diff --git a/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums b/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums index 63d9d29..5fcf0e1 100644 --- a/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums +++ b/config/includes.chroot/usr/lib/live/boot/0030-ciss-verify-checksums @@ -89,9 +89,20 @@ Verify_checksums() { _KEYFILE="" + _MANIFEST_FOUND="false" + _MP="" + _RETURN_PGP="" + + _RETURN_SHA="" + + _VERIFICATION_EXECUTED="false" + + _VERIFICATION_SUCCEEDED="false" + ### Parse commandline arguments ---------------------------------------------------------------------------------------------- + # shellcheck disable=SC2154 for _PARAMETER in ${LIVE_BOOT_CMDLINE}; do case "${_PARAMETER}" in @@ -244,10 +255,12 @@ Verify_checksums() { if [ -e "${_CHECKSUM}" ]; then + _MANIFEST_FOUND="true" log_in "Found: [${_CHECKSUM}] ..." if [ -e "/usr/bin/${_DIGEST}sum" ]; then + _VERIFICATION_EXECUTED="true" log_in "Found: [/usr/bin/${_DIGEST}sum] ..." if [ "${LIVE_VERIFY_CHECKSUMS_SIGNATURES}" = "true" ]; then @@ -279,6 +292,7 @@ Verify_checksums() { if grep -v '^#' "${_CHECKSUM}" | LC_ALL=C /usr/bin/"${_DIGEST}"sum -c > "${_CHECKSUM_LOG}" 2>&1; then _RETURN_SHA="${?}" + _VERIFICATION_SUCCEEDED="true" cat "${_CHECKSUM_LOG}" > "${_TTY}" log_ok "Found: [/usr/bin/${_DIGEST}sum] successful verified: [${_CHECKSUM}]" @@ -313,6 +327,33 @@ Verify_checksums() { log_end_msg printf "\n" + if [ "${_MANIFEST_FOUND}" != "true" ]; then + + log_er "No supported checksum manifest found." + sleep 8 + panic "No supported checksum manifest found." + return 1 + + fi + + if [ "${_VERIFICATION_EXECUTED}" != "true" ]; then + + log_er "No supported checksum verification tool was available." + sleep 8 + panic "No supported checksum verification tool was available." + return 1 + + fi + + if [ "${_VERIFICATION_SUCCEEDED}" != "true" ]; then + + log_er "No supported checksum manifest was verified successfully." + sleep 8 + panic "No supported checksum manifest was verified successfully." + return 1 + + fi + case "${_RETURN_PGP},${_RETURN_SHA}" in "0,0") @@ -331,18 +372,28 @@ Verify_checksums() { log_er "Verification of [GPG signature] file successful, while verification of [sha checksum] file failed." sleep 8 panic "Verification of [GPG signature] file successful, while verification of [sha checksum] file failed." + return 1 ;; *",0") log_er "Verification of [GPG signature] file failed, while verification of [sha checksum] file successful." sleep 8 panic "Verification of [GPG signature] file failed, while verification of [sha checksum] file successful." + return 1 ;; "na,"*) log_er "Verification of [sha checksum] file failed." sleep 8 panic "Verification of [sha checksum] file failed." + return 1 + ;; + + *) + log_er "Checksum verification ended in an unsupported state." + sleep 8 + panic "Checksum verification ended in an unsupported state." + return 1 ;; esac diff --git a/scripts/usr/lib/live/boot/0030-ciss-verify-checksums b/scripts/usr/lib/live/boot/0030-ciss-verify-checksums index 8bc8a80..8578df9 100644 --- a/scripts/usr/lib/live/boot/0030-ciss-verify-checksums +++ b/scripts/usr/lib/live/boot/0030-ciss-verify-checksums @@ -48,9 +48,20 @@ Verify_checksums() { _KEYFILE="" + _MANIFEST_FOUND="false" + _MP="" + _RETURN_PGP="" + + _RETURN_SHA="" + + _VERIFICATION_EXECUTED="false" + + _VERIFICATION_SUCCEEDED="false" + ### Parse commandline arguments ---------------------------------------------------------------------------------------------- + # shellcheck disable=SC2154 for _PARAMETER in ${LIVE_BOOT_CMDLINE}; do case "${_PARAMETER}" in @@ -203,10 +214,12 @@ Verify_checksums() { if [ -e "${_CHECKSUM}" ]; then + _MANIFEST_FOUND="true" printf "\e[95m[INFO] Found: [%s] ... \n\e[0m" "${_CHECKSUM}" if [ -e "/usr/bin/${_DIGEST}sum" ]; then + _VERIFICATION_EXECUTED="true" printf "\e[95m[INFO] Found: [%s] ... \n\e[0m" "/usr/bin/${_DIGEST}sum" if [ "${LIVE_VERIFY_CHECKSUMS_SIGNATURES}" = "true" ]; then @@ -237,6 +250,7 @@ Verify_checksums() { if grep -v '^#' "${_CHECKSUM}" | /usr/bin/"${_DIGEST}"sum -c > "${_TTY}"; then _RETURN_SHA="${?}" + _VERIFICATION_SUCCEEDED="true" printf "\e[92m[INFO] Found: [%s] successful verified: [%s] \n\e[0m" "/usr/bin/${_DIGEST}sum" "${_CHECKSUM}" else @@ -265,6 +279,33 @@ Verify_checksums() { log_end_msg printf "\n" + if [ "${_MANIFEST_FOUND}" != "true" ]; then + + printf "\e[91m[FATAL] No supported checksum manifest found. \n\e[0m" + sleep 8 + panic "No supported checksum manifest found." + return 1 + + fi + + if [ "${_VERIFICATION_EXECUTED}" != "true" ]; then + + printf "\e[91m[FATAL] No supported checksum verification tool was available. \n\e[0m" + sleep 8 + panic "No supported checksum verification tool was available." + return 1 + + fi + + if [ "${_VERIFICATION_SUCCEEDED}" != "true" ]; then + + printf "\e[91m[FATAL] No supported checksum manifest was verified successfully. \n\e[0m" + sleep 8 + panic "No supported checksum manifest was verified successfully." + return 1 + + fi + case "${_RETURN_PGP},${_RETURN_SHA}" in "0,0") @@ -288,6 +329,7 @@ Verify_checksums() { printf "\e[91m[FATAL] CDLB modified: [%s] done. \n\e[0m" "${CDLB_SCRIPT_FULL}" sleep 8 panic "Verification of [GPG signature] file successful, while verification of [sha checksum] file failed." + return 1 ;; *",0") @@ -295,6 +337,7 @@ Verify_checksums() { printf "\e[91m[FATAL] CDLB modified: [%s] done. \n\e[0m" "${CDLB_SCRIPT_FULL}" sleep 8 panic "Verification of [GPG signature] file failed, while verification of [sha checksum] file successful." + return 1 ;; "na,"*) @@ -302,6 +345,14 @@ Verify_checksums() { printf "\e[91m[FATAL] CDLB modified: [%s] done. \n\e[0m" "${CDLB_SCRIPT_FULL}" sleep 8 panic "Verification of checksum file failed." + return 1 + ;; + + *) + printf "\e[91m[FATAL] Checksum verification ended in an unsupported state. \n\e[0m" + sleep 8 + panic "Checksum verification ended in an unsupported state." + return 1 ;; esac