diff --git a/.gitea/workflows/generate_PRIVATE_trixie_0.yaml b/.gitea/workflows/generate_PRIVATE_trixie_0.yaml index 00e25fd..16431ba 100644 --- a/.gitea/workflows/generate_PRIVATE_trixie_0.yaml +++ b/.gitea/workflows/generate_PRIVATE_trixie_0.yaml @@ -271,14 +271,14 @@ jobs: run: | set -euo pipefail - if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then + if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" exit 1 else - VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) + VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso) VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" @@ -300,14 +300,14 @@ jobs: - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. run: | - if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then + if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" exit 1 else - VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) + VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso) VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" diff --git a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml index c960c81..d0165a0 100644 --- a/.gitea/workflows/generate_PRIVATE_trixie_1.yaml +++ b/.gitea/workflows/generate_PRIVATE_trixie_1.yaml @@ -268,14 +268,14 @@ jobs: run: | set -euo pipefail - if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then + if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" exit 1 else - VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) + VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso) VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" @@ -297,14 +297,14 @@ jobs: - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. run: | - if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then + if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" exit 1 else - VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) + VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso) VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" diff --git a/.gitea/workflows/generate_PUBLIC_iso.yaml b/.gitea/workflows/generate_PUBLIC_iso.yaml index c794dbe..6cbfde3 100644 --- a/.gitea/workflows/generate_PUBLIC_iso.yaml +++ b/.gitea/workflows/generate_PUBLIC_iso.yaml @@ -241,14 +241,14 @@ jobs: run: | set -euo pipefail - if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then + if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" exit 1 else - VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) + VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso) VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" @@ -270,14 +270,14 @@ jobs: - name: 🔑 Generating a sha512 Hash of ISO, signing with the 'CI PGP DEPLOY ONLY' key, generate a success message file. run: | - if [[ $(ls /opt/cdlb/livebuild/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then + if [[ $(ls /opt/cdlb/*.iso 2>/dev/null | wc -l) -ne 1 ]]; then echo "❌ There must be exactly one .iso file in the directory!" exit 1 else - VAR_ISO_FILE_PATH=$(ls /opt/cdlb/livebuild/*.iso) + VAR_ISO_FILE_PATH=$(ls /opt/cdlb/*.iso) VAR_ISO_FILE_NAME=$(basename "${VAR_ISO_FILE_PATH}") echo "✅ ISO file found: ${VAR_ISO_FILE_NAME}" diff --git a/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums b/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums index 3d4cd8b..f33023e 100644 --- a/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums +++ b/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums @@ -83,41 +83,42 @@ Verify_checksums() { CDLB_SCRIPT="0030-verify-checksums" CDLB_SHA="sha512" - CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_ITEM="" CDLB_SIG_FILE="" + CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_SIG_FILE="" CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_SHA}" CDLB_SIG_FILE="${CDLB_HASHFILE}.sig" - CDLB_CMD="/bin/${CDLB_ITEM}sum" + CDLB_CMD="/bin/sha512sum" printf "Verifying signature of: [%s]\n" "${CDLB_HASHFILE}" if ! /bin/gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then - printf "Signature verification failed for: [%s]\n" "${CDLB_HASHFILE}" + printf "[PANIC] Signature verification failed for: [0030-verify-checksums.sha512]\n" sleep 16 + # TODO panic "[PANIC] Signature verification failed for: [0030-verify-checksums.sha512]" else - printf "Signature verification successful for: [%s]\n" "${CDLB_HASHFILE}" + printf "Signature verification successful for: [0030-verify-checksums.sha512]\n" fi - printf "Recomputing hash for: [%s]\n" "${CDLB_SHA}" + printf "Recomputing hash for: [sha512]\n" CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first _ || exit 1; printf '%s\n' "${first}"; }) IFS=' ' read -r CDLB_EXPECTED _ < "${CDLB_HASHFILE}" if [ "${CDLB_COMPUTED}" != "${CDLB_EXPECTED}" ]; then - printf "Recomputed hash mismatch for: [sha512] failed \n" + printf "[PANIC] Recomputing hash for: [sha512] failed.\n" sleep 16 - panic "Recomputed hash mismatch for: [sha512] failed." + # TODO panic "[PANIC] Recomputing hash for: [sha512] failed." fi - printf "Hash verification successful for: [%s]\n" "${CDLB_SHA}" + printf "Hash verification successful for: [sha512]\n" - printf "Verifying integrity of '0030-verify-checksums' successfully completed. Proceeding." + printf "Verification of authenticity and integrity of '0030-verify-checksums' successfully completed. Proceeding." log_end_msg printf "\n"