diff options
author | Konstantin Ryabitsev <mricon@kernel.org> | 2012-12-10 13:20:53 -0500 |
---|---|---|
committer | Konstantin Ryabitsev <mricon@kernel.org> | 2012-12-10 13:20:53 -0500 |
commit | 2769ce29d5e471753cf91fd5a588a19249ea7601 (patch) | |
tree | becada362706dbee8157c49933330935b05af5a0 | |
parent | 500ded5b55c0e5e3ab9214cc0b4d27631885dafd (diff) | |
download | kup-2769ce29d5e471753cf91fd5a588a19249ea7601.tar.gz |
Calculate and log sha256sum of all files.kup-0.3.4
We are now storing logs on a snaplock WORM volume. Adding
sha256 calculation to all uploaded files allows us to store
these checksums for later forensic retrieval, should it
become necessary.
-rw-r--r-- | ChangeLog | 4 | ||||
-rwxr-xr-x | kup-server | 11 |
2 files changed, 14 insertions, 1 deletions
@@ -1,4 +1,6 @@ -2012-04-20 Konstantin Ryabitsev <mricon@kernel.org> - master +2012-12-10 Konstantin Ryabitsev <mricon@kernel.org> - 0.3.4 + * Calculate and log sha256sums of all uploaded files for forensic + record-keeping. * Remove magic-guessing logic from kup client, as it was interfering with people's ability to upload gzipped kernel images. We're now being dumb about it -- we only rely on the extension to guess whether the server @@ -66,6 +66,8 @@ use IO::Handle; use Sys::Syslog qw(:standard :macros); use Git; +use Digest::SHA; + # Scrub the environment completely %ENV = ('PATH' => '/bin:/usr/bin', 'LANG' => 'C', @@ -860,7 +862,16 @@ sub put_file(@) fatal("$file: Failed to install files: $!"); } push(@undoes, $target); + + if ($e ne '.sign') { + # Should we make the digest algo configurable? + my $sha = Digest::SHA->new('sha256'); + print STDERR "\rCalculating sha256 for ".$stem.$e; + $sha->addfile($target); + syslog(LOG_NOTICE, "sha256: %s: %s", $target, $sha->hexdigest); + } } + print STDERR "...logged.\n"; unlock_tree(); cleanup(); |