fi
[ "${QUIET}" ] || echo -n " "utils
-# Program: md5sum
+
+# Feature: Verify Checksums
+copy_exec /usr/bin/sha256sum /bin
copy_exec /usr/bin/md5sum /bin
# Program: memdisk
Allows to use a filesystem from within an iso image that's available on live-media.
.IP "\fBignore_uuid\fR" 4
Do not check that any UUID embedded in the initramfs matches the discovered medium. live\-boot may be told to generate a UUID by setting LIVE_GENERATE_UUID=1 when building the initramfs.
-.IP "\fBintegrity\-check\fR" 4
+.IP "\fBverify\-checksums\fR" 4
If specified, an MD5 sum is calculated on the live media during boot and compared to the value found in md5sum.txt found in the root directory of the live media.
.IP "\fBip\fR=[\fIDEVICE\fR]:[\fICLIENT_IP\fR]:[\fISERVER_IP\fR]:[\fIGATEWAY_IP\fR]:[\fINETMASK\fR]:[\fIHOSTNAME\fR]:[\fIAUTOCONF\fR] [,[\fIDEVICE\fR]:[\fICLIENT_IP\fR]:[\fISERVER_IP\fR]:[\fIGATEWAY_IP\fR]:[\fINETMASK\fR]:[\fIHOSTNAME\fR]:[\fIAUTOCONF\fR]]" 4
Let you specify the name(s) and the options of the interface(s) that should be configured at boot time. Do not specify this if you want to use dhcp (default). It will be changed in a future release to mimick official kernel boot param specification (e.g. ip=10.0.0.1::10.0.0.254:255.255.255.0::eth0,:::::eth1:dhcp).
panic "Unable to find a medium containing a live file system"
fi
- if [ "${INTEGRITY_CHECK}" ]
- then
- integrity_check "${livefs_root}"
- fi
+ case "${LIVE_VERIFY_CHECKSUMS}" in
+ true)
+ Verify_checksums "${livefs_root}"
+ ;;
+ esac
if [ "${TORAM}" ]
then
for ARGUMENT in $(cat /proc/cmdline)
do
case "${ARGUMENT}" in
+ live-boot.verify-checksums|verify-checksums)
+ LIVE_VERIFY_CHECKSUMS="true"
+ export LIVE_VERIFY_CHECKSUMS
+ ;;
+
+ # parameters below need review
read-only)
READ_ONLY="true"
;;
export IGNORE_UUID
;;
- integrity-check)
- INTEGRITY_CHECK="true"
- export INTEGRITY_CHECK
- ;;
-
ip=*)
STATICIP="${ARGUMENT#ip=}"
+++ /dev/null
-#!/bin/sh
-
-#set -e
-
-integrity_check ()
-{
- media_mountpoint="${1}"
-
- log_begin_msg "Checking media integrity"
-
- cd ${media_mountpoint}
- /bin/md5sum -c md5sum.txt < /dev/tty8 > /dev/tty8
- RC="${?}"
-
- log_end_msg
-
- if [ "${RC}" -eq 0 ]
- then
- log_success_msg "Everything ok, will reboot in 10 seconds."
- sleep 10
- cd /
- umount ${media_mountpoint}
- sync
- echo u > /proc/sysrq-trigger
- echo b > /proc/sysrq-trigger
- else
- panic "Not ok, a media defect is likely, switch to VT8 for details."
- fi
-}
--- /dev/null
+#!/bin/sh
+
+#set -e
+
+Verify_checksums ()
+{
+ _MOUNTPOINT="${1}"
+
+ _DIGESTS="sha512 sha384 sha256 sha224 sha1 md5"
+ _TTY="/dev/tty8"
+
+ log_begin_msg "Verifying checksums"
+
+ cd "${_MOUNTPOINT}"
+
+ for _DIGEST in ${_DIGESTS}
+ do
+ _CHECKSUMS="$(echo ${_DIGEST} | tr [a-z] [A-Z])SUMS"
+
+ if [ -e "${_CHECKSUMS}" ]
+ then
+ echo "Found ${_CHECKSUMS}..." > "${_TTY}"
+
+ if [ -e "/bin/${_DIGEST}sum" ]
+ then
+ echo "Checking ${_CHECKSUMS}..." > "${_TTY}"
+
+ # Verify checksums
+ /bin/${_DIGEST}sum -c "${_CHECKSUMS}" < "${_TTY}" > "${_TTY}"
+ _RETURN="${?}"
+
+ # Stop after first verification
+ break
+ else
+ echo "Not found /bin/${_DIGEST}sum..." > "${_TTY}"
+ fi
+ fi
+ done
+
+ log_end_msg
+
+ case "${_RETURN}" in
+ 0)
+ log_success_msg "Verification successfull, rebooting in 10 seconds."
+ sleep 10
+
+ # Unmount live-media
+ cd /
+ umount -f ${_MOUNTPOINT} > /dev/null 2>&1
+ sync
+
+ # Attempt to remount all mounted filesystems read-only
+ echo u > /proc/sysrq-trigger
+
+ # Immediately reboot the system without syncing or unmounting filesystems
+ echo b > /proc/sysrq-trigger
+ ;;
+
+ *)
+ panic "Verification failed, $(basename ${_TTY}) for more information."
+ ;;
+ esac
+}