Calculate and log sha256sum of all files.
We are now storing logs on a snaplock WORM volume. Adding
sha256 calculation to all uploaded files allows us to store
these checksums for later forensic retrieval, should it
become necessary.
diff --git a/ChangeLog b/ChangeLog
index dd9a222..e9b8d68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
-2012-04-20 Konstantin Ryabitsev <mricon@kernel.org> - master
+2012-12-10 Konstantin Ryabitsev <mricon@kernel.org> - 0.3.4
+ * Calculate and log sha256sums of all uploaded files for forensic
+ record-keeping.
* Remove magic-guessing logic from kup client, as it was interfering with
people's ability to upload gzipped kernel images. We're now being dumb
about it -- we only rely on the extension to guess whether the server
diff --git a/kup-server b/kup-server
index fbf8874..74f719f 100755
--- a/kup-server
+++ b/kup-server
@@ -66,6 +66,8 @@
use Sys::Syslog qw(:standard :macros);
use Git;
+use Digest::SHA;
+
# Scrub the environment completely
%ENV = ('PATH' => '/bin:/usr/bin',
'LANG' => 'C',
@@ -860,7 +862,16 @@
fatal("$file: Failed to install files: $!");
}
push(@undoes, $target);
+
+ if ($e ne '.sign') {
+ # Should we make the digest algo configurable?
+ my $sha = Digest::SHA->new('sha256');
+ print STDERR "\rCalculating sha256 for ".$stem.$e;
+ $sha->addfile($target);
+ syslog(LOG_NOTICE, "sha256: %s: %s", $target, $sha->hexdigest);
+ }
}
+ print STDERR "...logged.\n";
unlock_tree();
cleanup();