msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
b2282d347501a134baec647b49a88a09e41045d537c09dde2053eefa8ee37a4d
CISS.debian.live.builder/config/hooks/live/0002_verify_checksums.chroot
Marc S. Weidner b2282d3475 V8.02.512.2025.05.30 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-05-30 00:28:39 +02:00

145 lines
4.1 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail
printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1
target="/usr/lib/live/boot/0030-verify-checksums"
src="$(mktemp)"
if [[ ! -d /usr/lib/live/boot ]]; then
mkdir -p /usr/lib/live/boot
fi
cat << 'EOF' >| "${src}"
#!/bin/sh
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Changed version of https://salsa.debian.org/live-team/live-boot 'components/0030-verify-checksums'
### In case of successful verification of the offered checksums, proceed with booting, else panic.
### Inside 0002_verify_checksums.chroot ###
#######################################
# Live build ISO with the modified checksum verification script for continuing the boot process.
# Globals:
# LIVE_BOOT_CMDLINE
# LIVE_VERIFY_CHECKSUMS
# LIVE_VERIFY_CHECKSUMS_DIGESTS
# _CHECKSUM
# _CHECKSUMS
# _DIGEST
# _MOUNTPOINT
# _PARAMETER
# _RETURN
# _TTY
# Arguments:
# $1: ${_PARAMETER}
# Returns:
# 0 : Successful Verification
#######################################
Verify_checksums() {
for _PARAMETER in ${LIVE_BOOT_CMDLINE}; do
case "${_PARAMETER}" in
live-boot.verify-checksums=* | verify-checksums=*)
LIVE_VERIFY_CHECKSUMS="true"
LIVE_VERIFY_CHECKSUMS_DIGESTS="${_PARAMETER#*verify-checksums=}"
;;
live-boot.verify-checksums | verify-checksums)
LIVE_VERIFY_CHECKSUMS="true"
;;
esac
done
case "${LIVE_VERIFY_CHECKSUMS}" in
true) ;;
*)
return 0
;;
esac
_MOUNTPOINT="${1}"
LIVE_VERIFY_CHECKSUMS_DIGESTS="${LIVE_VERIFY_CHECKSUMS_DIGESTS:-sha512 sha384 sha256}"
_TTY="/dev/tty8"
log_begin_msg "Verifying checksums"
# shellcheck disable=SC2164
cd "${_MOUNTPOINT}"
for _DIGEST in $(echo "${LIVE_VERIFY_CHECKSUMS_DIGESTS}" | sed -e 's|,| |g'); do
# shellcheck disable=SC2060
_CHECKSUMS="$(echo "${_DIGEST}" | tr [a-z] [A-Z])SUMS ${_DIGEST}sum.txt"
for _CHECKSUM in ${_CHECKSUMS}; do
if [ -e "${_CHECKSUM}" ]; then
echo "Found ${_CHECKSUM}..." > "${_TTY}"
if [ -e "/bin/${_DIGEST}sum" ]; then
echo "Checking ${_CHECKSUM}..." > "${_TTY}"
# Verify checksums
grep -v '^#' "${_CHECKSUM}" | /bin/"${_DIGEST}"sum -c > "${_TTY}"
_RETURN="${?}"
# Stop after the first verification
# break 2
else
echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}"
fi
fi
done
done
log_end_msg
case "${_RETURN}" in
0)
log_success_msg "Verification sha512 sha384 sha256 successful, continuing booting in 10 seconds."
sleep 10
return 0
;;
*)
panic "Verification failed, $(basename ${_TTY}) for more information."
;;
esac
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF
# Copy and make executable
install -Dm755 "${src}" "${target}"
rm -f "${src}"
unset target src
printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
# sleep 1
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
Reference in New Issue View Git Blame Copy Permalink