From 6e36d93f1f84b0854c269b08b16c203f03c53c4f Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 1 May 2010 08:24:56 +0200 Subject: Allow to include multiple checksum files and specify which hashes to use. --- functions/defaults.sh | 2 +- helpers/binary_checksums | 49 +++++++++++++++++++++++++++++------------------ helpers/config | 2 +- helpers/source_checksums | 50 ++++++++++++++++++++++++++---------------------- manpages/lh_config.en.1 | 6 +++--- 5 files changed, 62 insertions(+), 47 deletions(-) diff --git a/functions/defaults.sh b/functions/defaults.sh index 0862254..6c4444f 100755 --- a/functions/defaults.sh +++ b/functions/defaults.sh @@ -814,7 +814,7 @@ Set_defaults () fi # Setting checksums - LH_CHECKSUMS="${LH_CHECKSUMS:-true}" + LH_CHECKSUMS="${LH_CHECKSUMS:-md5}" # Setting chroot option LH_CHROOT_BUILD="${LH_CHROOT_BUILD:-true}" diff --git a/helpers/binary_checksums b/helpers/binary_checksums index 2c507ad..dd8d369 100755 --- a/helpers/binary_checksums +++ b/helpers/binary_checksums @@ -23,13 +23,11 @@ Arguments "${@}" Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults -if [ "${LH_CHECKSUMS}" != "true" ] || [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ] +if [ "${LH_CHECKSUMS}" = "none" ] || [ "${LH_BINARY_IMAGES}" = "virtual-hdd" ] then exit 0 fi -Echo_message "Begin creating binary md5sum.txt..." - # Requiring stage file Require_stagefile .stage/config .stage/bootstrap @@ -42,31 +40,44 @@ Check_lockfile .lock # Creating lock file Create_lockfile .lock -# Remove old md5sums -if [ -f binary/md5sum.txt ] -then - rm -f binary/md5sum.txt -fi - -# Calculating md5sums -cd binary -find . -type f \! -path './isolinux/isolinux.bin' \! -path './boot/grub/stage2_eltorito' -print0 | sort -z | xargs -0 md5sum > ../md5sum.txt - -cat > md5sum.txt << EOF -This file contains the list of md5 checksums of all files on this medium. +for CHECKSUM in ${LH_CHECKSUMS} +do + Echo_message "Begin creating binary ${CHECKSUM}sum.txt..." + + # Remove old checksums + if [ -f binary/${CHECKSUM}sum.txt ] + then + rm -f binary/${CHECKSUM}sum.txt + fi + + # Calculating checksums + cd binary + find . -type f \ + \! -path './isolinux/isolinux.bin' \ + \! -path './boot/grub/stage2_eltorito' \ + \! -path './md5sum.txt' \ + \! -path './sha1sum.txt' \ + \! -path './sha256sum.txt' \ + -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUM}sum.txt + +cat > ${CHECKSUM}sum.txt << EOF +This file contains the list of ${CHECKSUM} checksums of all files on this medium. You can verify them automatically with the 'integrity-check' boot parameter, -or, manually with: 'md5sum -c md5sum.txt'. +or, manually with: '${CHECKSUM}sum -c ${CHECKSUM}sum.txt'. EOF -cat ../md5sum.txt >> md5sum.txt -rm -f ../md5sum.txt + cat ../${CHECKSUM}sum.txt >> ${CHECKSUM}sum.txt + rm -f ../${CHECKSUM}sum.txt + + cd "${OLDPWD}" +done # File list +cd binary find . | sed -e 's|^.||g' | grep "^/" | sort > ../binary.list - cd "${OLDPWD}" # Creating stage file diff --git a/helpers/config b/helpers/config index a341af6..b9053d5 100755 --- a/helpers/config +++ b/helpers/config @@ -52,7 +52,7 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\ \t [--cache-indices true|false]\n\ \t [--cache-packages true|false]\n\ \t [--cache-stages STAGE|\"STAGES\"]\n\ -\t [--checksums true|false]\n\ +\t [--checksums md5|sha1|sha256|none]\n\ \t [--chroot-build true|false]\n\ \t [--chroot-filesystem ext2|ext3|squashfs|plain|jffs2]\n\ \t [-c|--conffile FILE]\n\ diff --git a/helpers/source_checksums b/helpers/source_checksums index 31895db..972b404 100755 --- a/helpers/source_checksums +++ b/helpers/source_checksums @@ -1,6 +1,6 @@ #!/bin/sh -# lh_source_checksums(1) - create source checksumss +# lh_source_checksums(1) - create source checksums # Copyright (C) 2006-2010 Daniel Baumann # # live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. @@ -23,18 +23,11 @@ Arguments "${@}" Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults -if [ "${LH_SOURCE}" != "true" ] +if [ "${LH_CHECKSUMS}" = "none" ] || [ "${LH_SOURCE}" != "true" ] then exit 0 fi -if [ "${LH_CHECKSUMS}" != "true" ] -then - exit 0 -fi - -Echo_message "Begin creating source md5sum.txt..." - # Requiring stage file Require_stagefile .stage/config .stage/source_debian @@ -47,31 +40,42 @@ Check_lockfile .lock # Creating lock file Create_lockfile .lock -# Remove old md5sums -if [ -f source/md5sum.txt ] -then - rm -f source/md5sum.txt -fi +for CHECKSUM in ${LH_CHECKSUMS} +do + Echo_message "Begin creating source ${CHECKSUM}sum.txt..." -# Calculating md5sums -cd source -find . -type f -print0 | sort -z | xargs -0 md5sum > ../md5sum.txt + # Remove old checksums + if [ -f source/${CHECKSUM}sum.txt ] + then + rm -f source/${CHECKSUM}sum.txt + fi + + # Calculating checksums + cd source + find . -type f \ + \! -path './md5sum.txt' \ + \! -path './sha1sum.txt' \ + \! -path './sha256sum.txt' \ + -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUM}sum.txt -cat > md5sum.txt << EOF -This file contains the list of md5 checksums of all files on this medium. +cat > ${CHECKSUM}sum.txt << EOF +This file contains the list of ${CHECKSUM} checksums of all files on this medium. You can verify them automatically with the 'integrity-check' boot parameter, -or, manually with: 'md5sum -c md5sum.txt'. +or, manually with: '${CHECKSUM}sum -c ${CHECKSUM}sum.txt'. EOF -cat ../md5sum.txt >> md5sum.txt -rm -f ../md5sum.txt + cat ../${CHECKSUM}sum.txt >> ${CHECKSUM}sum.txt + rm -f ../${CHECKSUM}sum.txt + + cd "${OLDPWD}" +done # File list +cd source find . | sed -e 's|^.||g' | grep "^/" | sort > ../source.list - cd "${OLDPWD}" # Creating stage file diff --git a/manpages/lh_config.en.1 b/manpages/lh_config.en.1 index 1d5985d..c8ec667 100644 --- a/manpages/lh_config.en.1 +++ b/manpages/lh_config.en.1 @@ -54,7 +54,7 @@ lh_config \- create configuration for live\-helper .br [\fB\-\-cache\-stages\fR \fISTAGE\fR|\fI"STAGES"\fR] .br - [\fB\-\-checksums\fR true|false] + [\fB\-\-checksums\fR md5|sha1|sha256|none] .br [\fB\-\-chroot\-build\fR true|false] .br @@ -258,8 +258,8 @@ defines if downloaded package indices and lists should be cached which is false defines if downloaded packages files should be cached which is true by default. Disabling it does save space consumtion in your build directory, but remember that you will cause much unnecessary traffic if you do a couple of rebuilds. In general you should always leave it true, however, in some particular rare build setups, it can be faster to refetch packages from the local network mirror rather than to utilize the local disk. .IP "\fB\-\-cache\-stages\fR true|false|\fISTAGE\fR|""\fISTAGES\fR""" 4 sets which stages should be cached. By default set to bootstrap. As an exception to the normal stage names, also rootfs can be used here which does only cache the generated root filesystem in filesystem.{dir,ext*,squashfs}. This is useful during development if you want to rebuild the binary stage but not regenerate the root filesystem all the time. -.IP "\fB\-\-checksums\fR true|false|md5|sha1|sha256" 4 -defines if the binary image should contain a file called md5sums.txt, sha1sums.txt or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live-initramfs' built-in integrity-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums. +.IP "\fB\-\-checksums\fR md5|sha1|sha256|none" 4 +defines if the binary image should contain a file called md5sums.txt, sha1sums.txt and/or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live-initramfs' built-in integrity-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums. .IP "\fB\-\-chroot\-build\fR true|false" 4 defines whetever live-helper should use the tools from within the chroot to build the binary image or not by using and including the host systems tools. This is a very dangerous option, using the tools of the host system can lead to tainted and even non-bootable images if the host systems version of the required tools (mainly these are the bootloaders such as syslinux, grub and yaboot, and the auxilliary tools such as dosfstools, genisoimage, squashfs-tools and others) do not \fBexactely\fR match what is present at build-time in the target distribution. Never do disable this option unless you are \fBexactely\fR sure what you are doing and have \fBcompletely\fI understood its consequences. .IP "\fB\-\-chroot\-filesystem\fR ext2|ext3|squashfs|plain|jffs2" 4 -- cgit v1.0