From b70047d4136285ce8e5046c379143f4813228855 Mon Sep 17 00:00:00 2001 From: Nathan Whitehorn Date: Sun, 13 Mar 2011 17:15:31 +0000 Subject: [PATCH] Add generation of an installation manifest containing SHA256 checksums as well as package descriptions and add code in the installer to check the checksums. --- release/Makefile.bsdinstall | 8 ++-- release/scripts/make-manifest.sh | 25 +++++++++++ usr.sbin/bsdinstall/scripts/Makefile | 4 +- usr.sbin/bsdinstall/scripts/auto | 34 +++++++-------- usr.sbin/bsdinstall/scripts/checksum | 65 ++++++++++++++++++++++++++++ 5 files changed, 112 insertions(+), 24 deletions(-) create mode 100755 release/scripts/make-manifest.sh create mode 100755 usr.sbin/bsdinstall/scripts/checksum diff --git a/release/Makefile.bsdinstall b/release/Makefile.bsdinstall index a2d350f9f61..bda97a4e054 100644 --- a/release/Makefile.bsdinstall +++ b/release/Makefile.bsdinstall @@ -112,7 +112,8 @@ system: packagesystem -rm ${.OBJDIR}/release/boot/kernel/*.symbols # Copy distfiles mkdir ${.OBJDIR}/release/usr/freebsd-dist - cp ${.OBJDIR}/*.txz ${.OBJDIR}/release/usr/freebsd-dist + cp ${.OBJDIR}/*.txz ${.OBJDIR}/MANIFEST \ + ${.OBJDIR}/release/usr/freebsd-dist # Copy documentation, if generated .if !defined(NODOC) cp ${.OBJDIR}/reldoc/* ${.OBJDIR}/release @@ -134,13 +135,14 @@ memstick: system sh ${.CURDIR}/${TARGET}/make-memstick.sh ${.OBJDIR}/release ${.OBJDIR}/memstick packagesystem: base.txz kernel.txz ${EXTRA_PACKAGES} + sh ${.CURDIR}/${TARGET}/make-manifest.sh ${DISTDIR}/*.txz > ${.OBJDIR}/MANIFEST touch ${.OBJDIR}/${.TARGET} cdrom: release.iso ftp: packagesystem rm -rf ${.OBJDIR}/ftp mkdir ${.OBJDIR}/ftp - cp ${.OBJDIR}/*.txz ${.OBJDIR}/ftp + cp ${.OBJDIR}/*.txz ${.OBJDIR}/MANIFEST ${.OBJDIR}/ftp release: ${RELEASE_TARGETS} @@ -148,7 +150,7 @@ clean: chflags -R noschg ${.OBJDIR} rm -rf ${.OBJDIR}/dist ${.OBJDIR}/ftp rm -f packagesystem - rm -f ${.OBJDIR}/*.txz + rm -f ${.OBJDIR}/*.txz ${.OBJDIR}/MANIFEST rm -f system rm -rf ${.OBJDIR}/release rm -f ${.OBJDIR}/release.iso ${.OBJDIR}/memstick diff --git a/release/scripts/make-manifest.sh b/release/scripts/make-manifest.sh new file mode 100755 index 00000000000..352d27aa5a5 --- /dev/null +++ b/release/scripts/make-manifest.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# make-manifest.sh: create checksums and package descriptions for the installer +# +# Usage: make-manifest.sh foo1.txz foo2.txz ... +# +# The output file looks like this (tab-delimited): +# foo1.txz SHA256-checksu Number-of-files foo1 Description Install-by-default +# +# $FreeBSD$ + +desc_base="Base system (MANDATORY)" +desc_kernel="Kernel (MANDATORY)" +desc_doc="Additional documentation" +doc_default=off +desc_games="Games (fortune, etc.)" +desc_lib32="32-bit compatibility libraries" +desc_ports="Ports tree" +desc_src="System source code" +src_default=off + +for i in $*; do + echo "`basename $i` `sha256 -q $i` `tar tvf $i | wc -l | tr -d ' '` `basename $i .txz` \"`eval echo \\\$desc_$(basename $i .txz)`\" `eval echo \\\${$(basename $i .txz)_default:-on}`" +done + diff --git a/usr.sbin/bsdinstall/scripts/Makefile b/usr.sbin/bsdinstall/scripts/Makefile index d68ea5a97cb..b1a49ad595d 100644 --- a/usr.sbin/bsdinstall/scripts/Makefile +++ b/usr.sbin/bsdinstall/scripts/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ -SCRIPTS= auto adduser config hostname jail keymap mount netconfig rootpass \ - services time umount wlanconfig +SCRIPTS= auto adduser checksum config hostname jail keymap mount netconfig \ + rootpass services time umount wlanconfig BINDIR= /usr/libexec/bsdinstall NO_MAN= true diff --git a/usr.sbin/bsdinstall/scripts/auto b/usr.sbin/bsdinstall/scripts/auto index a4c5c821c45..a857edc708a 100755 --- a/usr.sbin/bsdinstall/scripts/auto +++ b/usr.sbin/bsdinstall/scripts/auto @@ -50,26 +50,21 @@ bsdinstall keymap trap error SIGINT # Catch cntrl-C here bsdinstall hostname || error -LIB32="" -[ `uname -p` = amd64 -o `uname -p` = powerpc64 ] && \ - LIB32="lib32 \"32-bit compatibility\" on" - -DISTMENU="doc \"Additional documentation\" on \ - games \"Games (fortune, etc.)\" on \ - $LIB32 \ - ports \"Ports tree\" on \ - src \"System source code\" off" - -exec 3>&1 -EXTRA_DISTS=$(echo $DISTMENU | xargs dialog --backtitle "FreeBSD Installer" \ - --title "Distribution Select" --nocancel --separate-output \ - --checklist "Choose optional system components to install:" \ - 0 0 0 \ -2>&1 1>&3) export DISTRIBUTIONS="base.txz kernel.txz" -for dist in $EXTRA_DISTS; do - export DISTRIBUTIONS="$DISTRIBUTIONS $dist.txz" -done +if [ -f $BSDINSTALL_DISTDIR/MANIFEST ]; then + DISTMENU=`cut -f 4,5,6 $BSDINSTALL_DISTDIR/MANIFEST | grep -v -e ^kernel -e ^base` + + exec 3>&1 + EXTRA_DISTS=$(echo $DISTMENU | xargs dialog \ + --backtitle "FreeBSD Installer" \ + --title "Distribution Select" --nocancel --separate-output \ + --checklist "Choose optional system components to install:" \ + 0 0 0 \ + 2>&1 1>&3) + for dist in $EXTRA_DISTS; do + export DISTRIBUTIONS="$DISTRIBUTIONS $dist.txz" + done +fi FETCH_DISTRIBUTIONS="" for dist in $DISTRIBUTIONS; do @@ -131,6 +126,7 @@ if [ ! -z "$FETCH_DISTRIBUTIONS" ]; then export DISTRIBUTIONS="$ALL_DISTRIBUTIONS" fi +bsdinstall checksum || error bsdinstall distextract || error bsdinstall rootpass || error diff --git a/usr.sbin/bsdinstall/scripts/checksum b/usr.sbin/bsdinstall/scripts/checksum new file mode 100755 index 00000000000..7538da13a45 --- /dev/null +++ b/usr.sbin/bsdinstall/scripts/checksum @@ -0,0 +1,65 @@ +#!/bin/sh +#- +# Copyright (c) 2011 Nathan Whitehorn +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +test -f $BSDINSTALL_DISTDIR/MANIFEST || exit 0 + +percentage=0 +for dist in $DISTRIBUTIONS; do + distname=$(basename $dist .txz) + eval "status_$distname=7" + + items="" + for i in $DISTRIBUTIONS; do + items="$items $i `eval echo \\\${status_$(basename $i .txz):-Pending}`" + done + dialog --backtitle "FreeBSD Installer" --title "Checksum Verification" \ + --mixedgauge "Verifying checksums of selected distributions." \ + 0 0 $percentage $items + + CK=`sha256 -q $BSDINSTALL_DISTDIR/$dist` + awk -v checksum=$CK -v dist=$dist '{ + if (dist == $1) { + if (checksum == $2) + exit(0) + else + exit(1) + } + }' $BSDINSTALL_DISTDIR/MANIFEST + + if [ $? -eq 0 ]; then + eval "status_$distname=2" + percentage=$(echo $percentage + 100/`echo $DISTRIBUTIONS | wc -w` | bc) + else + eval "status_$distname=1" + dialog --backtitle "FreeBSD Installer" --title "Error" \ + --msgbox "The checksum for $dist does not match. It may have become corrupted, and should be redownloaded." 0 0 + exit 1 + fi +done + +exit 0