mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 07:06:42 +00:00
Talos-2 fixes to comply with hashing file standard. Bypass flash-gui.sh prompt when talos-2 ato validate hashes against hashes provided under tgz through flash.sh validation (still offer zip and tgz, which tgz might change to zip later but only tgz offered through builds)
Attempt to address https://github.com/linuxboot/heads/pull/1526#issuecomment-1811185197 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
parent
6ef5298d20
commit
56d38e112c
@ -64,6 +64,6 @@ $(board_build)/$(OUTPUT_PREFIX).tgz: \
|
|||||||
rm -rf $(board_build)/pkg # cleanup in case directory exists
|
rm -rf $(board_build)/pkg # cleanup in case directory exists
|
||||||
mkdir $(board_build)/pkg
|
mkdir $(board_build)/pkg
|
||||||
cp $^ $(board_build)/pkg
|
cp $^ $(board_build)/pkg
|
||||||
cd $(board_build)/pkg && sha256sum * > hashes.txt
|
cd $(board_build)/pkg && sha256sum * > sha256sum.txt
|
||||||
cd $(board_build)/pkg && tar zcf $@ *
|
cd $(board_build)/pkg && tar zcf $@ *
|
||||||
rm -r $(board_build)/pkg
|
rm -r $(board_build)/pkg
|
||||||
|
@ -63,7 +63,11 @@ while true; do
|
|||||||
--yesno "You will need to insert a USB drive containing your BIOS image (*.$UPDATE_PKG_EXT or\n*.$UPDATE_PLAIN_EXT).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 0 80); then
|
--yesno "You will need to insert a USB drive containing your BIOS image (*.$UPDATE_PKG_EXT or\n*.$UPDATE_PLAIN_EXT).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 0 80); then
|
||||||
mount_usb
|
mount_usb
|
||||||
if grep -q /media /proc/mounts; then
|
if grep -q /media /proc/mounts; then
|
||||||
find /media ! -path '*/\.*' -type f \( -name "*.$UPDATE_PLAIN_EXT" -o -type f -name "*.$UPDATE_PKG_EXT" \) | sort >/tmp/filelist.txt
|
if [ "${CONFIG_BOARD%_*}" = talos-2 ]; then
|
||||||
|
find /media ! -path '*/\.*' -type f -name "*.$UPDATE_PLAIN_EXT" | sort >/tmp/filelist.txt
|
||||||
|
else
|
||||||
|
find /media ! -path '*/\.*' -type f \( -name "*.$UPDATE_PLAIN_EXT" -o -type f -name "*.$UPDATE_PKG_EXT" \) | sort >/tmp/filelist.txt
|
||||||
|
fi
|
||||||
file_selector "/tmp/filelist.txt" "Choose the ROM to flash"
|
file_selector "/tmp/filelist.txt" "Choose the ROM to flash"
|
||||||
if [ "$FILE" == "" ]; then
|
if [ "$FILE" == "" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
@ -109,12 +113,19 @@ while true; do
|
|||||||
# Continue on using the verified ROM
|
# Continue on using the verified ROM
|
||||||
ROM="$PACKAGE_ROM"
|
ROM="$PACKAGE_ROM"
|
||||||
else
|
else
|
||||||
|
# talos-2 uses a .tgz file for its "plain" update, contains other parts as well, validated against hashes under flash.sh
|
||||||
|
# Skip prompt for hash validation for talos-2. Only method is through tgz or through bmc with individual parts
|
||||||
|
if [ "${CONFIG_BOARD%_*}" != talos-2 ]; then
|
||||||
# a rom file was provided. exit if we shall not proceed
|
# a rom file was provided. exit if we shall not proceed
|
||||||
ROM="$PKG_FILE"
|
ROM="$PKG_FILE"
|
||||||
ROM_HASH=$(sha256sum "$ROM" | awk '{print $1}') || die "Failed to hash ROM file"
|
ROM_HASH=$(sha256sum "$ROM" | awk '{print $1}') || die "Failed to hash ROM file"
|
||||||
if ! (whiptail $CONFIG_ERROR_BG_COLOR --title 'Flash ROM without integrity check?' \
|
if ! (whiptail $CONFIG_ERROR_BG_COLOR --title 'Flash ROM without integrity check?' \
|
||||||
--yesno "You have provided a *.$UPDATE_PLAIN_EXT file. The integrity of the file can not be\nchecked automatically for this file type.\n\nROM: $ROM\nSHA256SUM: $ROM_HASH\n\nIf you do not know how to check the file integrity yourself,\nyou should use a *.$UPDATE_PKG_EXT file instead.\n\nIf the file is damaged, you will not be able to boot anymore.\nDo you want to proceed flashing without file integrity check?" 0 80); then
|
--yesno "You have provided a *.$UPDATE_PLAIN_EXT file. The integrity of the file can not be\nchecked automatically for this file type.\n\nROM: $ROM\nSHA256SUM: $ROM_HASH\n\nIf you do not know how to check the file integrity yourself,\nyou should use a *.$UPDATE_PKG_EXT file instead.\n\nIf the file is damaged, you will not be able to boot anymore.\nDo you want to proceed flashing without file integrity check?" 0 80); then
|
||||||
exit 1
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
#We are on talos-2, so we have a tgz file. We will pass it directly to flash.sh which will take care of it
|
||||||
|
ROM="$PKG_FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -180,7 +180,7 @@ if [ "$READ" -eq 0 ] && [ "${ROM##*.}" = tgz ]; then
|
|||||||
mkdir /tmp/verified_rom
|
mkdir /tmp/verified_rom
|
||||||
|
|
||||||
tar -C /tmp/verified_rom -xf $ROM || die "Rom archive $ROM could not be extracted"
|
tar -C /tmp/verified_rom -xf $ROM || die "Rom archive $ROM could not be extracted"
|
||||||
if ! (cd /tmp/verified_rom/ && sha256sum -cs hashes.txt); then
|
if ! (cd /tmp/verified_rom/ && sha256sum -cs sha256sum.txt); then
|
||||||
die "Provided tgz image did not pass hash verification"
|
die "Provided tgz image did not pass hash verification"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user