summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorLulu Cathrinus Grimalkin <e.altunbas@vyos.io>2021-05-10 22:34:39 +0300
committerGitHub <noreply@github.com>2021-05-10 21:34:39 +0200
commit085d0148c3d7d22afc5ce4fc10750b67c8cdfe26 (patch)
tree073bef3b354c17d47560f4cf1a188b85835f7221 /scripts
parent782d0cecb3d221b73a31e4a38cebef6a7f37c947 (diff)
downloadvyatta-cfg-system-085d0148c3d7d22afc5ce4fc10750b67c8cdfe26.tar.gz
vyatta-cfg-system-085d0148c3d7d22afc5ce4fc10750b67c8cdfe26.zip
T3351: Check for SHA256 files
Fall back to MD5 if SHA256 checksums could not be found Don't bother downloading .iso.sha256 files
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/install/install-image58
1 files changed, 18 insertions, 40 deletions
diff --git a/scripts/install/install-image b/scripts/install/install-image
index 57fd86eb..08e9fff4 100755
--- a/scripts/install/install-image
+++ b/scripts/install/install-image
@@ -149,38 +149,6 @@ fetch_iso_by_url ()
fi
echo "ISO download succeeded."
- echo "Checking SHA256 (256-bit) checksum..."
- ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o ${filename}.sha256 ${NEW_ISO}.sha256
- if [ $? -ne 0 ]; then
- echo "Unable to fetch SHA256 checksum file."
- echo -n "Do you want to continue without checksum verification? (yes/no) [yes] "
-
- response=$(get_response "Yes" "Yes No Y N")
- if [ "$response" == "no" ] || [ "$response" == "n" ]; then
- rm -f $filename
- fail_exit 'OK. Installation will not be performed.'
- fi
- # In case signature file was partially downloaded...
- rm -f ${filename}.sha256
- fi
- if [ -e ${filename}.sha256 ]; then
- echo "Found it. Verifying checksum..."
- # save our current working directory
- cwd=$(pwd)
- # checksum validation must be performed in the download directory because
- # of the relative path inside the checksum file
- cd ${TEMP_DIR}
- echo $(cat ${NEW_ISO##*/}.sha256 | awk '{print $1}') ${NEW_ISO##*/} | sha256sum --check --quiet
- if [ $? -ne 0 ]; then
- echo "Signature check FAILED."
- fail_exit 'Installation will not be performed.'
- else
- echo "SHA256 checksum valid."
- fi
- # restore old working directory
- cd $cwd
- fi
-
echo "Checking for digital signature file..."
ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o ${filename}.asc ${NEW_ISO}.asc
if [ $? -ne 0 ]; then
@@ -204,7 +172,7 @@ fetch_iso_by_url ()
echo -n "Do you want to continue anyway? (yes/no) [no] "
response=$(get_response "No" "Yes No Y N")
if [ "$response" == "no" ] || [ "$response" == "n" ]; then
- fail_exit 'OK. Installation will not be performed.'
+ fail_exit 'OK. Installation will not be performed.'
fi
echo "OK. Proceeding with installation anyway."
@@ -251,15 +219,25 @@ set_up_new_iso ()
fi
# Verify checksums of all files in ISO image
- if [ ! -f $CD_ROOT/md5sum.txt ]; then
- fail_exit "MD5 checksum file is missing from ISO."
+ if [ ! -f $CD_ROOT/sha256sum.txt ]; then
+ if [ ! -f $CD_ROOT/md5sum.txt ]; then
+ fail_exit "Checksum file not found. The image file is either corrupt or not a VyOS image."
+ else
+ # Falling back to MD5 since SHA256 could not be found.
+ # This must be an older image.
+ echo -n "Checking MD5 checksums of files on the ISO image... "
+ sum='md5sum'
+ fi
+ else
+ echo -n "Checking SHA256 checksums of files on the ISO image... "
+ sum='sha256sum'
fi
- echo -n "Checking MD5 checksums of files on the ISO image..."
- resfile=`mktemp /tmp/install-image-md5check-XXXXXXXX`
- (cd $CD_ROOT ; md5sum -c md5sum.txt > $resfile)
- failures=`grep -v 'OK$' $resfile | wc -l`
+ resfile=$(mktemp /tmp/install-image-md5check-XXXXXXXX)
+ (cd $CD_ROOT ; $sum -c $sum.txt > $resfile)
+ failures=$(grep -cv 'OK$' $resfile)
rm -f $resfile
+
if [ $failures == 0 ]; then
echo "OK."
else
@@ -272,7 +250,7 @@ set_up_new_iso ()
# mount squash image
margs="-o loop,ro $squash_file $CD_SQUASH_ROOT"
if ! try_mount "$margs"; then
- fail_exit 'Failed to mount the squashfs image.'
+ fail_exit 'Failed to mount the squashfs image.'
fi
}