hw-health-charm

Receiving Tool perccli checksum error

Bug #1987673 reported by William Szeliga on 2022-08-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	hw-health-charm	Invalid	Medium	Mert Kirpici

Bug Description

I have deployed the latest version of hw-health (rev 18) as part of my deployment, and on my Dell R740 servers I am seeing the following message in juju status: "Tool perccli checksum error"

This was after attempting to follow the instructions to add the perccli utility to the tools.zip resource and attaching it.

Steps I followed:
- Got the perccli tar from the url mentioned on the charm documentation. https://charmhub.io/hw-health#building-the-tools-zip-resource
(https://dl.dell.com/FOLDER07576010M/1/PERCCLI_7.1623.00_A11_Linux.tar.gz)
- extracted the contents from that tar, renamed perccli_007.1623.0000.0000_all.deb to perccli (since I am deploying on Ubuntu 20.04), moved the newly renamed perccli file to a tmp directory
- extracted the current contents of the tools.zip directory to the same tmp directory
- zipped up all of those file in that temp directory to get a new tools.zip file
- performing zipinfo shows that the new zip has the perccli tool in the new tools.zip
- executed the juju attach-resource hw-health tools=/tmp/tools.zip command and received the checksum error above

Some command outputs:

(show the contents of the temp folder used to unpack / pack up the zip resource)
$ ls -al
total 12115
drwxr-xr-x 2 ubuntu ubuntu 7 Aug 23 10:21 .
drwxr-xr-x 15 ubuntu ubuntu 15 Mar 30 18:49 ..
-rwxr-xr-x 1 ubuntu ubuntu 2716736 May 28 2013 megacli
-rw-rw-r-- 1 ubuntu ubuntu 4648512 Aug 23 10:21 perccli
-r--r--r-- 1 ubuntu ubuntu 559164 Mar 11 2016 sas2ircu
-rw-r--r-- 1 ubuntu ubuntu 660560 Apr 2 2018 sas3ircu
-rw-rw-r-- 1 ubuntu ubuntu 5880858 Aug 23 10:21 tools.zip

(what's in the new zip)
$ zipinfo tools.zip
Archive: tools.zip
Zip file size: 5880858 bytes, number of entries: 4
-rwxr-xr-x 3.0 unx 2716736 bx defN 13-May-28 08:30 megacli
-rw-rw-r-- 3.0 unx 4648512 bx defN 22-Aug-23 10:21 perccli
-r--r--r-- 3.0 unx 559164 bx defN 16-Mar-11 23:29 sas2ircu
-rw-r--r-- 3.0 unx 660560 bx defN 18-Apr-02 09:26 sas3ircu
4 files, 8584972 bytes uncompressed, 5880264 bytes compressed: 31.5%

$ juju resources hw-health
Resource Supplied by Revision
tools admin 2022-08-23T10:22

Apologies if this isn't a bug. Hopefully this is just a simple matter of not understanding the correct process.

How should I proceed to correct this checksum error?

Thank you!

Tags:

Revision history for this message

William Szeliga (wszeliga-t2s) wrote on 2022-08-31:

This looks like it is just an updated checksum that needs to be added. I am getting the following updated checksum:

e46d955241c932023caf63862cd9dacb2b723b7f944340efb0e5afb6a2681e9d perccli

Please verify if this is what you see as well.

Revision history for this message

Andrea Ieri (aieri) wrote on 2022-12-28:

Yeah, it's probably just a matter of adding the new hash to the whitelist. That said, I feel we should avoid hardcoding hashes when the software can be directly downloaded from the vendor website, especially if a repository is available. Fetching the files via https and therefore validating the source via its CA should be sufficient.

Changed in charm-hw-health:
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

Facundo Ciccioli (fandanbango) wrote on 2023-03-17:

We're hitting this too in one of our upcoming customer's environments. For me too it seems excessive and very limiting to hard code checksums on the charm.

Andrea, are you proposing the charm should download the tools or just saying that the operator should be responsible for what it's attached as a resource? If it's of any use, I vote +100 for the latter.

Revision history for this message

Andrea Ieri (aieri) wrote on 2023-03-22:

Some of the tools this charm leverages are distributed for free by the vendors via their websites, but only after clicking through a EULA; as it is unclear whether we are allowed to redistribute the same files from the charm store we opted for the resource zip route. Given that those tools need to run as root, we also added basic, hardcoded checksum validation logic as a protection for operators.

However, if a vendor offers their software as a direct download (or even better, as a deb package via their own repository) the charm should not expect operators to repackage it as a charm resource, but rather automatically download and install the software.

In the perccli case, I think ensuring the download comes from a dell.com website via https should be sufficient. Hardcoding the hash in the charm could still be considered, but also adding a charm option to let operators bypass the checking.

tags:

added: bseng-1026

Eric Chen (eric-chen) on 2023-09-25

Changed in charm-hw-health:
milestone:	none → 23.10

Revision history for this message

Mert Kirpici (mertkirpici) wrote on 2023-09-27:

Hi William, I believe you need to extract the debian package and use the compiled binary inside to generate tools.zip, not the debian package itself. Here is my workflow and the checksum that I observed, which is what the source code seem to whitelist already[0]. Haven't tested it myself however it _should_ work since the hash values match. Could you try it and tell me if this resolves your issue?

$ ls
PERCCLI_7.1623.00_A11_Linux.tar.gz

$ tar xvf PERCCLI_7.1623.00_A11_Linux.tar.gz
perccli-007.1623.0000.0000-1.noarch.rpm
perccli_007.1623.0000.0000_all.deb
pubKey.asc
splitpackage.sh
ThirdPartyLicenseNotice.pdf

$ ar x perccli_007.1623.0000.0000_all.deb
$ tar xvf data.tar.xz
./
./opt/
./opt/MegaRAID/
./opt/MegaRAID/perccli/
./opt/MegaRAID/perccli/perccli64

$ sha256sum opt/MegaRAID/perccli/perccli64
f83a9d976fb4ed90009c773777504ee56fbf4a40c40d683bf78967d1e5aa35ff opt/MegaRAID/perccli/perccli64

---

[0] https://git.launchpad.net/charm-hw-health/tree/src/lib/hwhealth/tools.py?id=2bdc7ef5336e9a620aa25e0abff2c1d427cd7c74#n606

Changed in charm-hw-health:
assignee:	nobody → Mert Kirpici (mertkirpici)
status:	Triaged → Incomplete

Mert Kirpici (mertkirpici) on 2023-09-27

Changed in charm-hw-health:
status:	Incomplete → Invalid

Tianqi Xiao (txiao) on 2023-11-01

Changed in charm-hw-health:
milestone:	23.10 → none

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.