From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C1AD1EA7CB for ; Mon, 25 Aug 2025 11:49:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122588; cv=none; b=B/oAUMaNhIXdpOBhYqCUpSbIq7Y3SJSW01IHkeK5RnF6L/aRMuaXg6A56Wfi2Oa9XnW/xHLDWQO9Ih3DNY75CIUMDRTn/1/mFtSVyrCty4DpN2qfyP7KOxM+v0k9aaIGkbFRNMz1zt7jU1zkLisKS7rl9G26kqc2Lj76Q5n7YyQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756122588; c=relaxed/simple; bh=fkLWO9mxFGhVO6WYa8ClNrxZm7QL9ZBbjhs9PkBxqqg=; h=Message-ID:Date:MIME-Version:Subject:To:References:From: In-Reply-To:Content-Type; b=m1EFIZ+52HPAaUBbm1yf2aVQ5Yu5F2ksXAgIvcTQGChmZg0EcmZafNn0Rhcnsdpwuub+NBmj2wBo7/pZ+J09QZ5OxicpLZWc2TTRrswpYwFFZfv683R8x0+qmMjmylTZguws4f7Uc8Q/a9/Ztg2o/KV0TRRwdIQP7ZUP+B+aCv0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JjKvW+hT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JjKvW+hT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8E64C4CEED; Mon, 25 Aug 2025 11:49:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1756122587; bh=fkLWO9mxFGhVO6WYa8ClNrxZm7QL9ZBbjhs9PkBxqqg=; h=Date:Reply-To:Subject:To:References:From:In-Reply-To:From; b=JjKvW+hTylgiNrsiPZIv143Eq8Yd0NucyB16Mhua4HmBXIEBs/P+2G7YfrWUlTOVb 2xSgbjFWIUh+0W/HXoz2Qa1fveOmkvRe9ef3v90GMvh8nMeaqOulD7sq+hsmRFWsFo HknX8fHDH0LcXllXk+asbS99KhPRSa97qUvDzjfYJk9hp684ECs5Fxx4DbiWVjKUlX rXt0WonzZ4eXzZQBc40d6ITtHrLEm8widaf7fSK97xUFXEbJZkKr0/7uUjtOjlZDWD juA+Hd2puMDXi0cbpXCNdbo2bniCgnn6ZKFmAngXISD/CqEuoe34vR1BfZMW1LBpVt Vrkzqyejl3jxg== Message-ID: <4cb6117b-c727-41fa-b4cf-f04f4f024dae@kernel.org> Date: Mon, 25 Aug 2025 13:49:45 +0200 Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Reply-To: Daniel Gomez Subject: Re: [PATCH] base_image: move size adjustment until after we verify checksums To: Luis Chamberlain , Chuck Lever , Daniel Gomez , kdevops@lists.linux.dev References: <20250823212424.1263426-1-mcgrof@kernel.org> Content-Language: en-US From: Daniel Gomez Organization: kernel.org In-Reply-To: <20250823212424.1263426-1-mcgrof@kernel.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 23/08/2025 23.24, Luis Chamberlain wrote: > Move the sha512 checksum check to run *after* we resize the image. I think you mean: move the sha512 checksum to run before we resize the image. Or after we download the image. > Otherwise we fail. > > Signed-off-by: Luis Chamberlain I'm not sure why I could not replicate this but I agree (if the above was the initial intention) with the change. We should check the checksum immediately after download, otherwise the resize step changes the checksum. The patch however, is not 100% correct. So, can you ensure: * To check checksum right after download * To skip the checksum check if the file already exists * To resize only after downloading (custom_image_download) > --- > .../roles/base_image/tasks/custom-image.yml | 19 +++++++++---------- > 1 file changed, 9 insertions(+), 10 deletions(-) > > diff --git a/playbooks/roles/base_image/tasks/custom-image.yml b/playbooks/roles/base_image/tasks/custom-image.yml > index 46701e759adf..a30c8c96a31f 100644 > --- a/playbooks/roles/base_image/tasks/custom-image.yml > +++ b/playbooks/roles/base_image/tasks/custom-image.yml > @@ -46,16 +46,6 @@ > - not custom_image_stat.stat.exists > - guestfs_has_custom_raw_image_url|bool > > -- name: Resize custom image to match configured size > - become: true > - become_method: ansible.builtin.sudo > - ansible.builtin.command: > - cmd: "qemu-img resize {{ custom_image }} {{ libvirt_image_size }}" > - changed_when: true > - when: > - - custom_image_download is changed or custom_image_stat.stat.exists > - - guestfs_has_custom_raw_image_url|bool > - > - name: Check if the custom image sentinel file already exists > ansible.builtin.stat: > path: "{{ custom_image_ok }}" > @@ -124,6 +114,15 @@ > - not sentinel_stat.stat.exists > - id_output.rc != 0 > > + - name: Resize custom image to match configured size > + become: true > + become_method: ansible.builtin.sudo > + ansible.builtin.command: > + cmd: "qemu-img resize -f raw {{ custom_image }} {{ libvirt_image_size }}" > + changed_when: true > + when: > + - not sentinel_stat.stat.exists > + I think the conditions here are not correct. We should resize only after downloading. Or can we safely resize (grow/shrink) the image after bringup? > - name: Create a temporary file for virt-customize commands > ansible.builtin.tempfile: > state: file