|author||Tails developers <firstname.lastname@example.org>||2012-05-12 17:51:30 +0200|
|committer||Tails developers <email@example.com>||2012-05-16 12:50:33 +0200|
vagrant: Download and verify squeeze.box from Tails mirror
Vagrant does not currently offer any way to verify a downloaded box file. In order to overcome this limitation, we monkey-patch Vagrant::Action::Box::Download#download method to verify a checksum right after the file has been retrieved. This should definitely implemented upstream in a more proper way but it will do for now.
Diffstat (limited to 'vagrant/lib')
1 files changed, 37 insertions, 0 deletions
diff --git a/vagrant/lib/vagrant_verified_download.rb b/vagrant/lib/vagrant_verified_download.rb
new file mode 100644
@@ -0,0 +1,37 @@
+# Tails: The Amnesic Incognito Live System
+# Copyright © 2012 Tails developers <firstname.lastname@example.org>
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# The following will monkeypatch Vagrant (successfuly tested against Vagrant
+# 1.0.2) in order to verify the checksum of a downloaded box.
+ class Config::VMConfig
+ attr_accessor :box_checksum
+ class Action::Box::Download
+ alias :unverified_download :download
+ def download
+ checksum = Digest::SHA256.new.file(@temp_path).hexdigest
+ if checksum != @env['global_config'].vm.box_checksum
+ raise Errors::BoxVerificationFailed.new