| 1 |
commit: 2b0e9243fb2456e86053b9448938359920916ecc |
| 2 |
Author: Rick Farina (Zero_Chaos) <zerochaos <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Sep 23 17:25:23 2015 +0000 |
| 4 |
Commit: Richard Farina <zerochaos <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Sep 23 17:25:23 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/catalyst.git/commit/?id=2b0e9243 |
| 7 |
|
| 8 |
add isoroot checksum support to generate checksums for genkernel to verify |
| 9 |
|
| 10 |
catalyst/targets/livecd_stage2.py | 2 +- |
| 11 |
examples/livecd-stage2_template.spec | 5 ++++ |
| 12 |
targets/support/create-iso.sh | 44 ++++++++++++++++++++---------------- |
| 13 |
3 files changed, 30 insertions(+), 21 deletions(-) |
| 14 |
|
| 15 |
diff --git a/catalyst/targets/livecd_stage2.py b/catalyst/targets/livecd_stage2.py |
| 16 |
index 70f0fac..77c6613 100644 |
| 17 |
--- a/catalyst/targets/livecd_stage2.py |
| 18 |
+++ b/catalyst/targets/livecd_stage2.py |
| 19 |
@@ -28,7 +28,7 @@ class livecd_stage2(StageBase): |
| 20 |
"livecd/rcdel","livecd/fsscript","livecd/xinitrc",\ |
| 21 |
"livecd/root_overlay","livecd/users","portage_overlay",\ |
| 22 |
"livecd/fstype","livecd/fsops","livecd/linuxrc","livecd/bootargs",\ |
| 23 |
- "gamecd/conf","livecd/xdm","livecd/xsession","livecd/volid"]) |
| 24 |
+ "gamecd/conf","livecd/xdm","livecd/xsession","livecd/volid","livecd/verify"]) |
| 25 |
|
| 26 |
StageBase.__init__(self,spec,addlargs) |
| 27 |
if "livecd/type" not in self.settings: |
| 28 |
|
| 29 |
diff --git a/examples/livecd-stage2_template.spec b/examples/livecd-stage2_template.spec |
| 30 |
index c2c6bf3..49ddcd7 100644 |
| 31 |
--- a/examples/livecd-stage2_template.spec |
| 32 |
+++ b/examples/livecd-stage2_template.spec |
| 33 |
@@ -331,6 +331,11 @@ boot/kernel/gentoo/machine_type: |
| 34 |
# boot/kernel/gentoo/console: tty0 ttyS0 |
| 35 |
boot/kernel/gentoo/console: |
| 36 |
|
| 37 |
+# This feature will make sha512 checksums for every file in the iso (including files provided by livecd/overlay |
| 38 |
+# These checksums can be verified at boot using the genkernel option "verify" added to the kernel line. |
| 39 |
+# Currently this feature will be enabled if livecd/verify is defined to *any* value, leave commented to disable. |
| 40 |
+#livecd/verify: true |
| 41 |
+ |
| 42 |
# This is a list of packages that will be unmerged after all the kernels have |
| 43 |
# been built. There are no checks on these packages, so be careful what you |
| 44 |
# add here. They can potentially break your CD. |
| 45 |
|
| 46 |
diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh |
| 47 |
index 5e8cdc3..a8a194f 100755 |
| 48 |
--- a/targets/support/create-iso.sh |
| 49 |
+++ b/targets/support/create-iso.sh |
| 50 |
@@ -82,6 +82,20 @@ else |
| 51 |
mkisofs_zisofs_opts="" |
| 52 |
fi |
| 53 |
|
| 54 |
+#we want to create a sha512sum for every file on the iso so we can verify it |
| 55 |
+#from genkernel during boot. Here we make a function to create the sha512sums |
| 56 |
+isoroot_checksum() { |
| 57 |
+ echo "Creating checksums for all files included in the iso, please wait..." |
| 58 |
+ find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums |
| 59 |
+ sed -i "s#${clst_target_path}##" "${clst_target_path}"/isoroot_checksums |
| 60 |
+} |
| 61 |
+ |
| 62 |
+run_mkisofs() { |
| 63 |
+ [ -n "${clst_livecd_verify}" ] && isoroot_checksum |
| 64 |
+ echo "Running \"mkisofs ${@}\"" |
| 65 |
+ mkisofs "${@}" || die "Cannot make ISO image" |
| 66 |
+} |
| 67 |
+ |
| 68 |
# Here we actually create the ISO images for each architecture |
| 69 |
case ${clst_hostarch} in |
| 70 |
alpha) |
| 71 |
@@ -92,8 +106,7 @@ case ${clst_hostarch} in |
| 72 |
;; |
| 73 |
hppa) |
| 74 |
echo ">> Running mkisofs to create iso image...." |
| 75 |
- echo ">> mkisofs -R -l -J ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} ${clst_target_path}/" |
| 76 |
- mkisofs -R -l -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ || die "Cannot make ISO image" |
| 77 |
+ run_mkisofs -R -l -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ |
| 78 |
pushd ${clst_target_path}/ |
| 79 |
palo -f boot/palo.conf -C ${1} |
| 80 |
popd |
| 81 |
@@ -127,8 +140,7 @@ case ${clst_hostarch} in |
| 82 |
rm -rf ${clst_target_path}/boot |
| 83 |
|
| 84 |
echo ">> Running mkisofs to create iso image...." |
| 85 |
- echo ">> mkisofs -R -l -b gentoo.efimg -c boot.cat -no-emul-boot -J ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} ${clst_target_path}/" |
| 86 |
- mkisofs -R -l -b gentoo.efimg -c boot.cat -no-emul-boot -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ || die "Cannot make ISO image" |
| 87 |
+ run_mkisofs -R -l -b gentoo.efimg -c boot.cat -no-emul-boot -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ |
| 88 |
;; |
| 89 |
mips) |
| 90 |
case ${clst_fstype} in |
| 91 |
@@ -200,8 +212,7 @@ case ${clst_hostarch} in |
| 92 |
fi |
| 93 |
|
| 94 |
echo ">> Running mkisofs to create iso image...." |
| 95 |
- echo ">> mkisofs -r -U -chrp-boot -netatalk -hfs -probe -map ${clst_target_path}/boot/map.hfs -part -no-desktop -hfs-volid \"${clst_iso_volume_id}\" -hfs-bless ${clst_target_path}/boot -hide-hfs \"zisofs\" -hide-hfs \"stages\" -hide-hfs \"distfiles\" -hide-hfs \"snapshots\" -J ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} ${clst_target_path}/" |
| 96 |
- mkisofs -r -U -chrp-boot -netatalk -hfs -probe -map ${clst_target_path}/boot/map.hfs -part -no-desktop -hfs-volid "${clst_iso_volume_id}" -hfs-bless ${clst_target_path}/boot -hide-hfs "zisofs" -hide-hfs "stages" -hide-hfs "distfiles" -hide-hfs "snapshots" -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ || die "Cannot make ISO image" |
| 97 |
+ run_mkisofs -r -U -chrp-boot -netatalk -hfs -probe -map ${clst_target_path}/boot/map.hfs -part -no-desktop -hfs-volid "${clst_iso_volume_id}" -hfs-bless ${clst_target_path}/boot -hide-hfs "zisofs" -hide-hfs "stages" -hide-hfs "distfiles" -hide-hfs "snapshots" -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ |
| 98 |
;; |
| 99 |
sparc*) |
| 100 |
# Old silo (<=1.2.6) requires a specially built mkisofs |
| 101 |
@@ -216,8 +227,7 @@ case ${clst_hostarch} in |
| 102 |
rm /tmp/mkisofs.sparc.fu |
| 103 |
else |
| 104 |
echo "Running mkisofs to create iso image...." |
| 105 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} -G \"${clst_target_path}/boot/isofs.b\" -B ... ${clst_target_path}/" |
| 106 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -G "${clst_target_path}/boot/isofs.b" -B ... ${clst_target_path}/ || die "CAnnot make ISO image" |
| 107 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -G "${clst_target_path}/boot/isofs.b" -B ... ${clst_target_path}/ |
| 108 |
fi |
| 109 |
|
| 110 |
;; |
| 111 |
@@ -264,34 +274,28 @@ case ${clst_hostarch} in |
| 112 |
mv ${clst_target_path}/boot/* ${clst_target_path}/isolinux |
| 113 |
rm -r ${clst_target_path}/boot |
| 114 |
echo "Creating ISO using ISOLINUX bootloader" |
| 115 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/" |
| 116 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/ || die "Cannot make ISO image" |
| 117 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/ |
| 118 |
isohybrid ${1} |
| 119 |
elif [ -e ${clst_target_path}/gentoo.efimg ] |
| 120 |
then |
| 121 |
echo "Creating ISO using both ISOLINUX and EFI bootloader" |
| 122 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -b gentoo.efimg -c boot.cat -no-emul-boot -z ${clst_target_path}/" |
| 123 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -b gentoo.efimg -c boot.cat -no-emul-boot -z ${clst_target_path}/ || die "Cannot make ISO image" |
| 124 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -b gentoo.efimg -c boot.cat -no-emul-boot -z ${clst_target_path}/ |
| 125 |
fi |
| 126 |
else |
| 127 |
echo "Creating ISO using ISOLINUX bootloader" |
| 128 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/" |
| 129 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/ || die "Cannot make ISO image" |
| 130 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/ |
| 131 |
isohybrid ${1} |
| 132 |
fi |
| 133 |
elif [ -e ${clst_target_path}/boot/grub/stage2_eltorito ] |
| 134 |
then |
| 135 |
echo "Creating ISO using GRUB bootloader" |
| 136 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} -b boot/grub/stage2_eltorito -c boot/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/" |
| 137 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b boot/grub/stage2_eltorito -c boot/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/ || die "Cannot make ISO image" |
| 138 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b boot/grub/stage2_eltorito -c boot/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table ${clst_target_path}/ |
| 139 |
elif [ -e ${clst_target_path}/gentoo.efimg ] |
| 140 |
then |
| 141 |
echo 'Creating ISO using EFI bootloader' |
| 142 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} -b gentoo.efimg -c boot.cat -no-emul-boot ${clst_target_path}/" |
| 143 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b gentoo.efimg -c boot.cat -no-emul-boot ${clst_target_path}/ || die "Cannot make ISO image" |
| 144 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} -b gentoo.efimg -c boot.cat -no-emul-boot ${clst_target_path}/ |
| 145 |
else |
| 146 |
- echo "mkisofs -J -R -l ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o ${1} ${clst_target_path}/" |
| 147 |
- mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ || die "Cannot make ISO image" |
| 148 |
+ run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o ${1} ${clst_target_path}/ |
| 149 |
fi |
| 150 |
;; |
| 151 |
esac |
Archives