From: Daniel Gomez <da.gomez@kernel.org>
To: Luis Chamberlain <mcgrof@kernel.org>,
Chuck Lever <cel@kernel.org>, Daniel Gomez <da.gomez@kruces.com>,
kdevops@lists.linux.dev
Subject: Re: [PATCH] base_image: move size adjustment until after we verify checksums
Date: Mon, 25 Aug 2025 13:49:45 +0200 [thread overview]
Message-ID: <4cb6117b-c727-41fa-b4cf-f04f4f024dae@kernel.org> (raw)
In-Reply-To: <20250823212424.1263426-1-mcgrof@kernel.org>
On 23/08/2025 23.24, Luis Chamberlain wrote:
> Move the sha512 checksum check to run *after* we resize the image.
I think you mean: move the sha512 checksum to run before we resize the image.
Or after we download the image.
> Otherwise we fail.
>
> Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
I'm not sure why I could not replicate this but I agree (if the above was the
initial intention) with the change. We should check the checksum immediately
after download, otherwise the resize step changes the checksum.
The patch however, is not 100% correct. So, can you ensure:
* To check checksum right after download
* To skip the checksum check if the file already exists
* To resize only after downloading (custom_image_download)
> ---
> .../roles/base_image/tasks/custom-image.yml | 19 +++++++++----------
> 1 file changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/playbooks/roles/base_image/tasks/custom-image.yml b/playbooks/roles/base_image/tasks/custom-image.yml
> index 46701e759adf..a30c8c96a31f 100644
> --- a/playbooks/roles/base_image/tasks/custom-image.yml
> +++ b/playbooks/roles/base_image/tasks/custom-image.yml
> @@ -46,16 +46,6 @@
> - not custom_image_stat.stat.exists
> - guestfs_has_custom_raw_image_url|bool
>
> -- name: Resize custom image to match configured size
> - become: true
> - become_method: ansible.builtin.sudo
> - ansible.builtin.command:
> - cmd: "qemu-img resize {{ custom_image }} {{ libvirt_image_size }}"
> - changed_when: true
> - when:
> - - custom_image_download is changed or custom_image_stat.stat.exists
> - - guestfs_has_custom_raw_image_url|bool
> -
> - name: Check if the custom image sentinel file already exists
> ansible.builtin.stat:
> path: "{{ custom_image_ok }}"
> @@ -124,6 +114,15 @@
> - not sentinel_stat.stat.exists
> - id_output.rc != 0
>
> + - name: Resize custom image to match configured size
> + become: true
> + become_method: ansible.builtin.sudo
> + ansible.builtin.command:
> + cmd: "qemu-img resize -f raw {{ custom_image }} {{ libvirt_image_size }}"
> + changed_when: true
> + when:
> + - not sentinel_stat.stat.exists
> +
I think the conditions here are not correct. We should resize only after
downloading. Or can we safely resize (grow/shrink) the image after bringup?
> - name: Create a temporary file for virt-customize commands
> ansible.builtin.tempfile:
> state: file
prev parent reply other threads:[~2025-08-25 11:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-23 21:24 [PATCH] base_image: move size adjustment until after we verify checksums Luis Chamberlain
2025-08-25 11:49 ` Daniel Gomez [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4cb6117b-c727-41fa-b4cf-f04f4f024dae@kernel.org \
--to=da.gomez@kernel.org \
--cc=cel@kernel.org \
--cc=da.gomez@kruces.com \
--cc=kdevops@lists.linux.dev \
--cc=mcgrof@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox