Stein Series Release Notes

2.16.0

Prelude

This version of python-glanceclient adds Python 3.6 classifier and gating on Python 3.7 environment.

New Features

  • For parity with the old checksum field, this release adds the ability for CLI users to filter the image list based upon a particular multihash value using the --hash <HASH_VALUE> option. Issue the command:

    glance help image-list
    

    for more information.

  • Support for embedding validation data (checksum and multihash) when adding a location to an image. Requires the Stein release server-side.

    The glance.images.add_location() method now accepts an optional argument validation_data, in the form of a dictionary containing checksum, os_hash_algo and os_hash_value.

    The location-add command now accepts optional arguments --checksum, --hash-algo and --hash-value.

Bug Fixes

    • Bug 1788271: Add image-list filter for multihash

    • Bug 1598714: Remove redundant information from error message

2.14.0

New Features

  • This release adds verification of image data downloads using the Glance “multihash” feature introduced in the OpenStack Rocky release. When the os_hash_value is populated on an image, the glanceclient will verify this value by computing the hexdigest of the downloaded data using the algorithm specified by the image’s os_hash_algo property.

    Because the secure hash algorithm specified is determined by the cloud provider, it is possible that the os_hash_algo may identify an algorithm not available in the version of the Python hashlib library used by the client. In such a case the download will fail due to an unsupported hash type. In the event this occurs, a new option, --allow-md5-fallback, is introduced to the image-download command. When present, this option will allow the glanceclient to use the legacy MD5 checksum to verify the downloaded data if the secure hash algorithm specified by the os_hash_algo image property is not supported.

    Note that the fallback is not used in the case where the algorithm is supported but the hexdigest of the downloaded data does not match the os_hash_value. In that case the download fails regardless of whether the option is present or not.

    Whether using the --allow-md5-fallback option is a good idea depends upon the user’s expectations for the verification. MD5 is an insecure hashing algorithm, so if you are interested in making sure that the downloaded image data has not been replaced by a datastream carefully crafted to have the same MD5 checksum, then you should not use the fallback. If, however, you are using Glance in a trusted environment and your interest is simply to verify that no bits have flipped during the data transfer, the MD5 fallback is sufficient for that purpose. That being said, it is our recommendation that the multihash should be used whenever possible.

Security Issues

  • This release of the glanceclient uses the Glance “multihash” feature, introduced in Rocky, to use a secure hashing algorithm to verify the integrity of downloaded data. Legacy images without the “multihash” image properties (os_hash_algo and os_hash_value) are verified using the MD5 checksum image property.