STRING));
+ }
+
@Test
public void testDigestSHA1() throws Exception {
String result = DigestHelper.digest("SHA-1", inputStream).toString();