V8.13.392.2025.11.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-11-08 00:16:35 +01:00
parent 95c8d5da7d
commit 36852e1924
1 changed files with 24 additions and 31 deletions
--- a/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums
+++ b/config/includes.chroot/usr/lib/live/boot/0030-verify-checksums
@@ -81,24 +81,20 @@ Verify_checksums() {
    log_begin_msg "Verifying integrity of '0030-verify-checksums' ..."
    printf "\n"
-    CDLB_SCRIPT="$(basename "${0}")"
+    CDLB_SCRIPT="0030-verify-checksums"
    CDLB_SHA="sha512"
    CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_ITEM="" CDLB_SIG_FILE=""
-    for CDLB_ITEM in ${CDLB_SHA}; do
+    CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_SHA}"
      CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_ITEM}"
    CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
-      CDLB_CMD="${CDLB_ITEM}sum"
+    CDLB_CMD="/bin/${CDLB_ITEM}sum"
    printf "Verifying signature of: [%s]\n" "${CDLB_HASHFILE}"
-      if ! gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
+    if ! /bin/gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
      printf "Signature verification failed for: [%s]\n" "${CDLB_HASHFILE}"
-        sleep 8
+      sleep 16
        # TODO: Remove debug mode
        # return 0
    else
@@ -106,23 +102,20 @@ Verify_checksums() {
    fi
-      printf "Recomputing hash for: [%s]\n" "${CDLB_ITEM}"
+    printf "Recomputing hash for: [%s]\n" "${CDLB_SHA}"
-      CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first rest || exit 1; printf '%s\n' "${first}"; })
+    CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first _ || exit 1; printf '%s\n' "${first}"; })
-      read -r CDLB_EXPECTED < "${CDLB_HASHFILE}"
+    IFS=' ' read -r CDLB_EXPECTED _ < "${CDLB_HASHFILE}"
    if [ "${CDLB_COMPUTED}" != "${CDLB_EXPECTED}" ]; then
-        printf "Recomputed hash mismatch for: [%s]\n" "${CDLB_ITEM}"
+      printf "Recomputed hash mismatch for: [sha512] failed \n"
-        sleep 8
+      sleep 16
-        # TODO: Remove debug mode
+      panic  "Recomputed hash mismatch for: [sha512] failed."
        # return 0
    fi
-      printf "Hash verification successful for: [%s]\n" "${CDLB_ITEM}"
+    printf "Hash verification successful for: [%s]\n" "${CDLB_SHA}"
    done
    printf "Verifying integrity of '0030-verify-checksums' successfully completed. Proceeding."
@@ -187,23 +180,23 @@ Verify_checksums() {
  case "${_RETURN_PGP},${_RETURN_SHA}" in
-    0,0)
+    "0,0")
      log_success_msg "Verification of signature AND checksum file successful; continuing booting in 8 seconds."
      sleep 8
      return 0
      ;;
-    na,0)
+    "na,0")
      log_success_msg "Verification of checksum file successful; continuing booting in 8 seconds."
      sleep 8
      return 0
      ;;
-    *,0)
+    *",0")
      panic "Verification of signature file failed while verification of checksum file successful."
      ;;
-    na,*)
+    "na,"*)
      panic "Verification of checksum file failed."
      ;;