From 8ecd711c3da1ece5555cca5fad6a68b876b183ab Mon Sep 17 00:00:00 2001
From: Mark Gurevich <gurevich@us.ibm.com>
Date: Thu, 16 Nov 2017 13:37:16 -0500
Subject: [PATCH] Verify hash ID

---
 xCAT-server/lib/xcat/plugins/openbmc.pm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/xCAT-server/lib/xcat/plugins/openbmc.pm b/xCAT-server/lib/xcat/plugins/openbmc.pm
index fb0b7c800..883b28086 100644
--- a/xCAT-server/lib/xcat/plugins/openbmc.pm
+++ b/xCAT-server/lib/xcat/plugins/openbmc.pm
@@ -50,6 +50,7 @@ $::POWER_STATE_RESET        = "reset";
 $::POWER_STATE_REBOOT       = "reboot";
 $::UPLOAD_FILE              = "";
 $::UPLOAD_FILE_VERSION      = "";
+$::UPLOAD_FILE_HASH_ID      = "";
 $::RSETBOOT_URL_PATH        = "boot";
 # To improve the output to users, store this value as a global
 $::UPLOAD_AND_ACTIVATE      = 0;
@@ -1127,6 +1128,8 @@ sub parse_command_status {
 
         my $file_id = undef;
         my $grep_cmd = "/usr/bin/grep -a";
+        my $tr_cmd = "/usr/bin/tr";
+        my $sha512sum_cmd = "/usr/bin/sha512sum";
         my $version_tag = '"^version="';
         my $purpose_tag = '"purpose="';
         my $purpose_value;
@@ -1166,6 +1169,11 @@ sub parse_command_status {
                         $purpose_value = "Host";
                     } 
                     $::UPLOAD_FILE_VERSION = $version_value;
+                    if (-x $sha512sum_cmd) {
+                        # Save hash id this firmware version should resolve to:
+                        # take version string, get rid of newline, run through sha512sum, take first 8 characters
+                        $::UPLOAD_FILE_HASH_ID = substr(`echo $::UPLOAD_FILE_VERSION | $tr_cmd -d '\n' | $sha512sum_cmd`, 0,8);
+                    }
                 }
 
                 if ($check_version) {
@@ -2607,6 +2615,12 @@ sub rflash_response {
                     $found_match = 1;
                     # Found a match of uploaded file version with the image in software/enumerate
 
+                    # If we have a saved expected hash ID, compare it to the one just found 
+                    if ($::UPLOAD_FILE_HASH_ID && ($::UPLOAD_FILE_HASH_ID ne $update_id)) {
+                        xCAT::SvrUtils::sendmsg([1,"Firmware uploaded, but not activated. ID $update_id did not match expected ID $::UPLOAD_FILE_HASH_ID "], $callback, $node);
+                        $wait_node_num--;
+                        return; # Stop processing for this node, do not activate. Firmware shold be left in "Ready" state.
+                    }
                     # Set the image id for the activation request
                     $status_info{RFLASH_UPDATE_ACTIVATE_REQUEST}{init_url} =
                        $::SOFTWARE_URL . "/$update_id/attr/RequestedActivation";