Marc S. Weidner
b9c91423dd
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 59s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
148 lines
4.6 KiB
Bash
148 lines
4.6 KiB
Bash
#!/bin/sh
|
|
# bashsupport disable=BP5007
|
|
# shellcheck shell=sh
|
|
|
|
# SPDX-Version: 3.0
|
|
# SPDX-CreationInfo: 2025-10-26; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
|
|
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
|
# SPDX-FileCopyrightText: 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
|
|
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-FileType: SOURCE
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
|
# SPDX-PackageName: CISS.debian.live.builder
|
|
# SPDX-Security-Contact: security@coresecret.eu
|
|
|
|
## Modified Version of the original file:
|
|
|
|
## live-build(7) - System Build Scripts
|
|
## Copyright (C) 2016-2020 The Debian Live team
|
|
## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
|
|
##
|
|
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
|
|
## This is free software, and you are welcome to redistribute it
|
|
## under certain conditions; see COPYING for details.
|
|
|
|
set -e
|
|
|
|
### Including common functions.
|
|
if [ -e "${LIVE_BUILD}/scripts/build.sh" ]; then
|
|
. "${LIVE_BUILD}/scripts/build.sh"
|
|
else
|
|
. /usr/lib/live/build.sh
|
|
fi
|
|
|
|
### Setting static variables.
|
|
# shellcheck disable=SC2034
|
|
DESCRIPTION="[CDLB] Create binary checksums and PGP signature files."
|
|
# shellcheck disable=SC2034
|
|
USAGE="${PROGRAM} [--force]"
|
|
|
|
### Processing arguments and configuration files.
|
|
Init_config_data "${@}"
|
|
|
|
if [ "${LB_CHECKSUMS}" = "none" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
|
|
### The checksums will be generated by binary_iso.
|
|
exit 0
|
|
fi
|
|
|
|
### Requiring stage file.
|
|
Require_stagefiles config bootstrap
|
|
|
|
### Checking stage file.
|
|
Check_stagefile
|
|
|
|
### Acquire a lock file.
|
|
Acquire_lockfile
|
|
|
|
CHECKSUM=""
|
|
|
|
for CHECKSUM in ${LB_CHECKSUMS}; do
|
|
|
|
CHECKSUMS="${CHECKSUM}sum.txt"
|
|
|
|
Echo_message "Begin creating binary ${CHECKSUMS} ..."
|
|
|
|
### Remove old checksums.
|
|
# shellcheck disable=SC2292
|
|
if [ -f "binary/${CHECKSUMS}" ]; then
|
|
|
|
rm -f "binary/${CHECKSUMS}"
|
|
|
|
fi
|
|
|
|
### Calculating checksums.
|
|
cd binary
|
|
# shellcheck disable=SC2312
|
|
find . -type f \
|
|
\! -path './isolinux/isolinux.bin' \
|
|
\! -path './boot/boot.bin' \
|
|
\! -path './boot/grub/stage2_eltorito' \
|
|
\! -path './*SUMS' \
|
|
\! -path './*sum.txt' \
|
|
\! -path './*sum.README' \
|
|
\! -path './*asc' \
|
|
\! -path './*gpg' \
|
|
\! -path './*sig' \
|
|
-print0 | LC_ALL=C sort -z | xargs -0 "${CHECKSUM}sum" >| "${CHECKSUMS}"
|
|
Echo_message "Begin creating binary ${CHECKSUMS} done."
|
|
|
|
Echo_message "Begin verifying binary ${CHECKSUMS} ..."
|
|
"${CHECKSUM}sum" -c --strict --quiet "${CHECKSUMS}"
|
|
Echo_message "Begin verifying binary ${CHECKSUMS} done."
|
|
|
|
if [ "${VAR_SIGNER}" = "true" ]; then
|
|
|
|
Echo_message "Begin creating GPG binary signature ${CHECKSUMS} ..."
|
|
gpg --batch --yes --pinentry-mode loopback --passphrase-file "${VAR_SIGNING_KEY_PASSFILE}" --local-user "${VAR_SIGNING_KEY_FPR}" \
|
|
--detach-sign --output "${CHECKSUMS}.sig" "${CHECKSUMS}"
|
|
Echo_message "Begin creating GPG binary signature ${CHECKSUMS} done."
|
|
|
|
Echo_message "Begin verifying GPG binary signature ${CHECKSUMS} ..."
|
|
gpgv --keyring "${VAR_VERIFY_KEYRING}" "${CHECKSUMS}.sig" "${CHECKSUMS}"
|
|
Echo_message "Begin verifying GPG binary signature ${CHECKSUMS} done."
|
|
|
|
fi
|
|
|
|
Echo_message "Begin creating '${CHECKSUM}sum.README' ..."
|
|
cat << EOF >| "${CHECKSUM}sum.README"
|
|
# SPDX-Version: 3.0
|
|
# SPDX-CreationInfo: ${VAR_DATE}; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
|
|
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
|
|
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
|
|
# SPDX-FileType: SOURCE
|
|
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
|
|
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
|
|
# SPDX-PackageName: CISS.debian.live.builder
|
|
# SPDX-Security-Contact: security@coresecret.eu
|
|
|
|
The file ${CHECKSUMS} contains the ${CHECKSUM} checksums of all files on this medium.
|
|
|
|
You can verify them automatically with the 'verify-checksums' boot parameter, or, manually with:
|
|
${CHECKSUM}sum -c ${CHECKSUMS}
|
|
|
|
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=text
|
|
EOF
|
|
Echo_message "Begin creating '${CHECKSUM}sum.README' done."
|
|
|
|
cd "${OLDPWD}"
|
|
|
|
done
|
|
|
|
### File list.
|
|
cd binary
|
|
# shellcheck disable=SC2312
|
|
find . | sed -e 's|^.||g' | grep "^/" | LC_ALL=C sort > ../"${LB_IMAGE_NAME}-${LB_ARCHITECTURE}.contents"
|
|
cd "${OLDPWD}"
|
|
|
|
### Creating a stage file.
|
|
Create_stagefile
|
|
|
|
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
|