From: Matt Turner <mattst88@gentoo.org>
To: gentoo-catalyst@lists.gentoo.org
Cc: Matt Turner <mattst88@gentoo.org>
Subject: [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support
Date: Tue, 7 Apr 2020 20:27:49 -0700 [thread overview]
Message-ID: <20200408032753.105267-1-mattst88@gentoo.org> (raw)
BLAKE2 is good and fast. Pentoo is using BLAKE2. There's no need for a
second digest.
Signed-off-by: Matt Turner <mattst88@gentoo.org>
---
examples/livecd-stage2_template.spec | 8 ++++----
targets/support/create-iso.sh | 27 +++++++--------------------
2 files changed, 11 insertions(+), 24 deletions(-)
diff --git a/examples/livecd-stage2_template.spec b/examples/livecd-stage2_template.spec
index 7398c972..4cb94d40 100644
--- a/examples/livecd-stage2_template.spec
+++ b/examples/livecd-stage2_template.spec
@@ -316,11 +316,11 @@ boot/kernel/gentoo/packages:
# boot/kernel/gentoo/console: tty0 ttyS0
boot/kernel/gentoo/console:
-# This feature will make sha512, blake2, or both checksums for every file in the iso (including files provided by livecd/overlay
-# These checksums can be verified at boot using the genkernel option "verify" added to the kernel line.
-# Currently this feature will generate both checksums if livecd/verify is defined to *any* value other than "blake2" or "sha512"
+# Enables the generation of a isoroot_b2sums file containing a BLAKE2 digest of
+# each file in the ISO. When 'livecd/bootargs' contains 'verify' this feature
+# will be used to verify the contents of the ISO at boot time.
# No checksums are generated if this is left commented.
-#livecd/verify: sha512
+#livecd/verify: blake2
# This feature controls the depclean run after fsscript and before unmerge.
# The default is unset, and will run emerge --depclean --with-bdeps=n which results
diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index 9b10b7cf..b0e4d15e 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -94,30 +94,17 @@ else
mkisofs_zisofs_opts=""
fi
-#we want to create a checksum for every file on the iso so we can verify it
-#from genkernel during boot. Here we make a function to create the sha512sums, and blake2sums
+# Generate list of checksums that genkernel can use to verify the contents of
+# the ISO
isoroot_checksum() {
- echo "Creating checksums for all files included in the iso, please wait..."
- if [ -z "${1}" ] || [ "${1}" = "sha512" ]; then
- find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums
- ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_checksums
- fi
- if [ -z "${1}" ] || [ "${1}" = "blake2" ]; then
- find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
- ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
- fi
+ echo ">> Creating checksums for all files included in the ISO"
+ find "${clst_target_path}" -type f ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
+ ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
}
run_mkisofs() {
- if [ -n "${clst_livecd_verify}" ]; then
- if [ "${clst_livecd_verify}" = "sha512" ]; then
- isoroot_checksum sha512
- elif [ "${clst_livecd_verify}" = "blake2" ]; then
- isoroot_checksum blake2
- else
- isoroot_checksum
- fi
- fi
+ [ -n "${clst_livecd_verify}" ] && isoroot_checksum
+
echo "Running \"mkisofs ${@}\""
mkisofs "${@}" || die "Cannot make ISO image"
}
--
2.24.1
next reply other threads:[~2020-04-08 3:28 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 3:27 Matt Turner [this message]
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 2/5] targets: Simplify isoroot_checksum() Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 3/5] targets: Move isoroot verify check into isoroot_checksum() Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 4/5] targets: Support isoroot checksum on more platforms Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 5/5] targets: Use GRUB for BIOS boot Matt Turner
2020-04-08 16:13 ` [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support Brian Dolbec
2020-04-08 17:51 ` Matt Turner
2020-04-08 18:40 ` Brian Dolbec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200408032753.105267-1-mattst88@gentoo.org \
--to=mattst88@gentoo.org \
--cc=gentoo-catalyst@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox