From 0f534fed8c0f61b7f38a2e2f3a83170c37bbb8ec Mon Sep 17 00:00:00 2001
From: Kyle MacLeod <kyle.macleod@windriver.com>
Date: Sat, 10 Dec 2022 19:56:58 -0500
Subject: [PATCH] Generate checksum across ostree_repo for prestage validation

This commit calculates an md5-based checksum across the ostree_repo
directory. The checksum is included in the ISO, available for the
kickstart files to validate the integrity of the ostree_repo before it
is used as the primary boot repo for the subcloud. In the remote install
case, we use this checksum to invalidate prestage data if necessary, in
which case it falls back to performing a remote pull from the system
controller.

Test Plan
PASS:
- Run gen-prestaged-iso.sh to generate a bootimage.iso. Verify that
  the ISO includes a .ostree_repo_checksum file at the same level as the
  ostree_repo directory.

Partial-Bug: 1999306

Change-Id: I054ef69a243cb26d5c8a4cb0ce74e289b63670c1
Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
---
 .../scripts/gen-prestaged-iso.sh              | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/utilities/platform-util/scripts/gen-prestaged-iso.sh b/utilities/platform-util/scripts/gen-prestaged-iso.sh
index 78c2c31f..72d485a1 100755
--- a/utilities/platform-util/scripts/gen-prestaged-iso.sh
+++ b/utilities/platform-util/scripts/gen-prestaged-iso.sh
@@ -312,6 +312,25 @@ EOF
     unmount_efiboot_img
 }
 
+function generate_ostree_checkum {
+    # Generate a directory-based md5 checksum across the ostree repo.
+    # This checksum is used to validate the ostree_repo before installation.
+    # We use a checksum instead of ostree fsck due to the length of time
+    # required for the fsck to complete.
+    local dest_dir=${1}
+    if [ ! -d "${dest_dir}" ]; then
+        log_fatal "generate_ostree_checkum: ${dest_dir} does not exist"
+    fi
+    (
+        # subshell:
+        log "Calculating new checksum for ostree_repo at ${dest_dir}"
+        cd "${dest_dir}" || log_fatal "generate_ostree_checkum: cd ${dest_dir} failed"
+        find ostree_repo -type f -exec md5sum {} + | LC_ALL=C sort | md5sum | awk '{ print $1; }' \
+            > .ostree_repo_checksum
+        log "ostree_repo checksum: $(cat .ostree_repo_checksum)"
+    )
+}
+
 # Constants
 DIR_NAME=$(dirname "$0")
 if [[ ! -e "${DIR_NAME}"/stx-iso-utils.sh ]]; then
@@ -510,6 +529,8 @@ if [[ "${rc}" -ne 0 ]]; then
     log_fatal "Unable to rsync content from the ISO: Error rc=${rc}"
 fi
 
+generate_ostree_checkum "${BUILDDIR}"
+
 unmount_iso
 
 #