From 8ecb5dfd9f915e840aa85823e9c1b7602ca97d13 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 3 Feb 2022 20:31:11 +0100 Subject: check-iso: extracted ISO checking and information extraction into a separate script --- check-iso | 208 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100755 check-iso (limited to 'check-iso') diff --git a/check-iso b/check-iso new file mode 100755 index 0000000..65b2c57 --- /dev/null +++ b/check-iso @@ -0,0 +1,208 @@ +#!/bin/bash + +# parameters and default values +ARCH="i686" +DATE=$(date +%Y.%m.%d) +ISO="archlinux32-${DATE}-${ARCH}.iso" +OUTPUT_DIR="${HOME}/archisos" +#Andreas Baumann (sign) +SIGN_KEY='16194A82231E9EF823562181C8E8F5A0AF9BA7E7' +# Archlinux 32 Release Key +#SIGN_KEY='33CA3597B0D161AAE4173F65C17F1214114574A4' + +usage() { + >&2 echo "" + >&2 echo "check-iso: checks sanity of ISOs built for Archlinux32 and returns data about the ISO" + >&2 echo "" + >&2 echo "possible options:" + >&2 echo " -h|--help: show this help and exit" + >&2 echo " --iso name of ISO to be checked, default is '${ISO}'." + >&2 echo " --output-dir where to write the isos, default is '${OUTPUT_DIR}." + >&2 echo " --check check sanity of the image, returns an exit code only." + >&2 echo " --expected-sign-key expected PGP key the ISO has to be signed with, default '${SIGN_KEY}'." + >&2 echo " --md5sum get md5 of the ISO." + >&2 echo " --sha512sum get sha512sum of the ISO." + >&2 echo " --sign-key get GPG signing key of the ISO." + >&2 echo " --size get size of the ISO." + >&2 echo " --kernel-version get version of the kernel on the ISO." + >&2 echo " --no-cleanup do not clean up tmpdir after run, for debugging." + [ -z "$1" ] && exit 1 || exit "$1" +} + +# fail on first error +set -e + +# cleanup hook +tmp_dir="$(mktemp -d)" +cleanup() { + if mountpoint -q "${tmp_dir}"; then + sudo umount "${tmp_dir}" + fi + rm -rf --one-file-system "${tmp_dir}" +} +trap cleanup EXIT + +eval set -- "$( + getopt -o h \ + --long help \ + --long iso: \ + --long output-dir: \ + --long check \ + --long expected-sign-key: \ + --long md5sum \ + --long sha512sum \ + --long sign-key \ + --long size \ + --long kernel-version \ + -n "$(basename "$0")" -- "$@" || \ + echo usage +)" + +iso="$ISO" +output_dir="${OUTPUT_DIR}" +check=0 +expected_sign_key="${SIGN_KEY}" +md5sum=0 +sha512sum=0 +sign_key=0 +size=0 +kernel_version=0 + +while [ $# -gt 0 ]; do + case "$1" in + '--iso') + shift + iso="$1" + ;; + '--output-dir') + shift + output_dir="$1" + ;; + '--check') + check=1 + ;; + '--expected-sign-key') + shift + expected_sign_key="$1" + ;; + '--md5sum') + md5sum=1 + ;; + '--sha512sum') + sha512sum=1 + ;; + '--sign-key') + sign_key=1 + ;; + '--size') + size=1 + ;; + '--kernel-version') + kernel_version=1 + ;; + '--help'|'-h') + usage 0 + ;; + '--') + shift + break + ;; + *) + >&2 printf 'Whoops, option "%s" is not yet implemented!\n' "$1" >&2 + exit 42 + ;; + esac + shift +done + +if [ $# -gt 0 ]; then + >&2 echo 'Too many arguments.' >&2 + exit 2 +fi + +if [ "${md5sum}" = 1 ]; then + md5sum="$( + grep "\s${iso/}\$" "${output_dir}/md5sums" | \ + awk '{print $1}' + )" + echo "${md5sum}" +fi + +if [ "${sha512sum}" = 1 ]; then + sha512sum="$( + grep "\s${iso/}\$" "${output_dir}/sha512sums" | \ + awk '{print $1}' + )" + echo "${sha512sum}" +fi + +if [ "${sign_key}" = 1 -o "${check}" = 1 ]; then + sign_keys="$( + printf '%s\n' $( + gpg --status-fd=1 --verify "${output_dir}/${iso}.sig" "${output_dir}/${iso}" 2> /dev/null | \ + grep '^\[GNUPG:] VALIDSIG [0-9A-F]\+ ' | \ + cut -d' ' -f3 + ) | \ + sort -u + )" + + if [ $(echo "${sign_keys}" | grep -c '\S') -ne 1 ]; then + >&2 echo 'Not exactly one key used for signing the iso:' + >&2 echo "'${sign_keys}'" + exit 1 + fi + + sign_key="${sign_keys}" + + if [ "${sign_key}" != "${expected_sign_key}" ]; then + >&2 printf "Isos are signed with key '%s' instead of '%s'.\n" \ + "${sign_key}" \ + "${expected_sign_key}" + exit 1 + fi + + if [ "${check}" = 0 ]; then + echo "${sign_key}" + fi +fi + +if [ "${size}" = 1 ]; then + size="$( + printf 'scale=1; %s/1024/1024\n' "$(stat -c'%s' "${output_dir}/${iso}")" | \ + bc + )" + echo "${size}" +fi + +if [ "${kernel_version}" = 1 -o "${check}" = 1 ]; then + sudo mount -o loop,ro "${output_dir}/${iso}" "${tmp_dir}" + kernels="$( + printf '%s\n' $( + find "${tmp_dir}/arch" \ + -maxdepth 1 \ + -name 'pkglist.*.txt' \ + -not -name 'pkglist.x86_64.txt' \ + -execdir cat {} \; \ + | sed ' + s/^linux\s\+\([^-]\+-[^-]\+\)$/\1/ + t + d + ' + ) | \ + sort -u + )" + sudo umount "${tmp_dir}" + + if [ $(echo "${kernels}" | grep -c '\S') -ne 1 ]; then + >&2 echo 'Not exactly one kernel on the iso:' + >&2 echo "${kernels}" + exit 1 + fi + + kernel_version="${kernels}" + if [ "${check}" = 0 ]; then + echo "${kernel_version}" + fi +fi + +exit 0 -- cgit v1.2.3-54-g00ecf