V8.13.392.2025.11.07

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

config/includes.chroot/usr/lib/live/boot/0030-verify-checksums

@@ -81,48 +81,41 @@ Verify_checksums() {
     log_begin_msg "Verifying integrity of '0030-verify-checksums' ..."
     printf "\n"
 
-    CDLB_SCRIPT="$(basename "${0}")"
+    CDLB_SCRIPT="0030-verify-checksums"
     CDLB_SHA="sha512"
     CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_ITEM="" CDLB_SIG_FILE=""
 
-    for CDLB_ITEM in ${CDLB_SHA}; do
+    CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_SHA}"
+    CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
+    CDLB_CMD="/bin/${CDLB_ITEM}sum"
 
-      CDLB_HASHFILE="${CDLB_SCRIPT}.${CDLB_ITEM}"
+    printf "Verifying signature of: [%s]\n" "${CDLB_HASHFILE}"
-      CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
-      CDLB_CMD="${CDLB_ITEM}sum"
 
-      printf "Verifying signature of: [%s]\n" "${CDLB_HASHFILE}"
+    if ! /bin/gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
 
-      if ! gpgv --keyring 0030-verify-checksums_public.gpg "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
+      printf "Signature verification failed for: [%s]\n" "${CDLB_HASHFILE}"
+      sleep 16
 
-        printf "Signature verification failed for: [%s]\n" "${CDLB_HASHFILE}"
+    else
-        sleep 8
-        # TODO: Remove debug mode
-        # return 0
 
-      else
+      printf "Signature verification successful for: [%s]\n" "${CDLB_HASHFILE}"
 
-        printf "Signature verification successful for: [%s]\n" "${CDLB_HASHFILE}"
+    fi
 
-      fi
+    printf "Recomputing hash for: [%s]\n" "${CDLB_SHA}"
 
-      printf "Recomputing hash for: [%s]\n" "${CDLB_ITEM}"
+    CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first _ || exit 1; printf '%s\n' "${first}"; })
+    IFS=' ' read -r CDLB_EXPECTED _ < "${CDLB_HASHFILE}"
 
-      CDLB_COMPUTED=$("${CDLB_CMD}" "${CDLB_SCRIPT}" | { read -r first rest || exit 1; printf '%s\n' "${first}"; })
+    if [ "${CDLB_COMPUTED}" != "${CDLB_EXPECTED}" ]; then
-      read -r CDLB_EXPECTED < "${CDLB_HASHFILE}"
 
-      if [ "${CDLB_COMPUTED}" != "${CDLB_EXPECTED}" ]; then
+      printf "Recomputed hash mismatch for: [sha512] failed \n"
+      sleep 16
+      panic  "Recomputed hash mismatch for: [sha512] failed."
 
-        printf "Recomputed hash mismatch for: [%s]\n" "${CDLB_ITEM}"
+    fi
-        sleep 8
-        # TODO: Remove debug mode
-        # return 0
 
-      fi
+    printf "Hash verification successful for: [%s]\n" "${CDLB_SHA}"
-
-      printf "Hash verification successful for: [%s]\n" "${CDLB_ITEM}"
-
-    done
 
     printf "Verifying integrity of '0030-verify-checksums' successfully completed. Proceeding."
 
@@ -187,23 +180,23 @@ Verify_checksums() {
 
   case "${_RETURN_PGP},${_RETURN_SHA}" in
 
-    0,0)
+    "0,0")
       log_success_msg "Verification of signature AND checksum file successful; continuing booting in 8 seconds."
       sleep 8
       return 0
       ;;
 
-    na,0)
+    "na,0")
       log_success_msg "Verification of checksum file successful; continuing booting in 8 seconds."
       sleep 8
       return 0
       ;;
 
-    *,0)
+    *",0")
       panic "Verification of signature file failed while verification of checksum file successful."
       ;;
 
-    na,*)
+    "na,"*)
       panic "Verification of checksum file failed."
       ;;