[openstacksdk] Create image doesn't validate checksum correctly using sha256 algorithm

Bug #1863534 reported by Tushar Patil
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack SDK
Prashant Bhole

Bug Description

I have set config option ``hashing_algorithm`` value as sha256 in glance.

Now, I'm trying to create an image using openstacksdk.

I have set hash value of the image to sha256 parameter of create_image method but it fails with an error "Image checksum verification failed".

Reason: glance store calculates checksum using md5 algorithm and it calculates owner_specified.openstack.sha256/os_hash_value of an image using the algorithm that's set in ``hashing_algorithm``. In openstacksdk, it compares the checksum as shown below:

  checksum = data.get('checksum')
  if checksum:
      valid = (checksum == md5 or checksum == sha256)
      if not valid:
          raise Exception('Image checksum verification failed')

IMO, except md5 algorithm, it should compare sha256 with the os_hash_value that's calculated and set by glance for an image.

for cirros-0.4.0-x86_64-disk.img image:-
md5 checksum is 443b7623e27ecf03dc9e01ee93f67afe
sha256 checksum is a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8

If I pass sha256 parameter to create_image as a8dd75ecffd4cdd96072d60c2237b448e0c8b2bc94d57f10fdbc8c481d9005b8, it fails to create an image.

Tushar Patil (tpatil)
summary: - [openstacksdk] Create image doesn't validate checksum using sha256
- algorithm
+ [openstacksdk] Create image doesn't validate checksum correctly using
+ sha256 algorithm
Prashant Bhole (pbhole)
Changed in glance:
assignee: nobody → Prashant Bhole (pbhole)
affects: glance → python-openstacksdk
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.