V8.13.400.2025.11.08
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 45m25s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m9s
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m11s
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 45m25s
💙 Generating a PUBLIC Live ISO. / 💙 Generating a PUBLIC Live ISO. (push) Failing after 1m9s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -102,22 +102,20 @@ Verify_checksums() {
|
||||
### CDLB verification of script integrity itself -----------------------------------------------------------------------------
|
||||
if [ "${LIVE_VERIFY_CHECKSUMS_SIGNATURES}" = "true" ]; then
|
||||
|
||||
log_begin_msg "Verifying integrity of: [0030-verify-checksums] "
|
||||
log_begin_msg "Verifying integrity of: [0030-verify-checksums]"
|
||||
printf "\n"
|
||||
printf "\e[95m[INFO] Verifying integrity of: [0030-verify-checksums] ... \n\e[0m"
|
||||
|
||||
_CAND=""
|
||||
CDLB_SCRIPT_SELF="" CDLB_CMD="" CDLB_COMPUTED="" CDLB_EXPECTED="" CDLB_HASHFILE="" CDLB_SIG_FILE=""
|
||||
|
||||
CDLB_CMD="/usr/bin/sha512sum"
|
||||
CDLB_SHA="sha512"
|
||||
|
||||
for _CAND in /scripts/live-bottom/0030-verify-checksums /usr/lib/live/boot/0030-verify-checksums; do
|
||||
|
||||
[ -e "${_CAND}" ] && { CDLB_SCRIPT_SELF="${_CAND}"; break; }
|
||||
|
||||
done
|
||||
[ -n "${CDLB_SCRIPT_SELF}" ] || { echo "cannot locate 0030-verify-checksums"; exit 1; }
|
||||
|
||||
CDLB_CMD="/usr/bin/sha512sum"
|
||||
CDLB_SHA="sha512"
|
||||
|
||||
CDLB_SCRIPT_FILE="${CDLB_SCRIPT_SELF##*/}"
|
||||
CDLB_SCRIPT_PATH="${CDLB_SCRIPT_SELF%/*}"
|
||||
@@ -125,13 +123,16 @@ Verify_checksums() {
|
||||
CDLB_HASHFILE="${CDLB_SCRIPT_FILE}.${CDLB_SHA}sum.txt"
|
||||
CDLB_SIG_FILE="${CDLB_HASHFILE}.sig"
|
||||
|
||||
|
||||
printf "\e[95m[INFO] Verifying integrity of: [%s] ... \n\e[0m" "${CDLB_SCRIPT_FULL}"
|
||||
|
||||
printf "\e[95m[INFO] Verifying signature of: [%s] ... \n\e[0m" "${CDLB_SIG_FILE}"
|
||||
|
||||
if ! /usr/bin/gpgv --no-default-keyring --keyring "${_KEYFILE}" --status-fd 1 "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
|
||||
if ! /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${CDLB_SIG_FILE}" "${CDLB_HASHFILE}"; then
|
||||
|
||||
printf "\e[91m[FATAL] Verifying signature of: [%s] failed. \n\e[0m" "${CDLB_SIG_FILE}"
|
||||
sleep 16
|
||||
# TODO panic "[FATAL] Verifying signature of: [0030-verify-checksums.sha512sum.txt.sig] failed. "
|
||||
panic "[FATAL] Verifying signature of: [${CDLB_SIG_FILE}] failed."
|
||||
|
||||
else
|
||||
|
||||
@@ -148,12 +149,12 @@ Verify_checksums() {
|
||||
|
||||
printf "\e[91m[FATAL] Recomputing hash for: [%s] failed. \n\e[0m" "${CDLB_SHA}"
|
||||
sleep 16
|
||||
# TODO panic "[FATAL] Recomputing hash for: [sha512] failed."
|
||||
panic "[FATAL] Recomputing hash for: [${CDLB_SHA}] failed."
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[92m[INFO] Recomputing hash for: [%s] successful. \n\e[0m" "${CDLB_SHA}"
|
||||
printf "\e[92m[INFO] Verification of authenticity and integrity of [%s] successfully completed. \n\e[0m" "${CDLB_SHA}"
|
||||
printf "\e[92m[INFO] Verification of authenticity and integrity of [%s] successfully completed. \n\e[0m" "${CDLB_SCRIPT_FULL}"
|
||||
log_end_msg
|
||||
printf "\n"
|
||||
|
||||
@@ -174,22 +175,29 @@ Verify_checksums() {
|
||||
|
||||
if [ -e "${_CHECKSUM}" ]; then
|
||||
|
||||
printf "\e[95m[INFO] Found [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
printf "\e[95m[INFO] Found: [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
if [ -e "/usr/bin/${_DIGEST}sum" ]; then
|
||||
|
||||
printf "\e[95m[INFO] Found [%s] ... \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
printf "\e[95m[INFO] Found: [%s] ... \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
|
||||
if [ "${LIVE_VERIFY_CHECKSUMS_SIGNATURES}" = "true" ]; then
|
||||
|
||||
printf "\e[95m[INFO] Checking signature of [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
printf "\e[95m[INFO] Checking signature of: [%s] ... \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
_CHECKSUM_SIGNATURE="${_CHECKSUM}.sig"
|
||||
|
||||
/usr/bin/gpgv --no-default-keyring --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"
|
||||
_RETURN_PGP="${?}"
|
||||
if /usr/bin/gpgv --keyring "${_KEYFILE}" --status-fd 1 "${_CHECKSUM_SIGNATURE}" "${_CHECKSUM}"; then
|
||||
|
||||
printf "\e[92m[INFO] Checking signature of [%s] successful. \n\e[0m" "${_CHECKSUM}"
|
||||
_RETURN_PGP="${?}"
|
||||
printf "\e[92m[INFO] Checking signature of: [%s] successful. \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
else
|
||||
|
||||
_RETURN_PGP="${?}"
|
||||
printf "\e[91m[FATAL] Checking signature of: [%s] failed. \n\e[0m" "${_CHECKSUM}"
|
||||
|
||||
fi
|
||||
|
||||
else
|
||||
|
||||
@@ -197,17 +205,25 @@ Verify_checksums() {
|
||||
|
||||
fi
|
||||
|
||||
printf "\e[92m[INFO] Found [%s] done. \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
|
||||
# shellcheck disable=SC2312
|
||||
grep -v '^#' "${_CHECKSUM}" | /bin/"${_DIGEST}"sum -c > "${_TTY}"
|
||||
_RETURN_SHA="${?}"
|
||||
if grep -v '^#' "${_CHECKSUM}" | /usr/bin/"${_DIGEST}"sum -c > "${_TTY}"; then
|
||||
|
||||
_RETURN_SHA="${?}"
|
||||
printf "\e[92m[INFO] Found: [%s] successful done, for: [%s] \n\e[0m" "/usr/bin/${_DIGEST}sum" "${_CHECKSUM}"
|
||||
|
||||
else
|
||||
|
||||
_RETURN_SHA="${?}"
|
||||
printf "\e[91m[FATAL] Found: [%s] failed, for: [%s] \n\e[0m" "/usr/bin/${_DIGEST}sum" "${_CHECKSUM}"
|
||||
|
||||
fi
|
||||
|
||||
# Stop after the first verification.
|
||||
break 2
|
||||
|
||||
else
|
||||
|
||||
_RETURN_SHA="255"
|
||||
printf "\e[93m[WARN] NOT Found [%s]. \n\e[0m" "/usr/bin/${_DIGEST}sum"
|
||||
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user