aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Brandt <alunduil@alunduil.com>2016-02-03 09:57:52 -0600
committerAlex Brandt <alunduil@alunduil.com>2016-02-03 09:57:52 -0600
commit1584f21d3862ea46c657f4f3a13de7913659489a (patch)
tree0567ab240b85903a49d1adc0e6503bf5fe3fe154
parentMerge pull request #23 from steev/master (diff)
parentmake if VerifyShaOfStage3 more readable (diff)
downloaddocker-images-1584f21d3862ea46c657f4f3a13de7913659489a.tar.gz
docker-images-1584f21d3862ea46c657f4f3a13de7913659489a.tar.bz2
docker-images-1584f21d3862ea46c657f4f3a13de7913659489a.zip
Merge pull request #27 from ChaosEngine/master
Added SHA512 DIGEST verification
-rwxr-xr-xamd64-hardened-nomultilib/build.sh58
-rwxr-xr-xamd64-hardened/build.sh58
-rwxr-xr-xamd64-nomultilib/build.sh60
-rwxr-xr-xamd64/build.sh58
-rwxr-xr-xx86/build.sh55
5 files changed, 189 insertions, 100 deletions
diff --git a/amd64-hardened-nomultilib/build.sh b/amd64-hardened-nomultilib/build.sh
index 96f6ad8..ea64118 100755
--- a/amd64-hardened-nomultilib/build.sh
+++ b/amd64-hardened-nomultilib/build.sh
@@ -1,29 +1,47 @@
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+ test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+ calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+ if [[ "$test_sum" == "$calculated_sum" ]]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
suffix=$3 # e.g. -hardened
arch=$1
-busybox_version=$2
dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
+# Create working directory, keep a copy of busybox handy
mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
+cp /bin/busybox .
-latest_stage3=$(curl "${base_url}/latest-stage3-amd64-hardened+nomultilib.txt" 2>/dev/null | grep -v '#' | awk '{print $1}')
-stage3=$(basename "${latest_stage3}")
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then
+ echo "DIGEST sum is okey";
+else
+ echo "DIGEST sum is NOT okey";
+ return 1;
+fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
-# Self destruct
-rm -f /Dockerfile /build.sh
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
-echo "Bootstrapped ${stage3} into /:"
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
+
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
ls --color -lah
+
diff --git a/amd64-hardened/build.sh b/amd64-hardened/build.sh
index 5f7ef00..ea64118 100755
--- a/amd64-hardened/build.sh
+++ b/amd64-hardened/build.sh
@@ -1,29 +1,47 @@
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+ test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+ calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+ if [[ "$test_sum" == "$calculated_sum" ]]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
suffix=$3 # e.g. -hardened
arch=$1
-busybox_version=$2
dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
+# Create working directory, keep a copy of busybox handy
mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
+cp /bin/busybox .
-latest_stage3=$(curl "${base_url}/latest-stage3-amd64-hardened.txt" 2>/dev/null | grep -v '#' | awk '{print $1}')
-stage3=$(basename "${latest_stage3}")
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then
+ echo "DIGEST sum is okey";
+else
+ echo "DIGEST sum is NOT okey";
+ return 1;
+fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
-# Self destruct
-rm -f /Dockerfile /build.sh
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
-echo "Bootstrapped ${stage3} into /:"
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
+
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
ls --color -lah
+
diff --git a/amd64-nomultilib/build.sh b/amd64-nomultilib/build.sh
index ade04b8..ea64118 100755
--- a/amd64-nomultilib/build.sh
+++ b/amd64-nomultilib/build.sh
@@ -1,29 +1,47 @@
-suffix=$3 # e.g. -nomultilib
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+ test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+ calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+ if [[ "$test_sum" == "$calculated_sum" ]]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+suffix=$3 # e.g. -hardened
arch=$1
-busybox_version=$2
dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
+# Create working directory, keep a copy of busybox handy
mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
+cp /bin/busybox .
-latest_stage3=$(curl "${base_url}/latest-stage3-amd64-nomultilib.txt" 2>/dev/null | grep -v '#' | awk '{print $1}')
-stage3=$(basename "${latest_stage3}")
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then
+ echo "DIGEST sum is okey";
+else
+ echo "DIGEST sum is NOT okey";
+ return 1;
+fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
-# Self destruct
-rm -f /Dockerfile /build.sh
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
-echo "Bootstrapped ${stage3} into /:"
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
+
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
ls --color -lah
+
diff --git a/amd64/build.sh b/amd64/build.sh
index 5c80d28..ea64118 100755
--- a/amd64/build.sh
+++ b/amd64/build.sh
@@ -1,31 +1,47 @@
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+ test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+ calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+ if [[ "$test_sum" == "$calculated_sum" ]]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
suffix=$3 # e.g. -hardened
arch=$1
-busybox_version=$2
dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
+# Create working directory, keep a copy of busybox handy
mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
-
+cp /bin/busybox .
-latest_stage3=$(curl "${base_url}/latest-stage3-amd64.txt" 2>/dev/null | grep -v '#' | awk '{print $1}')
-stage3=$(basename "${latest_stage3}")
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then
+ echo "DIGEST sum is okey";
+else
+ echo "DIGEST sum is NOT okey";
+ return 1;
+fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
-# Self destruct
-rm -f /Dockerfile /build.sh
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
-echo "Bootstrapped ${stage3} into /:"
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
ls --color -lah
+
diff --git a/x86/build.sh b/x86/build.sh
index 528a0ae..4c23847 100755
--- a/x86/build.sh
+++ b/x86/build.sh
@@ -1,29 +1,48 @@
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+ test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+ calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+ if [[ "$test_sum" == "$calculated_sum" ]]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
suffix=$3 # e.g. -hardened
arch=$1
busybox_version=$2
dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${busybox_version}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${busybox_version}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
+# Create working directory, keep a copy of busybox handy
mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
-
+cp /bin/busybox .
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then
+ echo "DIGEST sum is okey";
+else
+ echo "DIGEST sum is NOT okey";
+ return 1;
+fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
-# Self destruct
-rm -f /Dockerfile /build.sh
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
-echo "Bootstrapped ${stage3} into /:"
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
ls --color -lah
+