Google Git
Sign in
cos / cos / tools / 902fcaab43ad
commit902fcaab43ad8e4b8a575edbf06a044ab93ef439[log] [tgz]
authorNandhini Rengaraj <nrengaraj@google.com>Fri Jan 31 00:44:38 2025 +0000
committerNandhini Rengaraj <nrengaraj@google.com>Mon Feb 03 11:28:18 2025 -0800
tree2007216396f8189b051a9ce4cb78427d6682582c
parentcab12b78ff7bfbfbb8a42f309fd51eb9dc293b60 [diff]
provisioner, preloader: Add integrity checks for build context

Compute SHA-256 checksums for all the entities we upload to GCS that are
to be used in the preloaded VM (ie. the build context). The computed
checksums are set as VM instance metadata of format <file_name> : <hash>
using daisy when the instance is spun up. In the preload VM, download
the build context and verify the integrity by comparing the checksum
from instance metadata with the downloaded file. Proceed if there are
no errors, exit otherwise.

BUG=b/214451194
TEST=build cos-customizer docker image and ran derived image builds, cos-customizer integration tests
RELEASE_NOTE=None

Change-Id: I1c4feeca83ab8e7340f25370c3574de7cde407e9
Reviewed-on: https://cos-review.googlesource.com/c/cos/tools/+/91805
Tested-by: Nandhini Rengaraj <nrengaraj@google.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Cloud-Build: GCB Service account <228075978874@cloudbuild.gserviceaccount.com>
14 files changed
tree: 2007216396f8189b051a9ce4cb78427d6682582c
  1. coverage/
  2. release/
  3. src/
  4. testing/
  5. .gitignore
  6. BUILD.bazel
  7. cloudbuild.yaml
  8. CONTRIBUTING.md
  9. deps.bzl
  10. go.mod
  11. go.sum
  12. LICENSE
  13. postsubmit-cloudbuild.yaml
  14. README.md
  15. run_builds.sh
  16. run_unit_tests.sh
  17. WORKSPACE
README.md

Tools for Container-Optimized OS

This is a repository of various tools developed for Container-Optimized OS. Examples include cos-gpu-installer, cos-toolbox, etc.

See CONTRIBUTING.md for how to contribute.