diff options
| -rw-r--r-- | debian/changelog | 21 | ||||
| -rwxr-xr-x | scripts/install/install-image | 33 | ||||
| -rwxr-xr-x | scripts/install/install-image-existing | 49 | ||||
| -rwxr-xr-x | scripts/install/install-image-new | 31 | ||||
| -rwxr-xr-x | scripts/install/install-postinst-new | 6 |
5 files changed, 121 insertions, 19 deletions
diff --git a/debian/changelog b/debian/changelog index e64453c1..c2a364b5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,24 @@ +vyatta-cfg-system (0.17.38) unstable; urgency=low + + * Add code to check digital signature of image files. + + -- Bob Gilligan <gilligan@vyatta.com> Mon, 03 May 2010 17:21:10 -0700 + +vyatta-cfg-system (0.17.37) unstable; urgency=low + + * Allow user to name system images when installing them. + + -- Bob Gilligan <gilligan@vyatta.com> Fri, 30 Apr 2010 15:48:57 -0700 + +vyatta-cfg-system (0.17.36) unstable; urgency=low + + * Ignore comments in level file + * Set capabilities on standard utilities + * Make interface help completion strings consistent + * Revert "Set capabilities on standard utilities" + + -- Stephen Hemminger <stephen.hemminger@vyatta.com> Tue, 27 Apr 2010 15:27:49 -0700 + vyatta-cfg-system (0.17.35) unstable; urgency=low * Configure IFB devices earlier in boot diff --git a/scripts/install/install-image b/scripts/install/install-image index 607dcc98..c4bf3800 100755 --- a/scripts/install/install-image +++ b/scripts/install/install-image @@ -69,6 +69,39 @@ fetch_iso_by_url () fi echo "ISO download suceeded." + + echo "Checking for digital signature file..." + curl -f -o ${filename}.asc ${NEW_ISO}.asc + if [ $? -ne 0 ]; then + echo "Unable to fetch digital signature file." + echo -n "Do you want to continue without signature check? (yes/no) [yes] " + + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + # In case signature file was partially downloaded... + rm -f ${filename}.asc + fi + + if [ -e ${filename}.asc ]; then + echo "Found it. Checking digital signature..." + gpg --keyring /etc/apt/trusted.gpg --verify ${filename}.asc + if [ $? -ne 0 ]; then + echo "Signature check FAILED." + echo -n "Do you want to continue anyway? (yes/no) [no] " + response=$(get_response "Yes" "Yes No Y N") + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + fail_exit 'OK. Installation will not be performed.' + fi + + echo "OK. Proceding with installation anyway." + else + echo "Digital signature is valid." + fi + fi + NEW_ISO=$filename } diff --git a/scripts/install/install-image-existing b/scripts/install/install-image-existing index c243fda6..e8f723a0 100755 --- a/scripts/install/install-image-existing +++ b/scripts/install/install-image-existing @@ -54,16 +54,27 @@ fi # get new version string. this is from the squashfs image. NEWVER=`dpkg -l --root=${CD_SQUASH_ROOT} | grep "^.. vyatta-version " | awk '{print $3}'` +NEWNAME=$NEWVER -if [ -z "$NEWVER" ]; then - failure_exit 'Cannot find new release version.' +echo -n "What would you like to name this image? [$NEWNAME]: " +read response +if [ -n "$response" ]; then + NEWNAME=$response fi -if [ "$CURVER" == "$NEWVER" ]; then - echo "Image version $NEWVER is the same as the running system." - echo "Cannot install the same release version as the running system." - exit 1 + +# Validate image name +if [ "$NEWNAME" = "grub" -o "${NEWNAME:0:7}" = "vmlinuz" -o \ + "${NEWNAME:0:6}" = "initrd" -o "${NEWNAME:0:10}" = "System.map" -o \ + "$NEWNAME" = "Old-non-image-installation" ]; then + echo "Can't use $NEWNAME. It is a reserved image name." + exit 1; +fi + +if [ -z "$NEWNAME" ]; then + failure_exit 'Invalid image name.' fi +echo "OK. This image will be named: $NEWNAME" # this is the default if current install is union BOOT_DIR=/live/image/boot @@ -74,24 +85,30 @@ elif [ "$CUR_INSTALL" != 'union' ]; then exit 1 fi -if [ -d $BOOT_DIR/$NEWVER ]; then - echo "Version $NEWVER is already installed on this system." +if [ -d $BOOT_DIR/$NEWNAME ]; then + if [ "$CURVER" = "$NEWNAME" ]; then + echo "$NEWNAME is the image you are currently running. Can't" + echo "Re-install over the running image." + exit 1 + fi + + echo "An image named $NEWNAME is already installed on this system." echo "Proceeding with this installation will delete this copy of" - echo "$NEWVER and replace it with a new copy." + echo "$NEWNAME and replace it with a new copy." echo -n "Do you want to replace it? (Yes/No) [No]: " resp=$(get_response "No" "Yes No Y N") if [ "$resp" != 'yes' ] && [ "$resp" != 'y' ]; then - echo "OK. Will not replace $NEWVER" + echo "OK. Will not replace $NEWNAME" echo "Exiting..." exit 1 fi fi # start the install -echo "Installing \"$NEWVER\" release." +echo "Installing \"$NEWNAME\" image." # create the new release directories -REL_ROOT=$BOOT_DIR/$NEWVER +REL_ROOT=$BOOT_DIR/$NEWNAME RW_DIR="$REL_ROOT/live-rw" if ! mkdir -p "$RW_DIR"; then failure_exit 'Cannot create directory for new release.' @@ -163,10 +180,16 @@ if [ -e "$DEF_GRUB" ]; then echo "Setting up grub configuration..." new_index=$(get_grub_index) + def_grub_vers=/tmp/def_grub.$$ + cp $DEF_GRUB $def_grub_vers + sed -i "s/menuentry \"Vyatta.*(/menuentry \"Vyatta image $NEWNAME (/" $def_grub_vers + sed -i "s/menuentry \"Lost password change.*(/menuentry \"Lost password change $NEWNAME (/" $def_grub_vers + sed -i "sX/boot/[A-Za-z0-9\.\-]*X/boot/${NEWNAME}Xg" $def_grub_vers + old_grub_cfg=$BOOT_DIR/grub/grub.cfg new_grub_cfg=/tmp/grub.cfg.$$ sed -n '/^menuentry/q;p' $old_grub_cfg >$new_grub_cfg - cat $DEF_GRUB >>$new_grub_cfg + cat $def_grub_vers >> $new_grub_cfg sed -n '/^menuentry/,${p}' $old_grub_cfg >>$new_grub_cfg sed -i "s/^set default=[0-9]\+$/set default=$new_index/" $new_grub_cfg mv $new_grub_cfg $old_grub_cfg diff --git a/scripts/install/install-image-new b/scripts/install/install-image-new index 7294fc35..5726fa03 100755 --- a/scripts/install/install-image-new +++ b/scripts/install/install-image-new @@ -24,15 +24,36 @@ if ! try_mount "/dev/$ROOT_PARTITION $WRITE_ROOT"; then fi version=$(get_new_version) -if [ -z "$version" ]; then +image_name=$version +if [ -z "$image_name" ]; then echo 'Cannot find new version. Exiting...' exit 1 fi +echo -n "What would you like to name this image? [$image_name]: " +read response +if [ -n "$response" ]; then + image_name=$response +fi + +# Validate image name +if [ "$image_name" = "grub" -o "${image_name:0:7}" = "vmlinuz" -o \ + "${image_name:0:6}" = "initrd" -o "${image_name:0:10}" = "System.map" -o \ + "$image_name" = "Old-non-image-installation" ]; then + echo "Can't use $image_name. It is a reserved image name." + exit 1; +fi + +if [ -z "$image_name" ]; then + failure_exit 'Invalid image name.' +fi + +echo "OK. This image will be named: $image_name" + # make the dir for the new version -mkdir -p $WRITE_ROOT/boot/$version +mkdir -p $WRITE_ROOT/boot/$image_name # make dir for backing store -rw_dir=$WRITE_ROOT/boot/$version/live-rw +rw_dir=$WRITE_ROOT/boot/$image_name/live-rw mkdir -p $rw_dir echo Copying squashfs image... @@ -53,10 +74,10 @@ if [ ! -f "$squash_img" ] || [ -z "$boot_files" ]; then fi fi -target_squash=$WRITE_ROOT/boot/$version/$version.squashfs +target_squash=$WRITE_ROOT/boot/$image_name/$version.squashfs cp -p $squash_img $target_squash echo Copying kernel and initrd images... -cp -dp $boot_files $WRITE_ROOT/boot/$version/ +cp -dp $boot_files $WRITE_ROOT/boot/$image_name/ # set up union root for postinst mkdir -p $INST_ROOT $READ_ROOT diff --git a/scripts/install/install-postinst-new b/scripts/install/install-postinst-new index 65c6cd7f..c96f5657 100755 --- a/scripts/install/install-postinst-new +++ b/scripts/install/install-postinst-new @@ -133,9 +133,13 @@ if [ -z "$version" ]; then exit 1 fi +array=( $WRITE_ROOT/boot/* ) +image_name=${array[0]} +image_name=${image_name#$WRITE_ROOT/boot/} + # these are the defaults for "union" grub_root=$WRITE_ROOT -grub_setup_args="-u $version" +grub_setup_args="-u $image_name" if [ "$INSTALL_TYPE" == 'old' ]; then grub_root=$INST_ROOT grub_setup_args="-v $version" |