diff options
author | Daniel Baumann <daniel@debian.org> | 2010-05-01 08:24:56 +0200 |
---|---|---|
committer | Daniel Baumann <daniel@debian.org> | 2011-03-09 19:17:06 +0100 |
commit | 6e36d93f1f84b0854c269b08b16c203f03c53c4f (patch) | |
tree | 435059b868635fc0fdf18d0503cdc77f5a49f118 | |
parent | 9326dc8b01231113d12417c4153a82cd3ab00029 (diff) | |
download | vyos-live-build-6e36d93f1f84b0854c269b08b16c203f03c53c4f.tar.gz vyos-live-build-6e36d93f1f84b0854c269b08b16c203f03c53c4f.zip |
Allow to include multiple checksum files and specify which hashes to use.
-rwxr-xr-x | functions/defaults.sh | 2 | ||||
-rwxr-xr-x | helpers/binary_checksums | 49 | ||||
-rwxr-xr-x | helpers/config | 2 | ||||
-rwxr-xr-x | helpers/source_checksums | 50 | ||||
-rw-r--r-- | manpages/lh_config.en.1 | 6 |
5 files changed, 62 insertions, 47 deletions
diff --git a/functions/defaults.sh b/functions/defaults.sh index 0862254b6..6c4444f32 100755 --- a/functions/defaults.sh +++ b/functions/defaults.sh @@ -814,7 +814,7 @@ Set_defaults () fi # Setting checksums - LH_CHECKSUMS="${LH_CHECKSUMS:-true}" + LH_CHECKSUMS="${LH_CHECKSUMS:-md5}" # Setting chroot option LH_CHROOT_BUILD="${LH_CHROOT_BUILD:-true}" diff --git a/helpers/binary_checksums b/helpers/binary_checksums index 2c507ad57..dd8d369fd 100755 --- a/helpers/binary_checksums +++ b/helpers/binary_checksums @@ -23,13 +23,11 @@ Arguments "${@}" Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults -if [ "${LH_CHECKSUMS}" != "true" ] || [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ] +if [ "${LH_CHECKSUMS}" = "none" ] || [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ] then exit 0 fi -Echo_message "Begin creating binary md5sum.txt..." - # Requiring stage file Require_stagefile .stage/config .stage/bootstrap @@ -42,31 +40,44 @@ Check_lockfile .lock # Creating lock file Create_lockfile .lock -# Remove old md5sums -if [ -f binary/md5sum.txt ] -then - rm -f binary/md5sum.txt -fi - -# Calculating md5sums -cd binary -find . -type f \! -path './isolinux/isolinux.bin' \! -path './boot/grub/stage2_eltorito' -print0 | sort -z | xargs -0 md5sum > ../md5sum.txt - -cat > md5sum.txt << EOF -This file contains the list of md5 checksums of all files on this medium. +for CHECKSUM in ${LH_CHECKSUMS} +do + Echo_message "Begin creating binary ${CHECKSUM}sum.txt..." + + # Remove old checksums + if [ -f binary/${CHECKSUM}sum.txt ] + then + rm -f binary/${CHECKSUM}sum.txt + fi + + # Calculating checksums + cd binary + find . -type f \ + \! -path './isolinux/isolinux.bin' \ + \! -path './boot/grub/stage2_eltorito' \ + \! -path './md5sum.txt' \ + \! -path './sha1sum.txt' \ + \! -path './sha256sum.txt' \ + -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUM}sum.txt + +cat > ${CHECKSUM}sum.txt << EOF +This file contains the list of ${CHECKSUM} checksums of all files on this medium. You can verify them automatically with the 'integrity-check' boot parameter, -or, manually with: 'md5sum -c md5sum.txt'. +or, manually with: '${CHECKSUM}sum -c ${CHECKSUM}sum.txt'. EOF -cat ../md5sum.txt >> md5sum.txt -rm -f ../md5sum.txt + cat ../${CHECKSUM}sum.txt >> ${CHECKSUM}sum.txt + rm -f ../${CHECKSUM}sum.txt + + cd "${OLDPWD}" +done # File list +cd binary find . | sed -e 's|^.||g' | grep "^/" | sort > ../binary.list - cd "${OLDPWD}" # Creating stage file diff --git a/helpers/config b/helpers/config index a341af64d..b9053d540 100755 --- a/helpers/config +++ b/helpers/config @@ -52,7 +52,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\ \t [--cache-indices true|false]\n\ \t [--cache-packages true|false]\n\ \t [--cache-stages STAGE|\"STAGES\"]\n\ -\t [--checksums true|false]\n\ +\t [--checksums md5|sha1|sha256|none]\n\ \t [--chroot-build true|false]\n\ \t [--chroot-filesystem ext2|ext3|squashfs|plain|jffs2]\n\ \t [-c|--conffile FILE]\n\ diff --git a/helpers/source_checksums b/helpers/source_checksums index 31895db37..972b4045c 100755 --- a/helpers/source_checksums +++ b/helpers/source_checksums @@ -1,6 +1,6 @@ #!/bin/sh -# lh_source_checksums(1) - create source checksumss +# lh_source_checksums(1) - create source checksums # Copyright (C) 2006-2010 Daniel Baumann <daniel@debian.org> # # live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. @@ -23,18 +23,11 @@ Arguments "${@}" Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults -if [ "${LH_SOURCE}" != "true" ] +if [ "${LH_CHECKSUMS}" = "none" ] || [ "${LH_SOURCE}" != "true" ] then exit 0 fi -if [ "${LH_CHECKSUMS}" != "true" ] -then - exit 0 -fi - -Echo_message "Begin creating source md5sum.txt..." - # Requiring stage file Require_stagefile .stage/config .stage/source_debian @@ -47,31 +40,42 @@ Check_lockfile .lock # Creating lock file Create_lockfile .lock -# Remove old md5sums -if [ -f source/md5sum.txt ] -then - rm -f source/md5sum.txt -fi +for CHECKSUM in ${LH_CHECKSUMS} +do + Echo_message "Begin creating source ${CHECKSUM}sum.txt..." -# Calculating md5sums -cd source -find . -type f -print0 | sort -z | xargs -0 md5sum > ../md5sum.txt + # Remove old checksums + if [ -f source/${CHECKSUM}sum.txt ] + then + rm -f source/${CHECKSUM}sum.txt + fi + + # Calculating checksums + cd source + find . -type f \ + \! -path './md5sum.txt' \ + \! -path './sha1sum.txt' \ + \! -path './sha256sum.txt' \ + -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUM}sum.txt -cat > md5sum.txt << EOF -This file contains the list of md5 checksums of all files on this medium. +cat > ${CHECKSUM}sum.txt << EOF +This file contains the list of ${CHECKSUM} checksums of all files on this medium. You can verify them automatically with the 'integrity-check' boot parameter, -or, manually with: 'md5sum -c md5sum.txt'. +or, manually with: '${CHECKSUM}sum -c ${CHECKSUM}sum.txt'. EOF -cat ../md5sum.txt >> md5sum.txt -rm -f ../md5sum.txt + cat ../${CHECKSUM}sum.txt >> ${CHECKSUM}sum.txt + rm -f ../${CHECKSUM}sum.txt + + cd "${OLDPWD}" +done # File list +cd source find . | sed -e 's|^.||g' | grep "^/" | sort > ../source.list - cd "${OLDPWD}" # Creating stage file diff --git a/manpages/lh_config.en.1 b/manpages/lh_config.en.1 index 1d5985dfd..c8ec667a2 100644 --- a/manpages/lh_config.en.1 +++ b/manpages/lh_config.en.1 @@ -54,7 +54,7 @@ lh_config \- create configuration for live\-helper .br [\fB\-\-cache\-stages\fR \fISTAGE\fR|\fI"STAGES"\fR] .br - [\fB\-\-checksums\fR true|false] + [\fB\-\-checksums\fR md5|sha1|sha256|none] .br [\fB\-\-chroot\-build\fR true|false] .br @@ -258,8 +258,8 @@ defines if downloaded package indices and lists should be cached which is false defines if downloaded packages files should be cached which is true by default. Disabling it does save space consumtion in your build directory, but remember that you will cause much unnecessary traffic if you do a couple of rebuilds. In general you should always leave it true, however, in some particular rare build setups, it can be faster to refetch packages from the local network mirror rather than to utilize the local disk. .IP "\fB\-\-cache\-stages\fR true|false|\fISTAGE\fR|""\fISTAGES\fR""" 4 sets which stages should be cached. By default set to bootstrap. As an exception to the normal stage names, also rootfs can be used here which does only cache the generated root filesystem in filesystem.{dir,ext*,squashfs}. This is useful during development if you want to rebuild the binary stage but not regenerate the root filesystem all the time. -.IP "\fB\-\-checksums\fR true|false|md5|sha1|sha256" 4 -defines if the binary image should contain a file called md5sums.txt, sha1sums.txt or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live-initramfs' built-in integrity-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums. +.IP "\fB\-\-checksums\fR md5|sha1|sha256|none" 4 +defines if the binary image should contain a file called md5sums.txt, sha1sums.txt and/or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live-initramfs' built-in integrity-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums. .IP "\fB\-\-chroot\-build\fR true|false" 4 defines whetever live-helper should use the tools from within the chroot to build the binary image or not by using and including the host systems tools. This is a very dangerous option, using the tools of the host system can lead to tainted and even non-bootable images if the host systems version of the required tools (mainly these are the bootloaders such as syslinux, grub and yaboot, and the auxilliary tools such as dosfstools, genisoimage, squashfs-tools and others) do not \fBexactely\fR match what is present at build-time in the target distribution. Never do disable this option unless you are \fBexactely\fR sure what you are doing and have \fBcompletely\fI understood its consequences. .IP "\fB\-\-chroot\-filesystem\fR ext2|ext3|squashfs|plain|jffs2" 4 |