public inbox for gentoo-catalyst@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support
@ 2020-04-08  3:27 Matt Turner
  2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 2/5] targets: Simplify isoroot_checksum() Matt Turner
                   ` (4 more replies)
  0 siblings, 5 replies; 8+ messages in thread
From: Matt Turner @ 2020-04-08  3:27 UTC (permalink / raw
  To: gentoo-catalyst; +Cc: Matt Turner

BLAKE2 is good and fast. Pentoo is using BLAKE2. There's no need for a
second digest.

Signed-off-by: Matt Turner <mattst88@gentoo.org>
---
 examples/livecd-stage2_template.spec |  8 ++++----
 targets/support/create-iso.sh        | 27 +++++++--------------------
 2 files changed, 11 insertions(+), 24 deletions(-)

diff --git a/examples/livecd-stage2_template.spec b/examples/livecd-stage2_template.spec
index 7398c972..4cb94d40 100644
--- a/examples/livecd-stage2_template.spec
+++ b/examples/livecd-stage2_template.spec
@@ -316,11 +316,11 @@ boot/kernel/gentoo/packages:
 # boot/kernel/gentoo/console: tty0 ttyS0
 boot/kernel/gentoo/console:
 
-# This feature will make sha512, blake2, or both checksums for every file in the iso (including files provided by livecd/overlay
-# These checksums can be verified at boot using the genkernel option "verify" added to the kernel line.
-# Currently this feature will generate both checksums if livecd/verify is defined to *any* value other than "blake2" or "sha512"
+# Enables the generation of a isoroot_b2sums file containing a BLAKE2 digest of
+# each file in the ISO. When 'livecd/bootargs' contains 'verify' this feature
+# will be used to verify the contents of the ISO at boot time.
 # No checksums are generated if this is left commented.
-#livecd/verify: sha512
+#livecd/verify: blake2
 
 # This feature controls the depclean run after fsscript and before unmerge.
 # The default is unset, and will run emerge --depclean --with-bdeps=n which results
diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index 9b10b7cf..b0e4d15e 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -94,30 +94,17 @@ else
 	mkisofs_zisofs_opts=""
 fi
 
-#we want to create a checksum for every file on the iso so we can verify it
-#from genkernel during boot.  Here we make a function to create the sha512sums, and blake2sums
+# Generate list of checksums that genkernel can use to verify the contents of
+# the ISO
 isoroot_checksum() {
-	echo "Creating checksums for all files included in the iso, please wait..."
-	if [ -z "${1}" ] || [ "${1}" = "sha512" ]; then
-		find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums
-		${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_checksums
-	fi
-	if [ -z "${1}" ] || [ "${1}" = "blake2" ]; then
-		find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
-		${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
-	fi
+	echo ">> Creating checksums for all files included in the ISO"
+	find "${clst_target_path}" -type f ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
+	${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
 }
 
 run_mkisofs() {
-	if [ -n "${clst_livecd_verify}" ]; then
-		if [ "${clst_livecd_verify}" = "sha512" ]; then
-			isoroot_checksum sha512
-		elif [ "${clst_livecd_verify}" = "blake2" ]; then
-			isoroot_checksum blake2
-		else
-			isoroot_checksum
-		fi
-	fi
+	[ -n "${clst_livecd_verify}" ] && isoroot_checksum
+
 	echo "Running \"mkisofs ${@}\""
 	mkisofs "${@}" || die "Cannot make ISO image"
 }
-- 
2.24.1



^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2020-04-08 18:41 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-08  3:27 [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 2/5] targets: Simplify isoroot_checksum() Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 3/5] targets: Move isoroot verify check into isoroot_checksum() Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 4/5] targets: Support isoroot checksum on more platforms Matt Turner
2020-04-08  3:27 ` [gentoo-catalyst] [PATCH 5/5] targets: Use GRUB for BIOS boot Matt Turner
2020-04-08 16:13 ` [gentoo-catalyst] [PATCH 1/5] targets: Drop SHA512 isoroot verification support Brian Dolbec
2020-04-08 17:51   ` Matt Turner
2020-04-08 18:40     ` Brian Dolbec

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox