From be6b2f51059e0604bd3728e6cd603972df8cf619 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 5 Jun 2012 17:30:25 +0200 Subject: Rewriting live-media checksum verification to work with any SHA and MD5 digests. --- scripts/boot.sh | 9 +++--- scripts/boot/arguments.sh | 11 +++---- scripts/boot/integrity-check.sh | 29 ------------------ scripts/boot/verify-checksums.sh | 63 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 38 deletions(-) delete mode 100755 scripts/boot/integrity-check.sh create mode 100755 scripts/boot/verify-checksums.sh (limited to 'scripts') diff --git a/scripts/boot.sh b/scripts/boot.sh index 90750b5..2fe563e 100755 --- a/scripts/boot.sh +++ b/scripts/boot.sh @@ -512,10 +512,11 @@ mountroot () panic "Unable to find a medium containing a live file system" fi - if [ "${INTEGRITY_CHECK}" ] - then - integrity_check "${livefs_root}" - fi + case "${LIVE_VERIFY_CHECKSUMS}" in + true) + Verify_checksums "${livefs_root}" + ;; + esac if [ "${TORAM}" ] then diff --git a/scripts/boot/arguments.sh b/scripts/boot/arguments.sh index eeedeca..f9e8d33 100755 --- a/scripts/boot/arguments.sh +++ b/scripts/boot/arguments.sh @@ -7,6 +7,12 @@ Arguments () for ARGUMENT in $(cat /proc/cmdline) do case "${ARGUMENT}" in + live-boot.verify-checksums|verify-checksums) + LIVE_VERIFY_CHECKSUMS="true" + export LIVE_VERIFY_CHECKSUMS + ;; + + # parameters below need review read-only) READ_ONLY="true" ;; @@ -96,11 +102,6 @@ Arguments () export IGNORE_UUID ;; - integrity-check) - INTEGRITY_CHECK="true" - export INTEGRITY_CHECK - ;; - ip=*) STATICIP="${ARGUMENT#ip=}" diff --git a/scripts/boot/integrity-check.sh b/scripts/boot/integrity-check.sh deleted file mode 100755 index 08f9583..0000000 --- a/scripts/boot/integrity-check.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -#set -e - -integrity_check () -{ - media_mountpoint="${1}" - - log_begin_msg "Checking media integrity" - - cd ${media_mountpoint} - /bin/md5sum -c md5sum.txt < /dev/tty8 > /dev/tty8 - RC="${?}" - - log_end_msg - - if [ "${RC}" -eq 0 ] - then - log_success_msg "Everything ok, will reboot in 10 seconds." - sleep 10 - cd / - umount ${media_mountpoint} - sync - echo u > /proc/sysrq-trigger - echo b > /proc/sysrq-trigger - else - panic "Not ok, a media defect is likely, switch to VT8 for details." - fi -} diff --git a/scripts/boot/verify-checksums.sh b/scripts/boot/verify-checksums.sh new file mode 100755 index 0000000..7dd5da3 --- /dev/null +++ b/scripts/boot/verify-checksums.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +#set -e + +Verify_checksums () +{ + _MOUNTPOINT="${1}" + + _DIGESTS="sha512 sha384 sha256 sha224 sha1 md5" + _TTY="/dev/tty8" + + log_begin_msg "Verifying checksums" + + cd "${_MOUNTPOINT}" + + for _DIGEST in ${_DIGESTS} + do + _CHECKSUMS="$(echo ${_DIGEST} | tr [a-z] [A-Z])SUMS" + + if [ -e "${_CHECKSUMS}" ] + then + echo "Found ${_CHECKSUMS}..." > "${_TTY}" + + if [ -e "/bin/${_DIGEST}sum" ] + then + echo "Checking ${_CHECKSUMS}..." > "${_TTY}" + + # Verify checksums + /bin/${_DIGEST}sum -c "${_CHECKSUMS}" < "${_TTY}" > "${_TTY}" + _RETURN="${?}" + + # Stop after first verification + break + else + echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}" + fi + fi + done + + log_end_msg + + case "${_RETURN}" in + 0) + log_success_msg "Verification successfull, rebooting in 10 seconds." + sleep 10 + + # Unmount live-media + cd / + umount -f ${_MOUNTPOINT} > /dev/null 2>&1 + sync + + # Attempt to remount all mounted filesystems read-only + echo u > /proc/sysrq-trigger + + # Immediately reboot the system without syncing or unmounting filesystems + echo b > /proc/sysrq-trigger + ;; + + *) + panic "Verification failed, $(basename ${_TTY}) for more information." + ;; + esac +} -- cgit v1.2.3