Calculate and log sha256sum of all files.kup-0.3.4

We are now storing logs on a snaplock WORM volume. Adding
sha256 calculation to all uploaded files allows us to store
these checksums for later forensic retrieval, should it
become necessary.

2 files changed, 14 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index dd9a222..e9b8d68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
-2012-04-20 Konstantin Ryabitsev <mricon@kernel.org> - master
+2012-12-10 Konstantin Ryabitsev <mricon@kernel.org> - 0.3.4
+	* Calculate and log sha256sums of all uploaded files for forensic
+	  record-keeping.
 	* Remove magic-guessing logic from kup client, as it was interfering with
 	  people's ability to upload gzipped kernel images. We're now being dumb
 	  about it -- we only rely on the extension to guess whether the server
diff --git a/kup-server b/kup-server
index fbf8874..74f719f 100755
--- a/kup-server
+++ b/kup-server
@@ -66,6 +66,8 @@ use IO::Handle;
 use Sys::Syslog qw(:standard :macros);
 use Git;
 
+use Digest::SHA;
+
 # Scrub the environment completely
 %ENV = ('PATH' => '/bin:/usr/bin',
 		'LANG' => 'C',
@@ -860,7 +862,16 @@ sub put_file(@)
 			fatal("$file: Failed to install files: $!");
 		}
 		push(@undoes, $target);
+
+		if ($e ne '.sign') {
+			# Should we make the digest algo configurable?
+			my $sha = Digest::SHA->new('sha256');
+			print STDERR "\rCalculating sha256 for ".$stem.$e;
+			$sha->addfile($target);
+			syslog(LOG_NOTICE, "sha256: %s: %s", $target, $sha->hexdigest);
+		}
 	}
+	print STDERR "...logged.\n";
 
 	unlock_tree();
 	cleanup();