[PATCH] base_image: move size adjustment until after we verify checksums

public inbox for kdevops@lists.linux.dev
 help / color / mirror / Atom feed

* [PATCH] base_image: move size adjustment until after we verify checksums
@ 2025-08-23 21:24 Luis Chamberlain
  2025-08-25 11:49 ` Daniel Gomez
  0 siblings, 1 reply; 2+ messages in thread
From: Luis Chamberlain @ 2025-08-23 21:24 UTC (permalink / raw)
  To: Chuck Lever, Daniel Gomez, kdevops; +Cc: Luis Chamberlain

Move the sha512 checksum check to run *after* we resize the image.
Otherwise we fail.

Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
---
 .../roles/base_image/tasks/custom-image.yml   | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/playbooks/roles/base_image/tasks/custom-image.yml b/playbooks/roles/base_image/tasks/custom-image.yml
index 46701e759adf..a30c8c96a31f 100644
--- a/playbooks/roles/base_image/tasks/custom-image.yml
+++ b/playbooks/roles/base_image/tasks/custom-image.yml
@@ -46,16 +46,6 @@
     - not custom_image_stat.stat.exists
     - guestfs_has_custom_raw_image_url|bool
 
-- name: Resize custom image to match configured size
-  become: true
-  become_method: ansible.builtin.sudo
-  ansible.builtin.command:
-    cmd: "qemu-img resize {{ custom_image }} {{ libvirt_image_size }}"
-  changed_when: true
-  when:
-    - custom_image_download is changed or custom_image_stat.stat.exists
-    - guestfs_has_custom_raw_image_url|bool
-
 - name: Check if the custom image sentinel file already exists
   ansible.builtin.stat:
     path: "{{ custom_image_ok }}"
@@ -124,6 +114,15 @@
         - not sentinel_stat.stat.exists
         - id_output.rc != 0
 
+    - name: Resize custom image to match configured size
+      become: true
+      become_method: ansible.builtin.sudo
+      ansible.builtin.command:
+        cmd: "qemu-img resize -f raw {{ custom_image }} {{ libvirt_image_size }}"
+      changed_when: true
+      when:
+        - not sentinel_stat.stat.exists
+
     - name: Create a temporary file for virt-customize commands
       ansible.builtin.tempfile:
         state: file
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] base_image: move size adjustment until after we verify checksums
  2025-08-23 21:24 [PATCH] base_image: move size adjustment until after we verify checksums Luis Chamberlain
@ 2025-08-25 11:49 ` Daniel Gomez
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Gomez @ 2025-08-25 11:49 UTC (permalink / raw)
  To: Luis Chamberlain, Chuck Lever, Daniel Gomez, kdevops

On 23/08/2025 23.24, Luis Chamberlain wrote:
> Move the sha512 checksum check to run *after* we resize the image.

I think you mean: move the sha512 checksum to run before we resize the image.
Or after we download the image.

> Otherwise we fail.
> 
> Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>

I'm not sure why I could not replicate this but I agree (if the above was the
initial intention) with the change. We should check the checksum immediately
after download, otherwise the resize step changes the checksum.

The patch however, is not 100% correct. So, can you ensure:
* To check checksum right after download
* To skip the checksum check if the file already exists
* To resize only after downloading (custom_image_download)

> ---
>  .../roles/base_image/tasks/custom-image.yml   | 19 +++++++++----------
>  1 file changed, 9 insertions(+), 10 deletions(-)
> 
> diff --git a/playbooks/roles/base_image/tasks/custom-image.yml b/playbooks/roles/base_image/tasks/custom-image.yml
> index 46701e759adf..a30c8c96a31f 100644
> --- a/playbooks/roles/base_image/tasks/custom-image.yml
> +++ b/playbooks/roles/base_image/tasks/custom-image.yml
> @@ -46,16 +46,6 @@
>      - not custom_image_stat.stat.exists
>      - guestfs_has_custom_raw_image_url|bool
>  
> -- name: Resize custom image to match configured size
> -  become: true
> -  become_method: ansible.builtin.sudo
> -  ansible.builtin.command:
> -    cmd: "qemu-img resize {{ custom_image }} {{ libvirt_image_size }}"
> -  changed_when: true
> -  when:
> -    - custom_image_download is changed or custom_image_stat.stat.exists
> -    - guestfs_has_custom_raw_image_url|bool
> -
>  - name: Check if the custom image sentinel file already exists
>    ansible.builtin.stat:
>      path: "{{ custom_image_ok }}"
> @@ -124,6 +114,15 @@
>          - not sentinel_stat.stat.exists
>          - id_output.rc != 0
>  
> +    - name: Resize custom image to match configured size
> +      become: true
> +      become_method: ansible.builtin.sudo
> +      ansible.builtin.command:
> +        cmd: "qemu-img resize -f raw {{ custom_image }} {{ libvirt_image_size }}"
> +      changed_when: true
> +      when:
> +        - not sentinel_stat.stat.exists
> +

I think the conditions here are not correct. We should resize only after
downloading. Or can we safely resize (grow/shrink) the image after bringup?

>      - name: Create a temporary file for virt-customize commands
>        ansible.builtin.tempfile:
>          state: file

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-08-25 11:49 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-23 21:24 [PATCH] base_image: move size adjustment until after we verify checksums Luis Chamberlain
2025-08-25 11:49 ` Daniel Gomez

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox