nchevsky/systemrescue-zfs
1
0
Fork 0
mirror of https://github.com/nchevsky/systemrescue-zfs.git synced 2026-01-03 07:10:12 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

embed checksum into the .iso files created (isomd5sum)

Browse source 
These embedded checksums can help against accidental image corruption,
for example due to bad cache data, broken mirror servers or bad media.
They are not digital signatures and do *not* help against bad actors
manipulating the .iso image.

Images can be checked manually with the "checkisomd5" command. This
is done automatically when using the Fedora media writer or the upcoming
systemrescue-usbwriter.
This commit is contained in:
Gerd v. Egidy 2022-11-23 21:57:04 +01:00
parent 09c553668b
commit 594bf47b77
4 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -11,7 +11,7 @@ https://gitlab.archlinux.org/archlinux/archiso/
SystemRescue can be built for x86_64 or i686 architectures. It must be built
on archlinux if you want to build a 64bit edition, or archlinux32 if you want
to create a 32bit edition. The following packages must be installed on the
build system: archiso, grub, mtools, edk2-shell, hugo.
build system: archiso, grub, isomd5sum, mtools, edk2-shell, hugo.
You need to use a modified version of archiso for the build to work. This
version is provided in the custom `sysrescuerepo` repository. See the

3
build.sh
View file

@ -403,6 +403,9 @@ make_iso() {
)
# Create the ISO image
setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" -L "${iso_label}" -P "${iso_publisher}" -A "${iso_application}" -o "${out_dir}" iso "${iso_name}-${iso_version}-${arch/x86_64/amd64}.iso"
# embed checksum
implantisomd5 "${out_dir}/${iso_name}-${iso_version}-${arch/x86_64/amd64}.iso"
}
if [[ ${EUID} -ne 0 ]]; then

2
docker/Dockerfile-build-iso-i686
View file

@ -2,6 +2,6 @@ FROM fdupoux/archlinux32
RUN mkdir -p /workspace
COPY tmpfiles/pacman.conf /etc/pacman.conf
RUN sed -i -e 's/^Architecture.*$/Architecture = i686/' /etc/pacman.conf
RUN pacman -Syyu --noconfirm archiso binutils edk2-shell grub hugo mtools && rm -rf /var/cache/pacman/pkg/*
RUN pacman -Syyu --noconfirm archiso binutils edk2-shell grub hugo isomd5sum mtools && rm -rf /var/cache/pacman/pkg/*
CMD ["setarch","i686","/usr/bin/bash"]
WORKDIR /workspace

2
docker/Dockerfile-build-iso-x86_64
View file

@ -1,6 +1,6 @@
FROM archlinux:latest
RUN mkdir -p /workspace
COPY tmpfiles/pacman.conf /etc/pacman.conf
RUN pacman -Syyu --noconfirm archiso binutils edk2-shell grub hugo mtools && rm -rf /var/cache/pacman/pkg/*
RUN pacman -Syyu --noconfirm archiso binutils edk2-shell grub hugo isomd5sum mtools && rm -rf /var/cache/pacman/pkg/*
CMD ["setarch","x86_64","/usr/bin/bash"]
WORKDIR /workspace