summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2010-05-01 08:24:56 +0200
committerDaniel Baumann <daniel@debian.org>2011-03-09 19:17:06 +0100
commit6e36d93f1f84b0854c269b08b16c203f03c53c4f (patch)
tree435059b868635fc0fdf18d0503cdc77f5a49f118
parent9326dc8b01231113d12417c4153a82cd3ab00029 (diff)
downloadvyos-live-build-6e36d93f1f84b0854c269b08b16c203f03c53c4f.tar.gz
vyos-live-build-6e36d93f1f84b0854c269b08b16c203f03c53c4f.zip
Allow to include multiple checksum files and specify which hashes to use.
-rwxr-xr-xfunctions/defaults.sh2
-rwxr-xr-xhelpers/binary_checksums49
-rwxr-xr-xhelpers/config2
-rwxr-xr-xhelpers/source_checksums50
-rw-r--r--manpages/lh_config.en.16
5 files changed, 62 insertions, 47 deletions
diff --git a/functions/defaults.sh b/functions/defaults.sh
index 0862254b6..6c4444f32 100755
--- a/functions/defaults.sh
+++ b/functions/defaults.sh
@@ -814,7 +814,7 @@ Set_defaults ()
fi
# Setting checksums
- LH_CHECKSUMS="${LH_CHECKSUMS:-true}"
+ LH_CHECKSUMS="${LH_CHECKSUMS:-md5}"
# Setting chroot option
LH_CHROOT_BUILD="${LH_CHROOT_BUILD:-true}"
diff --git a/helpers/binary_checksums b/helpers/binary_checksums
index 2c507ad57..dd8d369fd 100755
--- a/helpers/binary_checksums
+++ b/helpers/binary_checksums
@@ -23,13 +23,11 @@ Arguments "${@}"
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
Set_defaults
-if [ "${LH_CHECKSUMS}" != "true" ] || [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ]
+if [ "${LH_CHECKSUMS}" = "none" ] || [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ]
then
exit 0
fi
-Echo_message "Begin creating binary md5sum.txt..."
-
# Requiring stage file
Require_stagefile .stage/config .stage/bootstrap
@@ -42,31 +40,44 @@ Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
-# Remove old md5sums
-if [ -f binary/md5sum.txt ]
-then
- rm -f binary/md5sum.txt
-fi
-
-# Calculating md5sums
-cd binary
-find . -type f \! -path './isolinux/isolinux.bin' \! -path './boot/grub/stage2_eltorito' -print0 | sort -z | xargs -0 md5sum > ../md5sum.txt
-
-cat > md5sum.txt << EOF
-This file contains the list of md5 checksums of all files on this medium.
+for CHECKSUM in ${LH_CHECKSUMS}
+do
+ Echo_message "Begin creating binary ${CHECKSUM}sum.txt..."
+
+ # Remove old checksums
+ if [ -f binary/${CHECKSUM}sum.txt ]
+ then
+ rm -f binary/${CHECKSUM}sum.txt
+ fi
+
+ # Calculating checksums
+ cd binary
+ find . -type f \
+ \! -path './isolinux/isolinux.bin' \
+ \! -path './boot/grub/stage2_eltorito' \
+ \! -path './md5sum.txt' \
+ \! -path './sha1sum.txt' \
+ \! -path './sha256sum.txt' \
+ -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUM}sum.txt
+
+cat > ${CHECKSUM}sum.txt << EOF
+This file contains the list of ${CHECKSUM} checksums of all files on this medium.
You can verify them automatically with the 'integrity-check' boot parameter,
-or, manually with: 'md5sum -c md5sum.txt'.
+or, manually with: '${CHECKSUM}sum -c ${CHECKSUM}sum.txt'.
EOF
-cat ../md5sum.txt >> md5sum.txt
-rm -f ../md5sum.txt
+ cat ../${CHECKSUM}sum.txt >> ${CHECKSUM}sum.txt
+ rm -f ../${CHECKSUM}sum.txt
+
+ cd "${OLDPWD}"
+done
# File list
+cd binary
find . | sed -e 's|^.||g' | grep "^/" | sort > ../binary.list
-
cd "${OLDPWD}"
# Creating stage file
diff --git a/helpers/config b/helpers/config
index a341af64d..b9053d540 100755
--- a/helpers/config
+++ b/helpers/config
@@ -52,7 +52,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
\t [--cache-indices true|false]\n\
\t [--cache-packages true|false]\n\
\t [--cache-stages STAGE|\"STAGES\"]\n\
-\t [--checksums true|false]\n\
+\t [--checksums md5|sha1|sha256|none]\n\
\t [--chroot-build true|false]\n\
\t [--chroot-filesystem ext2|ext3|squashfs|plain|jffs2]\n\
\t [-c|--conffile FILE]\n\
diff --git a/helpers/source_checksums b/helpers/source_checksums
index 31895db37..972b4045c 100755
--- a/helpers/source_checksums
+++ b/helpers/source_checksums
@@ -1,6 +1,6 @@
#!/bin/sh
-# lh_source_checksums(1) - create source checksumss
+# lh_source_checksums(1) - create source checksums
# Copyright (C) 2006-2010 Daniel Baumann <daniel@debian.org>
#
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -23,18 +23,11 @@ Arguments "${@}"
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
Set_defaults
-if [ "${LH_SOURCE}" != "true" ]
+if [ "${LH_CHECKSUMS}" = "none" ] || [ "${LH_SOURCE}" != "true" ]
then
exit 0
fi
-if [ "${LH_CHECKSUMS}" != "true" ]
-then
- exit 0
-fi
-
-Echo_message "Begin creating source md5sum.txt..."
-
# Requiring stage file
Require_stagefile .stage/config .stage/source_debian
@@ -47,31 +40,42 @@ Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
-# Remove old md5sums
-if [ -f source/md5sum.txt ]
-then
- rm -f source/md5sum.txt
-fi
+for CHECKSUM in ${LH_CHECKSUMS}
+do
+ Echo_message "Begin creating source ${CHECKSUM}sum.txt..."
-# Calculating md5sums
-cd source
-find . -type f -print0 | sort -z | xargs -0 md5sum > ../md5sum.txt
+ # Remove old checksums
+ if [ -f source/${CHECKSUM}sum.txt ]
+ then
+ rm -f source/${CHECKSUM}sum.txt
+ fi
+
+ # Calculating checksums
+ cd source
+ find . -type f \
+ \! -path './md5sum.txt' \
+ \! -path './sha1sum.txt' \
+ \! -path './sha256sum.txt' \
+ -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUM}sum.txt
-cat > md5sum.txt << EOF
-This file contains the list of md5 checksums of all files on this medium.
+cat > ${CHECKSUM}sum.txt << EOF
+This file contains the list of ${CHECKSUM} checksums of all files on this medium.
You can verify them automatically with the 'integrity-check' boot parameter,
-or, manually with: 'md5sum -c md5sum.txt'.
+or, manually with: '${CHECKSUM}sum -c ${CHECKSUM}sum.txt'.
EOF
-cat ../md5sum.txt >> md5sum.txt
-rm -f ../md5sum.txt
+ cat ../${CHECKSUM}sum.txt >> ${CHECKSUM}sum.txt
+ rm -f ../${CHECKSUM}sum.txt
+
+ cd "${OLDPWD}"
+done
# File list
+cd source
find . | sed -e 's|^.||g' | grep "^/" | sort > ../source.list
-
cd "${OLDPWD}"
# Creating stage file
diff --git a/manpages/lh_config.en.1 b/manpages/lh_config.en.1
index 1d5985dfd..c8ec667a2 100644
--- a/manpages/lh_config.en.1
+++ b/manpages/lh_config.en.1
@@ -54,7 +54,7 @@ lh_config \- create configuration for live\-helper
.br
[\fB\-\-cache\-stages\fR \fISTAGE\fR|\fI"STAGES"\fR]
.br
- [\fB\-\-checksums\fR true|false]
+ [\fB\-\-checksums\fR md5|sha1|sha256|none]
.br
[\fB\-\-chroot\-build\fR true|false]
.br
@@ -258,8 +258,8 @@ defines if downloaded package indices and lists should be cached which is false
defines if downloaded packages files should be cached which is true by default. Disabling it does save space consumtion in your build directory, but remember that you will cause much unnecessary traffic if you do a couple of rebuilds. In general you should always leave it true, however, in some particular rare build setups, it can be faster to refetch packages from the local network mirror rather than to utilize the local disk.
.IP "\fB\-\-cache\-stages\fR true|false|\fISTAGE\fR|""\fISTAGES\fR""" 4
sets which stages should be cached. By default set to bootstrap. As an exception to the normal stage names, also rootfs can be used here which does only cache the generated root filesystem in filesystem.{dir,ext*,squashfs}. This is useful during development if you want to rebuild the binary stage but not regenerate the root filesystem all the time.
-.IP "\fB\-\-checksums\fR true|false|md5|sha1|sha256" 4
-defines if the binary image should contain a file called md5sums.txt, sha1sums.txt or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live-initramfs' built-in integrity-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums.
+.IP "\fB\-\-checksums\fR md5|sha1|sha256|none" 4
+defines if the binary image should contain a file called md5sums.txt, sha1sums.txt and/or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live-initramfs' built-in integrity-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums.
.IP "\fB\-\-chroot\-build\fR true|false" 4
defines whetever live-helper should use the tools from within the chroot to build the binary image or not by using and including the host systems tools. This is a very dangerous option, using the tools of the host system can lead to tainted and even non-bootable images if the host systems version of the required tools (mainly these are the bootloaders such as syslinux, grub and yaboot, and the auxilliary tools such as dosfstools, genisoimage, squashfs-tools and others) do not \fBexactely\fR match what is present at build-time in the target distribution. Never do disable this option unless you are \fBexactely\fR sure what you are doing and have \fBcompletely\fI understood its consequences.
.IP "\fB\-\-chroot\-filesystem\fR ext2|ext3|squashfs|plain|jffs2" 4