Update md5sum to sha512sum

debian/rules

@@ -85,7 +85,7 @@ override_dh_auto_install:
 	cp client/target/lib/*jar $(DESTDIR)/usr/share/$(PACKAGE)-management/lib/
 	cp -r engine/schema/dist/systemvm-templates/* $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/
 	cp -r plugins/integrations/kubernetes-service/src/main/resources/conf/* $(DESTDIR)/usr/share/$(PACKAGE)-management/cks/conf/
-	rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/md5sum.txt
+	rm -rf $(DESTDIR)/usr/share/$(PACKAGE)-management/templates/systemvm/sha512sum.txt
 
 	# Bundle cmk in cloudstack-management
 	wget https://github.com/apache/cloudstack-cloudmonkey/releases/download/$(CMK_REL)/cmk.linux.x86-64 -O $(DESTDIR)/usr/bin/cmk

engine/schema/pom.xml

@@ -106,7 +106,7 @@
                                     templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-xen")
                                     templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-ovm")
                                     templateList.add("systemvmtemplate-${csVersion}.${patch}-x86_64-hyperv")
-                                    File file = new File("./engine/schema/dist/systemvm-templates/md5sum.txt")
+                                    File file = new File("./engine/schema/dist/systemvm-templates/sha512sum.txt")
                                     def lines = file.readLines()
                                     for (template in templateList) {
                                         def data = lines.findAll { it.contains(template) }
@@ -135,7 +135,7 @@
                             <goal>wget</goal>
                         </goals>
                         <configuration>
-                            <url>${project.systemvm.template.location}/${cs.version}/md5sum.txt</url>
+                            <url>${project.systemvm.template.location}/${cs.version}/sha512sum.txt</url>
                             <outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
                             <skipCache>true</skipCache>
                             <overwrite>true</overwrite>
@@ -205,7 +205,7 @@
                                     <checkSignature>true</checkSignature>
                                     <url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-kvm.qcow2.bz2</url>
                                     <outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
-                                    <md5>${kvm.checksum}</md5>
+                                    <sha512>${kvm.checksum}</sha512>
                                 </configuration>
                             </execution>
                         </executions>
@@ -241,7 +241,7 @@
                                     <checkSignature>true</checkSignature>
                                     <url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-vmware.ova</url>
                                     <outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
-                                    <md5>${vmware.checksum}</md5>
+                                    <sha512>${vmware.checksum}</sha512>
                                 </configuration>
                             </execution>
                         </executions>
@@ -277,7 +277,7 @@
                                     <checkSignature>true</checkSignature>
                                     <url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-xen.vhd.bz2</url>
                                     <outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
-                                    <md5>${xen.checksum}</md5>
+                                    <sha512>${xen.checksum}</sha512>
                                 </configuration>
                             </execution>
                         </executions>
@@ -313,7 +313,7 @@
                                     <checkSignature>true</checkSignature>
                                     <url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-ovm.raw.bz2</url>
                                     <outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
-                                    <md5>${ovm.checksum}</md5>
+                                    <sha512>${ovm.checksum}</sha512>
                                 </configuration>
                             </execution>
                         </executions>
@@ -349,7 +349,7 @@
                                     <checkSignature>true</checkSignature>
                                     <url>${project.systemvm.template.location}/${cs.version}/systemvmtemplate-${cs.version}.${patch.version}-x86_64-hyperv.vhd.zip</url>
                                     <outputDirectory>${basedir}/dist/systemvm-templates/</outputDirectory>
-                                    <md5>${hyperv.checksum}</md5>
+                                    <sha512>${hyperv.checksum}</sha512>
                                 </configuration>
                             </execution>
                         </executions>

engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql

@@ -203,3 +203,6 @@ SET `sort_key` = CASE
     ELSE `sort_key`
 END;
 -- End: Changes for Guest OS category cleanup
+
+-- Increase length of scripts_version column to 128 due to md5sum to sha512sum change
+CALL `cloud`.`IDEMPOTENT_CHANGE_COLUMN`('cloud.domain_router', 'scripts_version', 'scripts_version', 'VARCHAR(128)');

engine/schema/templateConfig.sh

@@ -84,5 +84,5 @@ PARENTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/dist/systemvm-
 mkdir -p $PARENTPATH
 METADATAFILE=${PARENTPATH}"metadata.ini"
 echo > $METADATAFILE
-SOURCEFILE=${PARENTPATH}'md5sum.txt'
+SOURCEFILE=${PARENTPATH}'sha512sum.txt'
 createMetadataFile

packaging/el8/cloud.spec

@@ -317,7 +317,7 @@ install -D plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-n
 # SystemVM template
 mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
 cp -r engine/schema/dist/systemvm-templates/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm
-rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm/md5sum.txt
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/templates/systemvm/sha512sum.txt
 
 # UI
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/ui

server/src/main/java/com/cloud/storage/StorageManagerImpl.java

@@ -4046,7 +4046,7 @@
                                 }
                             }
                         } catch (Exception e) {
-                            logger.error("Failed to register systemVM template(s)");
+                            logger.error("Failed to register systemVM template(s) due to: ", e);
                         } finally {
                             SystemVmTemplateRegistration.unmountStore(filePath);
                             txn.close();

systemvm/debian/opt/cloud/bin/setup/bootstrap.sh

@@ -118,6 +118,10 @@ bootstrap() {
       /opt/cloud/bin/setup/default.sh
   fi
 
+  if [ -f /var/cache/cloud/cloud-scripts.tgz ];then
+    sha512sum /var/cache/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
+  fi
+
   log_it "Finished setting up systemvm"
   exit 0
 }

systemvm/debian/opt/cloud/bin/setup/cloud-early-config

@@ -32,12 +32,12 @@ log_it() {
 }
 
 validate_checksums() {
-  local oldmd5=
-  [ -f ${1} ] && oldmd5=$(cat ${1})
-  local newmd5=
-  [ -f ${2} ] && newmd5=$(md5sum ${2} | awk '{print $1}')
-  log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5" >> /dev/null 2>&1
-  echo "oldmd5='${oldmd5}'; newmd5='${newmd5}'"
+  local oldchecksum=
+  [ -f ${1} ] && oldchecksum=$(cat ${1})
+  local newchecksum=
+  [ -f ${2} ] && newchecksum=$(sha512sum ${2} | awk '{print $1}')
+  log_it "Scripts checksum detected: oldchecksum=$oldchecksum newchecksum=$newchecksum" >> /dev/null 2>&1
+  echo "oldchecksum='${oldchecksum}'; newchecksum='${newchecksum}'"
 }
 
 patch() {
@@ -46,15 +46,15 @@ patch() {
   local oldpatchfile=/usr/share/cloud/$PATCH_SCRIPTS
   local patchfile=$PATCH_MOUNT/$PATCH_SCRIPTS
   local privkey=$PATCH_MOUNT/authorized_keys
-  local md5file=/var/cache/cloud/cloud-scripts-signature
+  local checksumfile=/var/cache/cloud/cloud-scripts-signature
   mkdir -p $PATCH_MOUNT
 
   if [ -f /var/cache/cloud/authorized_keys ]; then
     privkey=/var/cache/cloud/authorized_keys
   fi
 
-  eval $(validate_checksums $md5file $oldpatchfile)
-  if [ "$oldmd5" == "$newmd5" ] && [ -d /usr/local/cloud/systemvm ] && [ "$(ls -A /usr/local/cloud/systemvm)" ]; then
+  eval $(validate_checksums $checksumfile $oldpatchfile)
+  if [ "$oldchecksum" == "$newchecksum" ] && [ -d /usr/local/cloud/systemvm ] && [ "$(ls -A /usr/local/cloud/systemvm)" ]; then
     log_it "Checksum matches, no need to patch"
     return 0
   fi
@@ -67,11 +67,11 @@ patch() {
     while [ $retry -gt 0 ]
     do
       if tar tf $patchfile &> /dev/null; then
-        eval $(validate_checksums $md5file $patchfile)
-        if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
+        eval $(validate_checksums $checksumfile $patchfile)
+        if [ "$oldchecksum" != "$newchecksum" ] && [ -f ${patchfile} ] && [ "$newchecksum" != "" ]
         then
           tar xzf $patchfile -C /
-          echo ${newmd5} > ${md5file}
+          echo ${newchecksum} > ${checksumfile}
           log_it "Patched scripts using $patchfile"
           touch /var/cache/cloud/patch.required
         fi

systemvm/debian/opt/cloud/bin/setup/router.sh

@@ -40,18 +40,18 @@ setup_router() {
   # To save router public interface and gw ip information
   touch /var/cache/cloud/ifaceGwIp
 
-  oldmd5=
-  [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
+  oldchecksum=
+  [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldchecksum=$(sha512sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
 
   log_it "Checking udev NIC assignment order changes"
   if [ "$NIC_MACS" != "" ]
   then
     init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
-    newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
+    newchecksum=$(sha512sum "/tmp/udev-rules" | awk '{print $1}')
     rm /tmp/interfaces
     rm /tmp/udev-rules
 
-    if [ "$oldmd5" != "$newmd5" ]
+    if [ "$oldchecksum" != "$newchecksum" ]
     then
       log_it "Reloading udev for new udev NIC assignment"
       udevadm control --reload-rules && udevadm trigger

systemvm/patch-sysvms.sh

@@ -21,7 +21,7 @@ backupfolder=/var/cache/cloud/bkpup_live_patch
 logfile="/var/log/livepatchsystemvm.log"
 newpath="/var/cache/cloud/"
 CMDLINE=/var/cache/cloud/cmdline
-md5file=/var/cache/cloud/cloud-scripts-signature
+checksumfile=/var/cache/cloud/cloud-scripts-signature
 svcfile=/var/cache/cloud/enabled_svcs
 TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE)
 patchfailed=0
@@ -40,7 +40,7 @@ backup_old_package() {
     zip -r $backupfolder/agent.zip * >> $logfile 2>&1 2>&1
     cd -
   fi
-  cp $md5file $backupfolder
+  cp $checksumfile $backupfolder
   echo "Backing up cloud-scripts file" >> $logfile 2>&1
   tar -zcvf $backupfolder/cloud-scripts.tgz /etc/ /var/ /opt/ /root/  >> $logfile 2>&1
 }
@@ -57,13 +57,13 @@ restore_backup() {
   fi
   backuprestored=1
   restart_services
-  cp $backupfolder/cloud-scripts-signature $md5file
+  cp $backupfolder/cloud-scripts-signature $checksumfile
 }
 
 update_checksum() {
-  newmd5=$(md5sum $1 | awk '{print $1}')
-  echo "checksum: " ${newmd5} >> $logfile 2>&1
-  echo ${newmd5} > ${md5file}
+  newchecksum=$(sha512sum $1 | awk '{print $1}')
+  echo "checksum: " ${newchecksum} >> $logfile 2>&1
+  echo ${newchecksum} > ${checksumfile}
 }
 
 restart_services() {
@@ -144,7 +144,7 @@ patch_systemvm
 cleanup_systemVM
 
 if [ $patchfailed == 0 ]; then
-  echo "version:$(cat ${md5file}) "
+  echo "version:$(cat ${checksumfile}) "
 fi
 
 exit $patchfailed

tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh

@@ -78,7 +78,7 @@ function install_cloud_scripts() {
 function do_signature() {
   mkdir -p /var/cache/cloud/ /usr/share/cloud/
   (cd ./cloud_scripts/; tar -cvf - * | gzip > /usr/share/cloud/cloud-scripts.tgz)
-  md5sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
+  sha512sum /usr/share/cloud/cloud-scripts.tgz | awk '{print $1}' > /var/cache/cloud/cloud-scripts-signature
   echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
 }
 

utils/src/main/java/com/cloud/utils/validation/ChecksumUtil.java

@@ -28,7 +28,6 @@ public static String calculateCurrentChecksum(String name, String path) {
         if (cloudScriptsPath == null) {
             throw new CloudRuntimeException(String.format("Unable to find cloudScripts path, cannot update SystemVM %s", name));
         }
-        String md5sum = DigestHelper.calculateChecksum(new File(cloudScriptsPath));
-        return md5sum;
+        return DigestHelper.calculateChecksum(new File(cloudScriptsPath));
     }
 }

utils/src/main/java/org/apache/cloudstack/utils/security/DigestHelper.java

@@ -43,9 +43,9 @@
         while ((read = is.read(buffer)) > 0) {
             digest.update(buffer, 0, read);
         }
-        byte[] md5sum = digest.digest();
+        byte[] checksumValue = digest.digest();
         // TODO make sure this is valid for all types of checksums !?!
-        BigInteger bigInt = new BigInteger(1, md5sum);
+        BigInteger bigInt = new BigInteger(1, checksumValue);
         checksum = new ChecksumValue(digest.getAlgorithm(), getPaddedDigestString(digest,bigInt));
         return checksum;
     }
@@ -141,9 +141,9 @@
 
     public static String calculateChecksum(File file) {
         try (InputStream is = Files.newInputStream(Paths.get(file.getPath()))) {
-            return DigestUtils.md5Hex(is);
+            return DigestUtils.sha512Hex(is);
         } catch (IOException e) {
-            String errMsg = "Failed to calculate template checksum";
+            String errMsg = "Failed to calculate sha512 checksum of template";
             LOGGER.error(errMsg);
             throw new CloudRuntimeException(errMsg, e);
         }

utils/src/test/java/org/apache/cloudstack/utils/security/DigestHelperTest.java

@@ -21,6 +21,7 @@
 import java.io.UnsupportedEncodingException;
 
 import com.amazonaws.util.StringInputStream;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -36,13 +37,16 @@ public class DigestHelperTest {
     private final static String INPUT_STRING_NO3 = "01234567890123456789012345678901234567890123456789012345678901234567890123456789h\n";
     private final static String SHA256_CHECKSUM = "{SHA-256}c6ab15af7842d23d3c06c138b53a7d09c5e351a79c4eb3c8ca8d65e5ce8900ab";
     private final static String SHA256_NO_PREFIX_CHECKSUM = "c6ab15af7842d23d3c06c138b53a7d09c5e351a79c4eb3c8ca8d65e5ce8900ab";
+    private final static String SHA512_CHECKSUM_NO_PREFIX = "e34efddea0cb6bfc960f902ffc16596aaaaff4b12999f720361a0b27e68932b5a73995ccffcf7418fabc4a684c4add13f8bb379f80cabf01220dd0a31cdc28eb";
+    private final static String SHA512_CHECKSUM = "{SHA-512}" + SHA512_CHECKSUM_NO_PREFIX;
     private final static String SHA1_CHECKSUM = "{SHA-1}49e4b2f4292b63e88597c127d11bc2cc0f2ca0ff";
     private final static String MD5_CHECKSUM = "{MD5}d141a8eeaf6bba779d1d1dc5102a81c5";
     private final static String MD5_NO_PREFIX_CHECKSUM = "d141a8eeaf6bba779d1d1dc5102a81c5";
     private final static String ZERO_PADDED_MD5_CHECKSUM = "{MD5}0e51dfa74b87f19dd5e0124d6a2195e3";
     private final static String ZERO_PADDED_SHA256_CHECKSUM = "{SHA-256}08b5ae0c7d7d45d8ed406d7c3c7da695b81187903694314d97f8a37752a6b241";
     private static final String MD5 = "MD5";
     private static final String SHA_256 = "SHA-256";
+    private static final String SHA_512 = "SHA-512";
     private static InputStream inputStream;
     private InputStream inputStream2;
 
@@ -68,6 +72,13 @@ public void testDigestSHA256() throws Exception {
         Assert.assertEquals(SHA256_CHECKSUM, result);
     }
 
+    @Test
+    public void testDigestSHA512() throws Exception {
+        String result = DigestHelper.digest(SHA_512, inputStream).toString();
+        Assert.assertEquals(SHA512_CHECKSUM, result);
+        Assert.assertEquals(SHA512_CHECKSUM_NO_PREFIX, DigestUtils.sha512Hex(INPUT_STRING));
+    }
+
     @Test
     public void testDigestSHA1() throws Exception {
         String result = DigestHelper.digest("SHA-1", inputStream).toString();