[PATCH 1/5] targets: Drop SHA512 isoroot verification support

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/5] targets: Drop SHA512 isoroot verification support

Matt Turner-5
BLAKE2 is good and fast. Pentoo is using BLAKE2. There's no need for a
second digest.

Signed-off-by: Matt Turner <[hidden email]>
---
 examples/livecd-stage2_template.spec |  8 ++++----
 targets/support/create-iso.sh        | 27 +++++++--------------------
 2 files changed, 11 insertions(+), 24 deletions(-)

diff --git a/examples/livecd-stage2_template.spec b/examples/livecd-stage2_template.spec
index 7398c972..4cb94d40 100644
--- a/examples/livecd-stage2_template.spec
+++ b/examples/livecd-stage2_template.spec
@@ -316,11 +316,11 @@ boot/kernel/gentoo/packages:
 # boot/kernel/gentoo/console: tty0 ttyS0
 boot/kernel/gentoo/console:
 
-# This feature will make sha512, blake2, or both checksums for every file in the iso (including files provided by livecd/overlay
-# These checksums can be verified at boot using the genkernel option "verify" added to the kernel line.
-# Currently this feature will generate both checksums if livecd/verify is defined to *any* value other than "blake2" or "sha512"
+# Enables the generation of a isoroot_b2sums file containing a BLAKE2 digest of
+# each file in the ISO. When 'livecd/bootargs' contains 'verify' this feature
+# will be used to verify the contents of the ISO at boot time.
 # No checksums are generated if this is left commented.
-#livecd/verify: sha512
+#livecd/verify: blake2
 
 # This feature controls the depclean run after fsscript and before unmerge.
 # The default is unset, and will run emerge --depclean --with-bdeps=n which results
diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index 9b10b7cf..b0e4d15e 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -94,30 +94,17 @@ else
  mkisofs_zisofs_opts=""
 fi
 
-#we want to create a checksum for every file on the iso so we can verify it
-#from genkernel during boot.  Here we make a function to create the sha512sums, and blake2sums
+# Generate list of checksums that genkernel can use to verify the contents of
+# the ISO
 isoroot_checksum() {
- echo "Creating checksums for all files included in the iso, please wait..."
- if [ -z "${1}" ] || [ "${1}" = "sha512" ]; then
- find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums
- ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_checksums
- fi
- if [ -z "${1}" ] || [ "${1}" = "blake2" ]; then
- find "${clst_target_path}" -type f ! -name 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
- ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
- fi
+ echo ">> Creating checksums for all files included in the ISO"
+ find "${clst_target_path}" -type f ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
+ ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
 }
 
 run_mkisofs() {
- if [ -n "${clst_livecd_verify}" ]; then
- if [ "${clst_livecd_verify}" = "sha512" ]; then
- isoroot_checksum sha512
- elif [ "${clst_livecd_verify}" = "blake2" ]; then
- isoroot_checksum blake2
- else
- isoroot_checksum
- fi
- fi
+ [ -n "${clst_livecd_verify}" ] && isoroot_checksum
+
  echo "Running \"mkisofs ${@}\""
  mkisofs "${@}" || die "Cannot make ISO image"
 }
--
2.24.1


Reply | Threaded
Open this post in threaded view
|

[PATCH 2/5] targets: Simplify isoroot_checksum()

Matt Turner-5
Signed-off-by: Matt Turner <[hidden email]>
---
 targets/support/create-iso.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index b0e4d15e..8c0da181 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -98,8 +98,12 @@ fi
 # the ISO
 isoroot_checksum() {
  echo ">> Creating checksums for all files included in the ISO"
- find "${clst_target_path}" -type f ! -name 'isoroot_b2sums' -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
- ${clst_sed} -i "s#${clst_target_path}/\?##" "${clst_target_path}"/isoroot_b2sums
+
+ pushd "${clst_target_path}"
+ find -type f -exec b2sum {} + > /tmp/isoroot_b2sums
+ popd
+
+ mv /tmp/isoroot_b2sums "${clst_target_path}"/
 }
 
 run_mkisofs() {
--
2.24.1


Reply | Threaded
Open this post in threaded view
|

[PATCH 3/5] targets: Move isoroot verify check into isoroot_checksum()

Matt Turner-5
In reply to this post by Matt Turner-5
This will simplify the callers.

Signed-off-by: Matt Turner <[hidden email]>
---
 targets/support/create-iso.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index 8c0da181..b32c669e 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -97,6 +97,8 @@ fi
 # Generate list of checksums that genkernel can use to verify the contents of
 # the ISO
 isoroot_checksum() {
+ [ -z "${clst_livecd_verify}" ] && return
+
  echo ">> Creating checksums for all files included in the ISO"
 
  pushd "${clst_target_path}"
@@ -107,7 +109,7 @@ isoroot_checksum() {
 }
 
 run_mkisofs() {
- [ -n "${clst_livecd_verify}" ] && isoroot_checksum
+ isoroot_checksum
 
  echo "Running \"mkisofs ${@}\""
  mkisofs "${@}" || die "Cannot make ISO image"
--
2.24.1


Reply | Threaded
Open this post in threaded view
|

[PATCH 4/5] targets: Support isoroot checksum on more platforms

Matt Turner-5
In reply to this post by Matt Turner-5
Signed-off-by: Matt Turner <[hidden email]>
---
 targets/support/create-iso.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index b32c669e..955fedd0 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -118,6 +118,8 @@ run_mkisofs() {
 # Here we actually create the ISO images for each architecture
 case ${clst_hostarch} in
  alpha)
+ isoroot_checksum
+
  echo ">> xorriso -as genisofs -alpha-boot boot/bootlx -R -l -J ${mkisofs_zisofs_opts} -V \"${clst_iso_volume_id}\" -o \"${1}\" \"${clst_target_path}\""
  xorriso -as genisofs -alpha-boot boot/bootlx -R -l -J ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o "${1}" "${clst_target_path}" || die "Cannot make ISO image"
  ;;
@@ -219,6 +221,8 @@ case ${clst_hostarch} in
  esac
  ;;
  ppc*|powerpc*|sparc*)
+ isoroot_checksum
+
  case ${clst_hostarch} in
  sparc*) extra_opts="--sparc-boot" ;;
  esac
--
2.24.1


Reply | Threaded
Open this post in threaded view
|

[PATCH 5/5] targets: Use GRUB for BIOS boot

Matt Turner-5
In reply to this post by Matt Turner-5
grub-mkrescue produces an ISO that is bootable from EFI as well as from
the BIOS, so isolinux isn't necessary to accomplish that.

This patch has the side effect of removing the F[2-7] help texts and the
memtest86+ option, since those were done via isolinux. I feel okay
removing those since isolinux was only used on BIOS systems and not on
EFI, so none of those things were available to the vast majority of our
users.

Signed-off-by: Matt Turner <[hidden email]>
---
 doc/catalyst-spec.5.txt              |   5 +-
 examples/livecd-stage2_template.spec |   5 +-
 livecd/files/x86-F2.msg              |  22 ------
 livecd/files/x86-F3.msg              |  22 ------
 livecd/files/x86-F4.msg              |  20 -----
 livecd/files/x86-F5.msg              |  22 ------
 livecd/files/x86-F6.msg              |  14 ----
 livecd/files/x86-F7.msg              |  22 ------
 targets/support/bootloader-setup.sh  | 110 +--------------------------
 targets/support/create-iso.sh        |  68 +----------------
 targets/support/functions.sh         |  69 -----------------
 11 files changed, 5 insertions(+), 374 deletions(-)
 delete mode 100644 livecd/files/x86-F2.msg
 delete mode 100644 livecd/files/x86-F3.msg
 delete mode 100644 livecd/files/x86-F4.msg
 delete mode 100644 livecd/files/x86-F5.msg
 delete mode 100644 livecd/files/x86-F6.msg
 delete mode 100644 livecd/files/x86-F7.msg

diff --git a/doc/catalyst-spec.5.txt b/doc/catalyst-spec.5.txt
index 03fdeecc..34c5c18d 100644
--- a/doc/catalyst-spec.5.txt
+++ b/doc/catalyst-spec.5.txt
@@ -203,10 +203,7 @@ Bootloader
 This is required for livecd-stage2 on all arches except amd64 and x86 which can autogenerate one
 if USE=system-bootloader is set.
 The cdtar is essentially the bootloader for the CD.  It also holds the
-main configuration for the bootloader.  On x86/amd64, it also can
-include a small memory testing application, called memtest86+
-(example:
-`/usr/share/catalyst/livecd/cdtar/isolinux-2.13-memtest86+-cdtar.tar.bz2`).
+main configuration for the bootloader.
 
 Kernel and boot issues
 ~~~~~~~~~~~~~~~~~~~~~~
diff --git a/examples/livecd-stage2_template.spec b/examples/livecd-stage2_template.spec
index 4cb94d40..7d8a09f7 100644
--- a/examples/livecd-stage2_template.spec
+++ b/examples/livecd-stage2_template.spec
@@ -100,10 +100,9 @@ livecd/fstype:
 livecd/fsops:
 
 # The cdtar is essentially the bootloader for the CD.  It also holds the main
-# configuration for the bootloader.  On x86/amd64, it also can include a small
-# memory testing application, called memtest86+.
+# configuration for the bootloader.
 # example:
-# livecd/cdtar: /usr/share/catalyst/livecd/cdtar/isolinux-2.13-memtest86+-cdtar.tar.bz2
+# livecd/cdtar: /usr/share/catalyst/livecd/cdtar/[...].cdtar.tar.bz2
 livecd/cdtar:
 
 # This is the full path and filename to the ISO image that the livecd-stage2
diff --git a/livecd/files/x86-F2.msg b/livecd/files/x86-F2.msg
deleted file mode 100644
index eb1638b8..00000000
--- a/livecd/files/x86-F2.msg
+++ /dev/null
@@ -1,22 +0,0 @@
-Gentoo Linux LiveCD boot options - [F1 to display available kernels]
-
-Please hit F1 to see the available kernels on this livecd.  Please note that
-the -nofb counterparts to each kernel disable the framebuffer
-and splash images. Additionally, the memtest86 boot option is available
-to test local RAM for errors. To use memtest86, just type 'memtest86'.
-
-This lists the possible command line options that can be used to tweak the boot
-process of this CD.  This lists the Gentoo-specific options, along with a few
-options that are built-in to the kernel, but that have been proven very useful
-to our users.  Also, all options that start with "do" have a "no" inverse, that
-does the opposite.  For example, "doscsi" enables SCSI support in the initial
-ramdisk boot, while "noscsi" disables it.
-
-To list the options, please press keys from F3 through F7.
-
-F3: Hardware (Page 1)
-F4: Hardware (Page 2)
-F5: Hardware (Page 3)
-F6: Volume Management
-F7: Misc.
-
diff --git a/livecd/files/x86-F3.msg b/livecd/files/x86-F3.msg
deleted file mode 100644
index e0ec2bd8..00000000
--- a/livecd/files/x86-F3.msg
+++ /dev/null
@@ -1,22 +0,0 @@
-Hardware options (Page 1):
-acpi=on         This loads support for ACPI and also causes the acpid daemon to
-                be started by the CD on boot.  This is only needed if your
-                system requires ACPI to function properly.  This is not
-                required for Hyperthreading support.
-acpi=off        Completely disables ACPI.  This is useful on some older systems
-                and is also a requirement for using APM.  This will disable any
-                Hyperthreading support of your processor.
-console=X       This sets up serial console access for the CD.  The first
-                option is the device, usually ttyS0 on x86, followed by any
-                connection options, which are comma separated.  The default
-                options are 9600,8,n,1.
-dmraid=X        This allows for passing options to the device-mapper RAID
-                subsystem.  Options should be encapsulated in quotes.
-doapm           This loads APM driver support.  This requires you to also use
-                acpi=off.
-dopcmcia        This loads support for PCMCIA and Cardbus hardware and also
-                causes the pcmcia cardmgr to be started by the CD on boot.
-                This is only required when booting from PCMCIA/Cardbus devices.
-doscsi          This loads support for most SCSI controllers.  This is also a
-                requirement for booting most USB devices, as they use the SCSI
-                subsystem of the kernel.
diff --git a/livecd/files/x86-F4.msg b/livecd/files/x86-F4.msg
deleted file mode 100644
index 77ded0e3..00000000
--- a/livecd/files/x86-F4.msg
+++ /dev/null
@@ -1,20 +0,0 @@
-Hardware options (Page 2):
-hda=stroke      This allows you to partition the whole hard disk even when your
-                BIOS is unable to handle large disks.  This option is only used
-                on machines with an older BIOS.  Replace hda with the device
-                that is requiring this option.
-ide=nodma       This forces the disabling of DMA in the kernel and is required
-                by some IDE chipsets and also by some CDROM drives.  If your
-                system is having trouble reading from your IDE CDROM, try this
-                option.  This also disables the default hdparm settings from
-                being executed.
-noapic          This disables the Advanced Programmable Interrupt Controller
-                that is present on newer motherboards.  It has been known to
-                cause some problems on older hardware.
-nodetect        This disables all of the autodetection done by the CD,
-                including device autodetection and DHCP probing.  This is
-                useful for doing debugging of a failing CD or driver.
-nodhcp          This disables DHCP probing on detected network cards.  This is
-                useful on networks with only static addresses.
-nodmraid        Disables support for device-mapper RAID, such as that used for
-                on-board IDE/SATA RAID controllers.
diff --git a/livecd/files/x86-F5.msg b/livecd/files/x86-F5.msg
deleted file mode 100644
index adfb0197..00000000
--- a/livecd/files/x86-F5.msg
+++ /dev/null
@@ -1,22 +0,0 @@
-Hardware options (Page 3):
-nofirewire      This disables the loading of Firewire modules.  This should
-                only be necessary if your Firewire hardware is causing
-                a problem with booting the CD.
-nogpm           This diables gpm console mouse support.
-nohotplug       This disables the loading of the hotplug and coldplug init
-                scripts at boot.  This is useful for doing debugging of a
-                failing CD or driver.
-nokeymap        This disables the keymap selection used to select non-US
-                keyboard layouts.
-nolapic         This disables the local APIC on Uniprocessor kernels.
-nosata          This disables the loading of Serial ATA modules.  This is used
-                if your system is having problems with the SATA subsystem.
-nosmp           This disables SMP, or Symmetric Multiprocessing, on SMP-enabled
-                kernels.  This is useful for debugging SMP-related issues with
-                certain drivers and motherboards.
-nosound         This disables sound support and volume setting.  This is useful
-                for systems where sound support causes problems.
-nousb           This disables the autoloading of USB modules.  This is useful
-                for debugging USB issues.
-slowusb         This adds some extra pauses into the boot process for slow
-                USB CDROMs, like in the IBM BladeCenter.
diff --git a/livecd/files/x86-F6.msg b/livecd/files/x86-F6.msg
deleted file mode 100644
index b61ee9c9..00000000
--- a/livecd/files/x86-F6.msg
+++ /dev/null
@@ -1,14 +0,0 @@
-Volume/Device Management:
-doevms          This enables support for IBM's pluggable EVMS, or Enterprise
-                Volume Management System.  This is not safe to use with lvm2.
-dolvm           This enables support for Linux's Logical Volume Management.
-                This is not safe to use with evms2.
-Screen reader access:
-speakup.synth=synth  starts speakup using a given synthesizer.
-                     supported synths are acntpc, acntsa, apollo, audptr, bns,
-                     decext, dectlk, dtlk, keypc, ltlk, spkout and txprt.
-                     Also, soft is supported for software speech and dummy is
-                     supported for testing.
-speakup.quiet=1      sets the synthesizer not to speak until a key is pressed.
-speakup_SYNTH.port=n sets the port for internal synthesizers.
-speakup_SYNTH.ser=n  sets the serial port for external synthesizers.
diff --git a/livecd/files/x86-F7.msg b/livecd/files/x86-F7.msg
deleted file mode 100644
index 82306245..00000000
--- a/livecd/files/x86-F7.msg
+++ /dev/null
@@ -1,22 +0,0 @@
-Other options:
-debug           Enables debugging code.  This might get messy, as it displays
-                a lot of data to the screen.
-docache         This caches the entire runtime portion of the CD into RAM,
-                which allows you to umount /mnt/cdrom and mount another CDROM.
-                This option requires that you have at least twice as much
-                available RAM as the size of the CD.
-doload=X        This causes the initial ramdisk to load any module listed, as
-                well as dependencies.  Replace X with the module name.
-                Multiple modules can be specified by a comma-separated list.
-noload=X        This causes the initial ramdisk to skip the loading of a
-                specific module that may be causing a problem.  Syntax matches
-                that of doload.
-nox             This causes an X-enabled LiveCD to not automatically start X,
-                but rather, to drop to the command line instead.
-scandelay       This causes the CD to pause for 10 seconds during certain
-                portions the boot process to allow for devices that are slow to
-                initialize to be ready for use.
-scandelay=X     This allows you to specify a given delay, in seconds, to be
-                added to certain portions of the boot process to allow for
-                devices that are slow to initialize to be ready for use.
-                Replace X with the number of seconds to pause.
diff --git a/targets/support/bootloader-setup.sh b/targets/support/bootloader-setup.sh
index c52e0907..7414057f 100755
--- a/targets/support/bootloader-setup.sh
+++ b/targets/support/bootloader-setup.sh
@@ -5,15 +5,9 @@ source ${clst_shdir}/support/filesystem-functions.sh
 
 # $1 is the destination root
 
-# We handle boot loader a little special.  Most arches require a cdtar with bootloader files
-# but we can generate one for amd64/x86 now
 if [ -n "${clst_cdtar}" ]
 then
  extract_cdtar $1
-elif [ "${clst_buildarch}" = "x86" ] || [ "${clst_buildarch}" = "amd64" ]
-then
- #assume if there is no cdtar and we are on a supported arch that the user just wants us to handle this
- create_bootloader $1
 else
  #While this seems a little crazy, it's entirely possible the bootloader is just shoved in isoroot overlay
  echo "No cdtar and unable to auto generate boot loader files... good luck"
@@ -80,8 +74,7 @@ case ${clst_hostarch} in
  echo "--recoverykernel=boot/${x}" >> ${icfg}
  done
  ;;
- ppc*|powerpc*|sparc*)
-    # GRUB2 Openfirmware
+ x86|amd64|ppc*|powerpc*|sparc*)
  kern_subdir=/boot
  iacfg=$1/boot/grub/grub.cfg
  mkdir -p $1/boot/grub
@@ -155,107 +148,6 @@ case ${clst_hostarch} in
  done
  cp ${iacfg} $1/boot/efi/boot
  ;;
- x86|amd64)
- if [ -e $1/isolinux/isolinux.bin ]
- then
- # the rest of this function sets up the config file for isolinux
- icfg=$1/isolinux/isolinux.cfg
- kmsg=$1/isolinux/kernels.msg
- echo "default ${first}" > ${icfg}
- echo "timeout 150" >> ${icfg}
- echo "ontimeout localhost" >> ${icfg}
- echo "prompt 1" >> ${icfg}
- echo "display boot.msg" >> ${icfg}
- echo "F1 kernels.msg" >> ${icfg}
- for k in {2..7}
- do
- echo "F${k} F${k}.msg" >> ${icfg}
- done
-
- echo "Available kernels:" > ${kmsg}
- for i in {2..7}
- do
- cp ${clst_sharedir}/livecd/files/x86-F$i.msg \
- $1/isolinux/F$i.msg
- done
-
- for x in ${clst_boot_kernel}
- do
- eval custom_kopts=\$${x}_kernelopts
- echo "APPENDING CUSTOM KERNEL ARGS: ${custom_kopts}"
- echo >> ${icfg}
-
- eval "clst_kernel_softlevel=\$clst_boot_kernel_${x}_softlevel"
-
- if [ -n "${clst_kernel_softlevel}" ]
- then
- for y in ${clst_kernel_softlevel}
- do
- echo "label ${x}-${y}" >> ${icfg}
- echo "  kernel /boot/${x}" >> ${icfg}
- echo "  append ${default_append_line} softlevel=${y} initrd=/boot/${x}.igz vga=791" >> ${icfg}
-
- echo >> ${icfg}
- echo "   ${x}" >> ${kmsg}
- echo "label ${x}-${y}-nofb" >> ${icfg}
- echo "  kernel /boot/${x}" >> ${icfg}
- echo "  append ${default_append_line} softlevel=${y} initrd=/boot/${x}.igz" >> ${icfg}
- echo >> ${icfg}
- echo "   ${x}-nofb" >> ${kmsg}
- done
- else
- echo "label ${x}" >> ${icfg}
- echo "  kernel /boot/${x}" >> ${icfg}
- echo "  append ${default_append_line} initrd=/boot/${x}.igz vga=791" >> ${icfg}
- echo >> ${icfg}
- echo "   ${x}" >> ${kmsg}
- echo "label ${x}-nofb" >> ${icfg}
- echo "  kernel /boot/${x}" >> ${icfg}
- echo "  append ${default_append_line} initrd=/boot/${x}.igz" >> ${icfg}
- echo >> ${icfg}
- echo "   ${x}-nofb" >> ${kmsg}
- fi
- done
-
- if [ -f $1/isolinux/memtest86 ]
- then
- echo >> $icfg
- echo "   memtest86" >> $kmsg
- echo "label memtest86" >> $icfg
- echo "  kernel memtest86" >> $icfg
- fi
- echo >> $icfg
- echo "label localhost" >> $icfg
- echo "  localboot -1" >> $icfg
- echo "  MENU HIDE" >> $icfg
- fi
-
- # GRUB2
- if [ -d $1/grub ] || [ -f "$1/boot/EFI/BOOT/BOOTX64.EFI" ]
- then
- mkdir -p "$1/grub"
-
- iacfg=$1/grub/grub.cfg
- echo 'set default=0' > ${iacfg}
- echo 'set gfxpayload=keep' >> ${iacfg}
- echo 'set timeout=10' >> ${iacfg}
- echo 'insmod all_video' >> ${iacfg}
- echo '' >> ${iacfg}
- for x in ${clst_boot_kernel}
- do
- echo "menuentry 'Boot LiveCD (kernel: ${x})' --class gnu-linux --class os {"  >> ${iacfg}
- echo " linux /boot/${x} ${default_append_line}" >> ${iacfg}
- echo " initrd /boot/${x}.igz" >> ${iacfg}
- echo "}" >> ${iacfg}
- echo "" >> ${iacfg}
- echo "menuentry 'Boot LiveCD (kernel: ${x}) (cached)' --class gnu-linux --class os {"  >> ${iacfg}
- echo " linux /boot/${x} ${default_append_line} docache" >> ${iacfg}
- echo " initrd /boot/${x}.igz" >> ${iacfg}
- echo "}" >> ${iacfg}
- echo "" >> ${iacfg}
- done
- fi
- ;;
  mips)
  # NO SOFTLEVEL SUPPORT YET
 
diff --git a/targets/support/create-iso.sh b/targets/support/create-iso.sh
index 955fedd0..71b451c6 100755
--- a/targets/support/create-iso.sh
+++ b/targets/support/create-iso.sh
@@ -220,7 +220,7 @@ case ${clst_hostarch} in
  *) die "SGI LiveCD(s) only support the 'squashfs' fstype!" ;;
  esac
  ;;
- ppc*|powerpc*|sparc*)
+ x86|amd64|ppc*|powerpc*|sparc*)
  isoroot_checksum
 
  case ${clst_hostarch} in
@@ -230,71 +230,5 @@ case ${clst_hostarch} in
  echo ">> Running grub-mkrescue to create iso image...."
  grub-mkrescue ${extra_opts} -o "${1}" "${clst_target_path}"
  ;;
- x86|amd64)
- # detect if an EFI bootloader is desired
- if [ -d "${clst_target_path}/boot/efi" ] || \
- [ -d "${clst_target_path}/boot/EFI" ] || \
- [ -e "${clst_target_path}/gentoo.efimg" ]
- then
- if [ -e "${clst_target_path}/gentoo.efimg" ]
- then
- echo "Found prepared EFI boot image at \
- ${clst_target_path}/gentoo.efimg"
- else
- echo "Preparing EFI boot image"
- if [ -d "${clst_target_path}/boot/efi" ] && [ ! -d "${clst_target_path}/boot/EFI" ]; then
- echo "Moving /boot/efi to /boot/EFI"
- mv "${clst_target_path}/boot/efi" "${clst_target_path}/boot/EFI"
- fi
- # prepare gentoo.efimg from clst_target_path /boot/EFI dir
- iaSizeTemp=$(du -sk "${clst_target_path}/boot/EFI" 2>/dev/null)
- iaSizeB=$(echo ${iaSizeTemp} | cut '-d ' -f1)
- iaSize=$((${iaSizeB}+64)) # add slack, tested near minimum for overhead
- echo "Creating loopback file of size ${iaSize}kB"
- dd if=/dev/zero of="${clst_target_path}/gentoo.efimg" bs=1k \
- count=${iaSize}
- echo "Formatting loopback file with FAT16 FS"
- mkfs.vfat -F 16 -n GENTOOLIVE "${clst_target_path}/gentoo.efimg"
-
- mkdir "${clst_target_path}/gentoo.efimg.mountPoint"
- echo "Mounting FAT16 loopback file"
- mount -t vfat -o loop "${clst_target_path}/gentoo.efimg" \
- "${clst_target_path}/gentoo.efimg.mountPoint" || die "Failed to mount EFI image file"
-
- echo "Populating EFI image file from ${clst_target_path}/boot/EFI"
- cp -rv "${clst_target_path}"/boot/EFI/ \
- "${clst_target_path}/gentoo.efimg.mountPoint" || die "Failed to populate EFI image file"
-
- umount "${clst_target_path}/gentoo.efimg.mountPoint"
- rmdir "${clst_target_path}/gentoo.efimg.mountPoint"
-
- echo "Copying /boot/EFI to /EFI for rufus compatability"
- cp -rv "${clst_target_path}"/boot/EFI/ "${clst_target_path}"
- fi
- fi
-
- if [ -e "${clst_target_path}/isolinux/isolinux.bin" ]; then
- echo '** Found ISOLINUX bootloader'
- if [ -e "${clst_target_path}/gentoo.efimg" ]; then
-  # have BIOS isolinux, plus an EFI loader image
-  echo '** Found GRUB2 EFI bootloader'
- echo 'Creating ISO using both ISOLINUX and EFI bootloader'
- run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o "${1}" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -eltorito-platform efi -b gentoo.efimg -no-emul-boot -z "${clst_target_path}"/
- isohybrid --uefi "${1}"
-  else
-  echo 'Creating ISO using ISOLINUX bootloader'
-  run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o "${1}" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table "${clst_target_path}"/
-  isohybrid "${1}"
-  fi
- elif [ -e "${clst_target_path}/gentoo.efimg" ]; then
- echo '** Found GRUB2 EFI bootloader'
- echo 'Creating ISO using EFI bootloader'
- run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o "${1}" -b gentoo.efimg -c boot.cat -no-emul-boot "${clst_target_path}"/
- else
- echo '** Found no known bootloader'
- echo 'Creating ISO with fingers crossed that you know what you are doing...'
- run_mkisofs -J -R -l ${mkisofs_zisofs_opts} -V "${clst_iso_volume_id}" -o "${1}" "${clst_target_path}"/
- fi
- ;;
 esac
 exit  $?
diff --git a/targets/support/functions.sh b/targets/support/functions.sh
index d3414f80..4e226801 100755
--- a/targets/support/functions.sh
+++ b/targets/support/functions.sh
@@ -43,75 +43,6 @@ extract_cdtar() {
  tar -I lbzip2 -xpf ${clst_cdtar} -C $1 || die "Couldn't extract cdtar ${cdtar}"
 }
 
-create_bootloader() {
- # For amd64 and x86 we attempt to copy boot loader files from the live system and configure it right
- # this prevents (among other issues) needing to keep a cdtar up to date.  All files are thrown into $clst_target_path
- # Future improvement may make bootloaders optional, but for now there is only one option
-  if [ -x "/usr/bin/grub2-mkstandalone" ]; then
-    grubmkstndaln="/usr/bin/grub2-mkstandalone"
-  elif [ -x "/usr/bin/grub-mkstandalone" ]; then
-    grubmkstndaln="/usr/bin/grub-mkstandalone"
-  else
-    die "Unable to find grub-mkstandalone"
-  fi
-
-  pushd "${1}" || die "Failed to enter livecd dir ${1}"
-
-  # while $1/grub is unused here, it triggers grub config building in bootloader-setup.sh
-  mkdir -p boot/EFI/BOOT isolinux
-  #create boot.msg for isolinux
- echo "Gentoo Linux Installation LiveCD                         http://www.gentoo.org/" > isolinux/boot.msg
- echo "Enter to boot; F1 for kernels  F2 for options." >> isolinux/boot.msg
- echo "Press any key in the next 15 seconds or we'll try to boot from disk." >> isolinux/boot.msg
-  #install isolinux files
-  if [ -f /usr/share/syslinux/isolinux.bin ]; then
-    cp /usr/share/syslinux/isolinux.bin isolinux/
-    #isolinux support files
-    for i in libcom32.c32 libutil.c32 ldlinux.c32 reboot.c32 vesamenu.c32; do
-      if [ -f "/usr/share/syslinux/${i}" ]; then
-        cp "/usr/share/syslinux/${i}" isolinux/
-      fi
-    done
-    #isolinux hardware detection toolkit, useful for system info and debugging
-    if [ -f "/usr/share/syslinux/hdt.c32" ]; then
-      cp /usr/share/syslinux/hdt.c32 isolinux/
-      if [ -f "/usr/share/misc/pci.ids" ]; then
-        cp /usr/share/misc/pci.ids isolinux/
-      fi
-    fi
-    #memtest goes under isolinux since it doesn't work for uefi right now
-    if [ -f /usr/share/memtest86+/memtest ]; then
-      cp /usr/share/memtest86+/memtest.bin isolinux/memtest86
-    else
-      echo "Missing /usr/share/memtest86+/memtest.bin, this livecd will not have memtest86+ support.  Enable USE=system-bootloader on catalyst to pull in the correct deps"
-    fi
-  else
-    echo "Missing /usr/share/syslinux/isolinux.bin, this livecd will not bios boot.  Enable USE=system-bootloader on catalyst to pull in the correct deps"
-  fi
-
-  #create grub-stub.cfg for embedding in grub-mkstandalone
-  echo "insmod part_gpt" > grub-stub.cfg
-  echo "insmod part_msdos" >> grub-stub.cfg
-  echo "search --no-floppy --set=root --file /livecd" >> grub-stub.cfg
-  echo "configfile /grub/grub.cfg" >> grub-stub.cfg
-
-  # some 64 bit machines have 32 bit UEFI, and you might want to boot 32 bit on a 64 bit machine, so we take the safest path and include both
-  # set up 32 bit uefi
-  ${grubmkstndaln} /boot/grub/grub.cfg=./grub-stub.cfg --compress=xz -O i386-efi -o ./boot/EFI/BOOT/grubia32.efi --themes= || die "Failed to make grubia32.efi"
-  #secure boot shim
-  cp /usr/share/shim/BOOTIA32.EFI boot/EFI/BOOT/
-  cp /usr/share/shim/mmia32.efi boot/EFI/BOOT/
-
-  #set up 64 bit uefi
-  ${grubmkstndaln} /boot/grub/grub.cfg=./grub-stub.cfg --compress=xz -O x86_64-efi -o ./boot/EFI/BOOT/grubx64.efi --themes= || die "Failed to make grubx64.efi"
-  #secure boot shim
-  cp /usr/share/shim/BOOTX64.EFI boot/EFI/BOOT/
-  cp /usr/share/shim/mmx64.efi boot/EFI/BOOT/
-
-  rm grub-stub.cfg || echo "Failed to remove grub-stub.cfg, but this hurts nothing"
-  popd || die "Failed to leave livecd dir"
-}
-
 extract_kernels() {
  # extract multiple kernels
  # $1 = Destination
--
2.24.1


Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/5] targets: Drop SHA512 isoroot verification support

Brian Dolbec-3
In reply to this post by Matt Turner-5
On Tue,  7 Apr 2020 20:27:49 -0700
Matt Turner <[hidden email]> wrote:

> BLAKE2 is good and fast. Pentoo is using BLAKE2. There's no need for a
> second digest.
>
> Signed-off-by: Matt Turner <[hidden email]>
> ---
>  examples/livecd-stage2_template.spec |  8 ++++----
>  targets/support/create-iso.sh        | 27 +++++++--------------------
>  2 files changed, 11 insertions(+), 24 deletions(-)
>
> diff --git a/examples/livecd-stage2_template.spec
> b/examples/livecd-stage2_template.spec index 7398c972..4cb94d40 100644
> --- a/examples/livecd-stage2_template.spec
> +++ b/examples/livecd-stage2_template.spec
> @@ -316,11 +316,11 @@ boot/kernel/gentoo/packages:
>  # boot/kernel/gentoo/console: tty0 ttyS0
>  boot/kernel/gentoo/console:
>  
> -# This feature will make sha512, blake2, or both checksums for every
> file in the iso (including files provided by livecd/overlay -# These
> checksums can be verified at boot using the genkernel option "verify"
> added to the kernel line. -# Currently this feature will generate
> both checksums if livecd/verify is defined to *any* value other than
> "blake2" or "sha512" +# Enables the generation of a isoroot_b2sums
> file containing a BLAKE2 digest of +# each file in the ISO. When
> 'livecd/bootargs' contains 'verify' this feature +# will be used to
> verify the contents of the ISO at boot time. # No checksums are
> generated if this is left commented. -#livecd/verify: sha512
> +#livecd/verify: blake2 # This feature controls the depclean run
> after fsscript and before unmerge. # The default is unset, and will
> run emerge --depclean --with-bdeps=n which results diff --git
> a/targets/support/create-iso.sh b/targets/support/create-iso.sh index
> 9b10b7cf..b0e4d15e 100755 --- a/targets/support/create-iso.sh
> +++ b/targets/support/create-iso.sh
> @@ -94,30 +94,17 @@ else
>   mkisofs_zisofs_opts=""
>  fi
>  
> -#we want to create a checksum for every file on the iso so we can
> verify it -#from genkernel during boot.  Here we make a function to
> create the sha512sums, and blake2sums +# Generate list of checksums
> that genkernel can use to verify the contents of +# the ISO
>  isoroot_checksum() {
> - echo "Creating checksums for all files included in the iso,
> please wait..."
> - if [ -z "${1}" ] || [ "${1}" = "sha512" ]; then
> - find "${clst_target_path}" -type f ! -name
> 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums'
> -exec sha512sum {} + > "${clst_target_path}"/isoroot_checksums
> - ${clst_sed} -i "s#${clst_target_path}/\?##"
> "${clst_target_path}"/isoroot_checksums
> - fi
> - if [ -z "${1}" ] || [ "${1}" = "blake2" ]; then
> - find "${clst_target_path}" -type f ! -name
> 'isoroot_checksums' ! -name 'isolinux.bin' ! -name 'isoroot_b2sums'
> -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
> - ${clst_sed} -i "s#${clst_target_path}/\?##"
> "${clst_target_path}"/isoroot_b2sums
> - fi
> + echo ">> Creating checksums for all files included in the
> ISO"
> + find "${clst_target_path}" -type f ! -name 'isoroot_b2sums'
> -exec b2sum {} + > "${clst_target_path}"/isoroot_b2sums
> + ${clst_sed} -i "s#${clst_target_path}/\?##"
> "${clst_target_path}"/isoroot_b2sums }
>  
>  run_mkisofs() {
> - if [ -n "${clst_livecd_verify}" ]; then
> - if [ "${clst_livecd_verify}" = "sha512" ]; then
> - isoroot_checksum sha512
> - elif [ "${clst_livecd_verify}" = "blake2" ]; then
> - isoroot_checksum blake2
> - else
> - isoroot_checksum
> - fi
> - fi
> + [ -n "${clst_livecd_verify}" ] && isoroot_checksum
> +
>   echo "Running \"mkisofs ${@}\""
>   mkisofs "${@}" || die "Cannot make ISO image"
>  }

I know I've been out of touch for almost the last year, but why remove
sha512?  the current code it is optional for either of the two or both.

What is gentoo now supplying primarily?

If any change is to be made, I think it should be made as a plugin so
the base code doesn't need to be changed as things change to the
checksum of the day...

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/5] targets: Drop SHA512 isoroot verification support

Matt Turner-5
On Wed, Apr 8, 2020 at 9:13 AM Brian Dolbec <[hidden email]> wrote:
> I know I've been out of touch for almost the last year, but why remove
> sha512?  the current code it is optional for either of the two or both.
>
> What is gentoo now supplying primarily?
>
> If any change is to be made, I think it should be made as a plugin so
> the base code doesn't need to be changed as things change to the
> checksum of the day...

releng.git does not use this functionality at all -- it was added by
Rick for Pentoo, and Pentoo is now using only blake2.

I'd like to remove it because catalyst is already a monstrosity of
unnecessary and unused functionality.

I'm happy to just fork catalyst if others want it to remain this way.

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 1/5] targets: Drop SHA512 isoroot verification support

Brian Dolbec-3
On Wed, 8 Apr 2020 10:51:41 -0700
Matt Turner <[hidden email]> wrote:

> On Wed, Apr 8, 2020 at 9:13 AM Brian Dolbec <[hidden email]> wrote:
> > I know I've been out of touch for almost the last year, but why
> > remove sha512?  the current code it is optional for either of the
> > two or both.
> >
> > What is gentoo now supplying primarily?
> >
> > If any change is to be made, I think it should be made as a plugin
> > so the base code doesn't need to be changed as things change to the
> > checksum of the day...  
>
> releng.git does not use this functionality at all -- it was added by
> Rick for Pentoo, and Pentoo is now using only blake2.
>
> I'd like to remove it because catalyst is already a monstrosity of
> unnecessary and unused functionality.
>
> I'm happy to just fork catalyst if others want it to remain this way.
>

No, don't fork it.

If a plugin system is ever added for this, it'll be easy to create the
plugin of choice.