From: Brian Dolbec <dolsen@gentoo.org>
To: gentoo-catalyst@lists.gentoo.org
Subject: Re: [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support
Date: Wed, 8 Apr 2020 09:13:30 -0700 [thread overview]
Message-ID: <20200408091330.73b6ebf1@professor-x> (raw)
In-Reply-To: <20200408032753.105267-1-mattst88@gentoo.org>
On Tue, 7 Apr 2020 20:27:49 -0700
Matt Turner <mattst88@gentoo.org> wrote:
> BLAKE2 is good and fast. Pentoo is using BLAKE2. There's no need for a
> second digest.
>
> Signed-off-by: Matt Turner <mattst88@gentoo.org>
> ---
> examples/livecd-stage2_template.spec | 8 ++++----
> targets/support/create-iso.sh | 27 +++++++--------------------
> 2 files changed, 11 insertions(+), 24 deletions(-)
>
> diff --git a/examples/livecd-stage2_template.spec
> b/examples/livecd-stage2_template.spec index 7398c972..4cb94d40 100644
> --- a/examples/livecd-stage2_template.spec
> +++ b/examples/livecd-stage2_template.spec
> @@ -316,11 +316,11 @@ boot/kernel/gentoo/packages:
> # boot/kernel/gentoo/console: tty0 ttyS0
> boot/kernel/gentoo/console:
>
> -# This feature will make sha512, blake2, or both checksums for every
> file in the iso (including files provided by livecd/overlay -# These
> checksums can be verified at boot using the genkernel option "verify"
> added to the kernel line. -# Currently this feature will generate
> both checksums if livecd/verify is defined to *any* value other than
> "blake2" or "sha512" +# Enables the generation of a isoroot_b2sums
> file containing a BLAKE2 digest of +# each file in the ISO. When
> 'livecd/bootargs' contains 'verify' this feature +# will be used to
> verify the contents of the ISO at boot time. # No checksums are
> generated if this is left commented. -#livecd/verify: sha512
> +#livecd/verify: blake2 # This feature controls the depclean run
> after fsscript and before unmerge. # The default is unset, and will
> run emerge --depclean --with-bdeps=n which results diff --git
> a/targets/support/create-iso.sh b/targets/support/create-iso.sh index
> 9b10b7cf..b0e4d15e 100755 --- a/targets/support/create-iso.sh
> +++ b/targets/support/create-iso.sh
> @@ -94,30 +94,17 @@ else
> mkisofs_zisofs_opts=""
> fi
>
> -#we want to create a checksum for every file on the iso so we can
> verify it -#from genkernel during boot. Here we make a function to
> create the sha512sums, and blake2sums +# Generate list of checksums
> that genkernel can use to verify the contents of +# the ISO
> isoroot_checksum() {
> - echo "Creating checksums for all files included in the iso,
> please wait..."
> - if [ -z "${1}" ] || [ "${1}" = "sha512" ]; then
> - find "${clst_target_path}" -type f ! -name
> 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums'
> -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums
> - ${clst_sed} -i "s#${clst_target_path}/\?##"
> "${clst_target_path}"/isoroot_checksums
> - fi
> - if [ -z "${1}" ] || [ "${1}" = "blake2" ]; then
> - find "${clst_target_path}" -type f ! -name
> 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums'
> -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
> - ${clst_sed} -i "s#${clst_target_path}/\?##"
> "${clst_target_path}"/isoroot_b2sums
> - fi
> + echo ">> Creating checksums for all files included in the
> ISO"
> + find "${clst_target_path}" -type f ! -name 'isoroot_b2sums'
> -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
> + ${clst_sed} -i "s#${clst_target_path}/\?##"
> "${clst_target_path}"/isoroot_b2sums }
>
> run_mkisofs() {
> - if [ -n "${clst_livecd_verify}" ]; then
> - if [ "${clst_livecd_verify}" = "sha512" ]; then
> - isoroot_checksum sha512
> - elif [ "${clst_livecd_verify}" = "blake2" ]; then
> - isoroot_checksum blake2
> - else
> - isoroot_checksum
> - fi
> - fi
> + [ -n "${clst_livecd_verify}" ] && isoroot_checksum
> +
> echo "Running \"mkisofs ${@}\""
> mkisofs "${@}" || die "Cannot make ISO image"
> }
I know I've been out of touch for almost the last year, but why remove
sha512? the current code it is optional for either of the two or both.
What is gentoo now supplying primarily?
If any change is to be made, I think it should be made as a plugin so
the base code doesn't need to be changed as things change to the
checksum of the day...
next prev parent reply other threads:[~2020-04-08 16:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-08 3:27 [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 2/5] targets: Simplify isoroot_checksum() Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 3/5] targets: Move isoroot verify check into isoroot_checksum() Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 4/5] targets: Support isoroot checksum on more platforms Matt Turner
2020-04-08 3:27 ` [gentoo-catalyst] [PATCH 5/5] targets: Use GRUB for BIOS boot Matt Turner
2020-04-08 16:13 ` Brian Dolbec [this message]
2020-04-08 17:51 ` [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support Matt Turner
2020-04-08 18:40 ` Brian Dolbec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200408091330.73b6ebf1@professor-x \
--to=dolsen@gentoo.org \
--cc=gentoo-catalyst@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox