Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/check-iso
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2022-02-03 20:31:11 +0100
committerAndreas Baumann <mail@andreasbaumann.cc>2022-02-03 20:31:11 +0100
commit8ecb5dfd9f915e840aa85823e9c1b7602ca97d13 (patch)
tree1ec8e198335e78ee8a1faa568de02d1f6f494660 /check-iso
parentb6fa60ae18987231e77cbd125b3e662d3a0f08c8 (diff)
check-iso: extracted ISO checking and information extraction into a separate script
Diffstat (limited to 'check-iso')
-rwxr-xr-xcheck-iso208
1 files changed, 208 insertions, 0 deletions
diff --git a/check-iso b/check-iso
new file mode 100755
index 0000000..65b2c57
--- /dev/null
+++ b/check-iso
@@ -0,0 +1,208 @@
+#!/bin/bash
+
+# parameters and default values
+ARCH="i686"
+DATE=$(date +%Y.%m.%d)
+ISO="archlinux32-${DATE}-${ARCH}.iso"
+OUTPUT_DIR="${HOME}/archisos"
+#Andreas Baumann (sign) <mail@andreasbaumann.cc>
+SIGN_KEY='16194A82231E9EF823562181C8E8F5A0AF9BA7E7'
+# Archlinux 32 Release Key <release@archlinux32.org>
+#SIGN_KEY='33CA3597B0D161AAE4173F65C17F1214114574A4'
+
+usage() {
+ >&2 echo ""
+ >&2 echo "check-iso: checks sanity of ISOs built for Archlinux32 and returns data about the ISO"
+ >&2 echo ""
+ >&2 echo "possible options:"
+ >&2 echo " -h|--help: show this help and exit"
+ >&2 echo " --iso name of ISO to be checked, default is '${ISO}'."
+ >&2 echo " --output-dir where to write the isos, default is '${OUTPUT_DIR}."
+ >&2 echo " --check check sanity of the image, returns an exit code only."
+ >&2 echo " --expected-sign-key expected PGP key the ISO has to be signed with, default '${SIGN_KEY}'."
+ >&2 echo " --md5sum get md5 of the ISO."
+ >&2 echo " --sha512sum get sha512sum of the ISO."
+ >&2 echo " --sign-key get GPG signing key of the ISO."
+ >&2 echo " --size get size of the ISO."
+ >&2 echo " --kernel-version get version of the kernel on the ISO."
+ >&2 echo " --no-cleanup do not clean up tmpdir after run, for debugging."
+ [ -z "$1" ] && exit 1 || exit "$1"
+}
+
+# fail on first error
+set -e
+
+# cleanup hook
+tmp_dir="$(mktemp -d)"
+cleanup() {
+ if mountpoint -q "${tmp_dir}"; then
+ sudo umount "${tmp_dir}"
+ fi
+ rm -rf --one-file-system "${tmp_dir}"
+}
+trap cleanup EXIT
+
+eval set -- "$(
+ getopt -o h \
+ --long help \
+ --long iso: \
+ --long output-dir: \
+ --long check \
+ --long expected-sign-key: \
+ --long md5sum \
+ --long sha512sum \
+ --long sign-key \
+ --long size \
+ --long kernel-version \
+ -n "$(basename "$0")" -- "$@" || \
+ echo usage
+)"
+
+iso="$ISO"
+output_dir="${OUTPUT_DIR}"
+check=0
+expected_sign_key="${SIGN_KEY}"
+md5sum=0
+sha512sum=0
+sign_key=0
+size=0
+kernel_version=0
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ '--iso')
+ shift
+ iso="$1"
+ ;;
+ '--output-dir')
+ shift
+ output_dir="$1"
+ ;;
+ '--check')
+ check=1
+ ;;
+ '--expected-sign-key')
+ shift
+ expected_sign_key="$1"
+ ;;
+ '--md5sum')
+ md5sum=1
+ ;;
+ '--sha512sum')
+ sha512sum=1
+ ;;
+ '--sign-key')
+ sign_key=1
+ ;;
+ '--size')
+ size=1
+ ;;
+ '--kernel-version')
+ kernel_version=1
+ ;;
+ '--help'|'-h')
+ usage 0
+ ;;
+ '--')
+ shift
+ break
+ ;;
+ *)
+ >&2 printf 'Whoops, option "%s" is not yet implemented!\n' "$1" >&2
+ exit 42
+ ;;
+ esac
+ shift
+done
+
+if [ $# -gt 0 ]; then
+ >&2 echo 'Too many arguments.' >&2
+ exit 2
+fi
+
+if [ "${md5sum}" = 1 ]; then
+ md5sum="$(
+ grep "\s${iso/}\$" "${output_dir}/md5sums" | \
+ awk '{print $1}'
+ )"
+ echo "${md5sum}"
+fi
+
+if [ "${sha512sum}" = 1 ]; then
+ sha512sum="$(
+ grep "\s${iso/}\$" "${output_dir}/sha512sums" | \
+ awk '{print $1}'
+ )"
+ echo "${sha512sum}"
+fi
+
+if [ "${sign_key}" = 1 -o "${check}" = 1 ]; then
+ sign_keys="$(
+ printf '%s\n' $(
+ gpg --status-fd=1 --verify "${output_dir}/${iso}.sig" "${output_dir}/${iso}" 2> /dev/null | \
+ grep '^\[GNUPG:] VALIDSIG [0-9A-F]\+ ' | \
+ cut -d' ' -f3
+ ) | \
+ sort -u
+ )"
+
+ if [ $(echo "${sign_keys}" | grep -c '\S') -ne 1 ]; then
+ >&2 echo 'Not exactly one key used for signing the iso:'
+ >&2 echo "'${sign_keys}'"
+ exit 1
+ fi
+
+ sign_key="${sign_keys}"
+
+ if [ "${sign_key}" != "${expected_sign_key}" ]; then
+ >&2 printf "Isos are signed with key '%s' instead of '%s'.\n" \
+ "${sign_key}" \
+ "${expected_sign_key}"
+ exit 1
+ fi
+
+ if [ "${check}" = 0 ]; then
+ echo "${sign_key}"
+ fi
+fi
+
+if [ "${size}" = 1 ]; then
+ size="$(
+ printf 'scale=1; %s/1024/1024\n' "$(stat -c'%s' "${output_dir}/${iso}")" | \
+ bc
+ )"
+ echo "${size}"
+fi
+
+if [ "${kernel_version}" = 1 -o "${check}" = 1 ]; then
+ sudo mount -o loop,ro "${output_dir}/${iso}" "${tmp_dir}"
+ kernels="$(
+ printf '%s\n' $(
+ find "${tmp_dir}/arch" \
+ -maxdepth 1 \
+ -name 'pkglist.*.txt' \
+ -not -name 'pkglist.x86_64.txt' \
+ -execdir cat {} \; \
+ | sed '
+ s/^linux\s\+\([^-]\+-[^-]\+\)$/\1/
+ t
+ d
+ '
+ ) | \
+ sort -u
+ )"
+ sudo umount "${tmp_dir}"
+
+ if [ $(echo "${kernels}" | grep -c '\S') -ne 1 ]; then
+ >&2 echo 'Not exactly one kernel on the iso:'
+ >&2 echo "${kernels}"
+ exit 1
+ fi
+
+ kernel_version="${kernels}"
+ if [ "${check}" = 0 ]; then
+ echo "${kernel_version}"
+ fi
+fi
+
+exit 0