public inbox for gentoo-catalyst@lists.gentoo.org
 help / color / mirror / Atom feed
From: Matt Turner <mattst88@gentoo.org>
To: gentoo-catalyst@lists.gentoo.org
Cc: Matt Turner <mattst88@gentoo.org>
Subject: [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support
Date: Tue,  7 Apr 2020 20:27:49 -0700	[thread overview]
Message-ID: <20200408032753.105267-1-mattst88@gentoo.org> (raw)

BLAKE2 is good and fast. Pentoo is using BLAKE2. There's no need for a
second digest.

Signed-off-by: Matt Turner <mattst88@gentoo.org>
---
 examples/livecd-stage2_template.spec |  8 ++++----
 targets/support/create-iso.sh        | 27 +++++++--------------------
 2 files changed, 11 insertions(+), 24 deletions(-)

diff --git a/examples/livecd-stage2_template.spec b/examples/livecd-stage2_template.spec
index 7398c972..4cb94d40 100644
--- a/examples/livecd-stage2_template.spec
+++ b/examples/livecd-stage2_template.spec
@@ -316,11 +316,11 @@ boot/kernel/gentoo/packages:
 # boot/kernel/gentoo/console: tty0 ttyS0
 boot/kernel/gentoo/console:
 
-# This feature will make sha512, blake2, or both checksums for every file in the iso (including files provided by livecd/overlay
-# These checksums can be verified at boot using the genkernel option "verify" added to the kernel line.
-# Currently this feature will generate both checksums if livecd/verify is defined to *any* value other than "blake2" or "sha512"
+# Enables the generation of a isoroot_b2sums file containing a BLAKE2 digest of
+# each file in the ISO. When 'livecd/bootargs' contains 'verify' this feature
+# will be used to verify the contents of the ISO at boot time.
 # No checksums are generated if this is left commented.
-#livecd/verify: sha512
+#livecd/verify: blake2
 
 # This feature controls the depclean run after fsscript and before unmerge.
 # The default is unset, and will run emerge --depclean --with-bdeps=n which results
diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index 9b10b7cf..b0e4d15e 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -94,30 +94,17 @@ else
 	mkisofs_zisofs_opts=""
 fi
 
-#we want to create a checksum for every file on the iso so we can verify it
-#from genkernel during boot.  Here we make a function to create the sha512sums, and blake2sums
+# Generate list of checksums that genkernel can use to verify the contents of
+# the ISO
 isoroot_checksum() {
-	echo "Creating checksums for all files included in the iso, please wait..."
-	if [ -z "${1}" ] || [ "${1}" = "sha512" ]; then
-		find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums
-		${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_checksums
-	fi
-	if [ -z "${1}" ] || [ "${1}" = "blake2" ]; then
-		find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
-		${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
-	fi
+	echo ">> Creating checksums for all files included in the ISO"
+	find "${clst_target_path}" -type f ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
+	${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
 }
 
 run_mkisofs() {
-	if [ -n "${clst_livecd_verify}" ]; then
-		if [ "${clst_livecd_verify}" = "sha512" ]; then
-			isoroot_checksum sha512
-		elif [ "${clst_livecd_verify}" = "blake2" ]; then
-			isoroot_checksum blake2
-		else
-			isoroot_checksum
-		fi
-	fi
+	[ -n "${clst_livecd_verify}" ] && isoroot_checksum
+
 	echo "Running \"mkisofs ${@}\""
 	mkisofs "${@}" || die "Cannot make ISO image"
 }
-- 
2.24.1



             reply	other threads:[~2020-04-08  3:28 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-08  3:27 Matt Turner [this message]
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 2/5] targets: Simplify isoroot_checksum() Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 3/5] targets: Move isoroot verify check into isoroot_checksum() Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 4/5] targets: Support isoroot checksum on more platforms Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 5/5] targets: Use GRUB for BIOS boot Matt Turner
2020-04-08 16:13 ` [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support Brian Dolbec
2020-04-08 17:51   ` Matt Turner
2020-04-08 18:40     ` Brian Dolbec

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200408032753.105267-1-mattst88@gentoo.org \
    --to=mattst88@gentoo.org \
    --cc=gentoo-catalyst@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox