Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Tom Yan
archiso
Commits
1a59eb37
Commit
1a59eb37
authored
Feb 13, 2016
by
Thomas Bächler
Committed by
Gerardo Exequiel Pozzi
Feb 28, 2016
Browse files
Add the verify=y option to verify the squashfs signature with gpg
parent
249a52d9
Changes
3
Hide whitespace changes
Inline
Side-by-side
archiso/initcpio/hooks/archiso
View file @
1a59eb37
...
...
@@ -105,6 +105,15 @@ _verify_checksum() {
return
${
_status
}
}
_verify_signature
()
{
local
_status
cd
"/run/archiso/bootmnt/
${
archisobasedir
}
/
${
arch
}
"
gpg
--homedir
/gpg
--status-fd
1
--verify
airootfs.sfs.sig 2>/dev/null |
grep
-qE
'^\[GNUPG:\] GOODSIG'
_status
=
$?
cd
"
${
OLDPWD
}
"
return
${
_status
}
}
run_hook
()
{
[[
-z
"
${
arch
}
"
]]
&&
arch
=
"
$(
uname
-m
)
"
[[
-z
"
${
copytoram_size
}
"
]]
&&
copytoram_size
=
"75%"
...
...
@@ -159,6 +168,21 @@ archiso_mount_handler() {
fi
fi
if
[[
"
${
verify
}
"
==
"y"
]]
;
then
if
[[
-f
"/run/archiso/bootmnt/
${
archisobasedir
}
/
${
arch
}
/airootfs.sfs.sig"
]]
;
then
msg
-n
":: Signature verification requested, please wait..."
if
_verify_signature
;
then
msg
"done. Signature is OK, continue booting."
else
echo
"ERROR: one or more files are corrupted"
launch_interactive_shell
fi
else
echo
"ERROR: verify=y option specified but
${
archisobasedir
}
/
${
arch
}
/airootfs.sfs.sig not found"
launch_interactive_shell
fi
fi
if
[[
"
${
copytoram
}
"
==
"y"
]]
;
then
msg
":: Mounting /run/archiso/copytoram (tmpfs) filesystem, size=
${
copytoram_size
}
"
mkdir
-p
/run/archiso/copytoram
...
...
archiso/initcpio/hooks/archiso_pxe_http
View file @
1a59eb37
...
...
@@ -39,6 +39,9 @@ archiso_pxe_http_mount_handler () {
if
[[
"
${
checksum
}
"
==
"y"
]]
;
then
_curl_get
"
${
archiso_http_srv
}${
archisobasedir
}
/
${
arch
}
/airootfs.md5"
"/
${
arch
}
"
fi
if
[[
"
${
verify
}
"
==
"y"
]]
;
then
_curl_get
"
${
archiso_http_srv
}${
archisobasedir
}
/
${
arch
}
/airootfs.sfs.sig"
"/
${
arch
}
"
fi
mkdir
-p
"/run/archiso/bootmnt"
mount
-o
bind
/run/archiso/httpspace /run/archiso/bootmnt
...
...
archiso/initcpio/install/archiso
View file @
1a59eb37
...
...
@@ -15,6 +15,7 @@ build() {
add_binary mountpoint
add_binary
truncate
add_binary gpg
add_binary
grep
add_file /usr/lib/udev/rules.d/60-cdrom_id.rules
add_file /usr/lib/udev/rules.d/10-dm.rules
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment