mirror of https://schlomp.space/tastytea/hashboot
Compare commits
78 Commits
Author | SHA1 | Date |
---|---|---|
tastytea | 775b854cd1 | |
tastytea | c06b25c54a | |
tastytea | 023bd8b2de | |
tastytea | 7c0b3ef862 | |
tastytea | dc12c45581 | |
tastytea | 078f86c732 | |
tastytea | 326d4a30b6 | |
tastytea | 7b2e19bdef | |
tastytea | 7f32a7c5e4 | |
tastytea | 329095f5fa | |
tastytea | 9e9bfe3749 | |
tastytea | f571b962c1 | |
tastytea | 4d0b0cf8e4 | |
tastytea | e2ecb17afe | |
tastytea | 7d013ff78f | |
tastytea | aa95914010 | |
tastytea | 89e85108ed | |
tastytea | a8ba52f834 | |
tastytea | e3830ed8d6 | |
tastytea | c9cbf76701 | |
tastytea | 23c3704f3b | |
tastytea | 202e1bfad2 | |
tastytea | 71b41300b3 | |
tastytea | a4f8837aa2 | |
Hunter Peavey | be684bb473 | |
Teldra | 25111f02a7 | |
Hunter Peavey | b2a7dd0959 | |
Hunter Peavey | 22ec91cc9d | |
tastytea | 2be01c031b | |
tastytea | 3437eba5ea | |
tastytea | 1e63a10a99 | |
tastytea | 9de04f11fc | |
tastytea | 02121e496c | |
tastytea | 191753a17e | |
tastytea | 358b75f429 | |
tastytea | 62d8a78c03 | |
tastytea | b0d7c515cd | |
tastytea | 72be9701a1 | |
Teldra | 44f8a4f184 | |
teldra | 82c1d64718 | |
Teldra | 7c386ac209 | |
teldra | 51f3afb14d | |
Teldra | 004ff12954 | |
teldra | 085c3a2882 | |
Teldra | 865f417370 | |
teldra | f53f7263c5 | |
tastytea | f2460a3ce9 | |
tastytea | abe2411673 | |
teldra | f450f11128 | |
Teldra | 7eef7d017a | |
tastytea | 57750c1979 | |
tastytea | 342ea5d395 | |
tastytea | 069caad598 | |
Teldra | d2b63cf80c | |
tastytea | c479a8d856 | |
teldra | e709747e72 | |
tastytea | d0fd5a6a68 | |
tastytea | 8647dd65b1 | |
tastytea | 851b456b8e | |
teldra | a3543101bf | |
tastytea | d3762e1d97 | |
teldra | 4729e63712 | |
Teldra | 474a4f862e | |
Teldra | efb61a772f | |
Teldra | 2700462c20 | |
Teldra | 637e47eeda | |
Teldra | fb95b3387e | |
Teldra | cd1afbf6b8 | |
tastytea | 70ae214505 | |
Teldra | 8c907cd430 | |
Teldra | 99a419f8f4 | |
Teldra | 9867a6b49c | |
Teldra | e562459ff6 | |
Teldra | f416882bac | |
teldra | e1e23b4818 | |
tastytea | 00e2cfdc5d | |
teldra | bddc2720bf | |
tastytea | 59cbd14881 |
|
@ -0,0 +1,119 @@
|
||||||
|
kind: pipeline
|
||||||
|
name: check
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: debian-package-cache
|
||||||
|
host:
|
||||||
|
path: /var/cache/debian-package-cache
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
exclude:
|
||||||
|
- tag
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: shellcheck
|
||||||
|
image: debian:stretch-slim
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- rm /etc/apt/apt.conf.d/docker-clean
|
||||||
|
- rm /var/cache/apt/archives/lock
|
||||||
|
- echo "APT::Default-Release \"stretch\";" >> /etc/apt/apt.conf.d/00default_release
|
||||||
|
- echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list.d/buster.list
|
||||||
|
- apt-get update -q
|
||||||
|
- apt-get install -qy -t buster shellcheck
|
||||||
|
- shellcheck hashboot
|
||||||
|
volumes:
|
||||||
|
- name: debian-package-cache
|
||||||
|
path: /var/cache/apt/archives
|
||||||
|
|
||||||
|
- name: notify
|
||||||
|
image: drillster/drone-email
|
||||||
|
pull: always
|
||||||
|
settings:
|
||||||
|
host: cryptoparty-celle.de
|
||||||
|
from: drone@tzend.de
|
||||||
|
username:
|
||||||
|
from_secret: email_username
|
||||||
|
password:
|
||||||
|
from_secret: email_password
|
||||||
|
when:
|
||||||
|
status: [ changed, failure ]
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
kind: pipeline
|
||||||
|
name: release
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: debian-package-cache
|
||||||
|
host:
|
||||||
|
path: /var/cache/debian-package-cache
|
||||||
|
- name: gpg-key
|
||||||
|
host:
|
||||||
|
path: /home/tastytea/misc/autosign_gpg.key
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- tag
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: download tar.gz
|
||||||
|
image: plugins/download
|
||||||
|
settings:
|
||||||
|
source: https://schlomp.space/tastytea/hashboot/archive/${DRONE_TAG}.tar.gz
|
||||||
|
destination: hashboot-${DRONE_TAG}.tar.gz
|
||||||
|
|
||||||
|
- name: download zip
|
||||||
|
image: plugins/download
|
||||||
|
settings:
|
||||||
|
source: https://schlomp.space/tastytea/hashboot/archive/${DRONE_TAG}.zip
|
||||||
|
destination: hashboot-${DRONE_TAG}.zip
|
||||||
|
|
||||||
|
- name: signature
|
||||||
|
image: debian:stretch-slim
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- rm /etc/apt/apt.conf.d/docker-clean
|
||||||
|
- rm -f /var/cache/apt/archives/lock
|
||||||
|
- apt-get update -q
|
||||||
|
- apt-get install -qy gnupg
|
||||||
|
- gpg --import /var/autosign_gpg.key
|
||||||
|
- gpg --verbose --detach-sign *.tar.gz
|
||||||
|
- gpg --verbose --detach-sign *.zip
|
||||||
|
volumes:
|
||||||
|
- name: debian-package-cache
|
||||||
|
path: /var/cache/apt/archives
|
||||||
|
- name: gpg-key
|
||||||
|
path: /var/autosign_gpg.key
|
||||||
|
|
||||||
|
- name: release
|
||||||
|
image: plugins/gitea-release
|
||||||
|
pull: always
|
||||||
|
settings:
|
||||||
|
base_url: https://schlomp.space
|
||||||
|
api_key:
|
||||||
|
from_secret: gitea_token
|
||||||
|
title: ${DRONE_TAG}
|
||||||
|
prerelease: true
|
||||||
|
files:
|
||||||
|
- hashboot-${DRONE_TAG}.tar.gz
|
||||||
|
- hashboot-${DRONE_TAG}.tar.gz.sig
|
||||||
|
- hashboot-${DRONE_TAG}.zip
|
||||||
|
- hashboot-${DRONE_TAG}.zip.sig
|
||||||
|
checksum:
|
||||||
|
- sha256
|
||||||
|
- sha512
|
||||||
|
|
||||||
|
- name: notify
|
||||||
|
image: drillster/drone-email
|
||||||
|
pull: always
|
||||||
|
settings:
|
||||||
|
host: cryptoparty-celle.de
|
||||||
|
from: drone@tzend.de
|
||||||
|
username:
|
||||||
|
from_secret: email_username
|
||||||
|
password:
|
||||||
|
from_secret: email_password
|
||||||
|
when:
|
||||||
|
status: [ changed, failure ]
|
|
@ -0,0 +1 @@
|
||||||
|
/hashboot.1
|
8
LICENSE
8
LICENSE
|
@ -1,4 +1,4 @@
|
||||||
"THE HUG-WARE LICENSE" (Revision 1):
|
"THE HUG-WARE LICENSE" (Revision 2):
|
||||||
xo <xo@rotce.de> and tastytea <tastytea@tastytea.de> wrote these files. As long
|
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
|
||||||
as you retain this notice you can do whatever you want with this stuff. If we
|
As long as you retain this notice you can do whatever you want with this.
|
||||||
meet some day, and you think this stuff is worth it, you can give us a hug.
|
If we meet some day, and you think this is nice, you can give us a hug.
|
||||||
|
|
73
README.md
73
README.md
|
@ -1,31 +1,76 @@
|
||||||
**hashboot** hashes all files in `/boot` to check them during early boot. It is
|
**hashboot** hashes all files in `/boot` and the MBR to check them during early
|
||||||
intended for when you have encrypted the root partition but not the boot
|
boot. It is intended for when you have encrypted the root partition but not the
|
||||||
partition. The checksums and a backup of the contents of `/boot` are stored in
|
boot partition. The checksums and a backup of the contents of `/boot` are stored
|
||||||
`/var/lib/hashboot` by default. If a checksum doesn't match, you have the option
|
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
|
||||||
to restore the file from backup.
|
option to restore the file from backup.
|
||||||
|
|
||||||
|
If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)
|
||||||
|
installed, **hashboot** can check the BIOS for modifications too.
|
||||||
|
|
||||||
|
We moved our code to
|
||||||
|
[schlomp.space](https://schlomp.space/tastytea/hashboot) but we keep the
|
||||||
|
[GitHub-repo](https://github.com/tastytea/hashboot) as a mirror.
|
||||||
|
|
||||||
# Install
|
# Install
|
||||||
|
|
||||||
|
## Packages
|
||||||
|
|
||||||
|
### Void Linux
|
||||||
|
|
||||||
|
``` shell
|
||||||
|
xbps-install -S hashboot
|
||||||
|
```
|
||||||
|
|
||||||
|
### Gentoo Linux
|
||||||
|
|
||||||
|
Ebuilds are available via the
|
||||||
|
[tastytea repository](https://schlomp.space/tastytea/overlay).
|
||||||
|
|
||||||
|
``` shell
|
||||||
|
emerge -a sys-apps/hashboot
|
||||||
|
rc-update add hashboot boot
|
||||||
|
```
|
||||||
|
|
||||||
|
### Arch Linux
|
||||||
|
|
||||||
|
Use the [package from AUR](https://aur.archlinux.org/packages/hashboot/).
|
||||||
|
|
||||||
|
## Manual
|
||||||
|
|
||||||
|
### Any distro
|
||||||
|
|
||||||
|
The releases on
|
||||||
|
[schlomp.space](https://schlomp.space/tastytea/hashboot/releases) are
|
||||||
|
PGP-signed. The key-ID is `F7301ADFC9ED262448C42B64242E5AC4DA587BF9`
|
||||||
|
(`242E5AC4DA587BF9`). You can fetch it with `gpg --locate-key
|
||||||
|
autosign@tastytea.de`.
|
||||||
|
|
||||||
* Make hashboot executable
|
* Make hashboot executable
|
||||||
* Place hashboot anywhere in $PATH
|
* Place hashboot anywhere in ${PATH}
|
||||||
* Install the appropriate init script
|
* Install the appropriate init script
|
||||||
* If applicable, copy kernel-hook to /etc/kernel/post{inst,rm}.d/zzz-hashboot (make sure it is called after all other hooks)
|
* If applicable, copy `hooks/kernel-postinst` to /etc/kernel/post{inst,rm}.d/zzz-hashboot
|
||||||
|
(make sure it is called after all other hooks)
|
||||||
|
* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run
|
||||||
|
`build_manpage.sh`.
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
|
|
||||||
* Run "hashboot index" to generate checksums and a backup for /boot and MBR
|
* First run creates a configuration file. Select the desired checkroutines
|
||||||
* Run "hashboot check" to check /boot and MBR
|
* Run `hashboot index` to generate checksums and a backup for /boot and MBR
|
||||||
* Run "hashboot recover" to replace corrupted files with the backup
|
* Run `hashboot check` to check /boot and MBR
|
||||||
|
* Run `hashboot recover` to replace corrupted files with the backup
|
||||||
|
|
||||||
# Notes
|
# Notes
|
||||||
|
|
||||||
* You can't use the openrc/sysv init scripts with parallel boot.
|
* You can't use the openrc/sysv init scripts with parallel boot.
|
||||||
|
* The systemd and SysVinit init scripts have not been tested in a while, but
|
||||||
|
will probably work.
|
||||||
|
|
||||||
# License
|
# License
|
||||||
|
|
||||||
```PLAIN
|
```PLAIN
|
||||||
"THE HUG-WARE LICENSE" (Revision 1):
|
"THE HUG-WARE LICENSE" (Revision 2):
|
||||||
xo <xo@rotce.de> and tastytea <tastytea@tastytea.de> wrote these files. As long
|
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
|
||||||
as you retain this notice you can do whatever you want with this stuff. If we
|
As long as you retain this notice you can do whatever you want with this.
|
||||||
meet some day, and you think this stuff is worth it, you can give us a hug.
|
If we meet some day, and you think this is nice, you can give us a hug.
|
||||||
```
|
```
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ -f "hashboot.1.adoc" ]; then
|
||||||
|
name="hashboot"
|
||||||
|
version="$(grep VERSION hashboot | head -n1 | cut -d\" -f2)"
|
||||||
|
dir="$(dirname ${0})"
|
||||||
|
|
||||||
|
sed -Ei "s/(Revision: +)[0-9]+\.[0-9]+\.[0-9]+/\1${version}/" ${name}.1.adoc
|
||||||
|
a2x --doctype manpage --format manpage --no-xmllint ${name}.1.adoc
|
||||||
|
else
|
||||||
|
echo "hashboot.1.adoc not found." >&2
|
||||||
|
fi
|
171
hashboot
171
hashboot
|
@ -5,20 +5,23 @@
|
||||||
#7 = write error, 8 = dd error, 9 = file not found
|
#7 = write error, 8 = dd error, 9 = file not found
|
||||||
#10 = bios mismatch, 11 == mbr&bios mismatch, 12 = files&bios mismatch
|
#10 = bios mismatch, 11 == mbr&bios mismatch, 12 = files&bios mismatch
|
||||||
#13 = mbr&bios&files mismatch
|
#13 = mbr&bios&files mismatch
|
||||||
###################################################################################
|
###############################################################################
|
||||||
# "THE HUG-WARE LICENSE" (Revision 1): #
|
# "THE HUG-WARE LICENSE" (Revision 2): #
|
||||||
# xo <xo@rotce.de> and tastytea <tastytea@tastytea.de> wrote these files. As long #
|
# teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this. #
|
||||||
# as you retain this notice you can do whatever you want with this stuff. If we #
|
# As Long as you retain this notice you can do whatever you want with this. #
|
||||||
# meet some day, and you think this stuff is worth it, you can give us a hug. #
|
# If we meet some day, and you think this is nice, you can give us a hug. #
|
||||||
###################################################################################
|
###############################################################################
|
||||||
|
|
||||||
VERSION="0.9.7"
|
# Disable warnings about $?.
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
|
||||||
|
VERSION="0.9.14"
|
||||||
PATH="/bin:/usr/bin:/sbin:/usr/sbin:${PATH}"
|
PATH="/bin:/usr/bin:/sbin:/usr/sbin:${PATH}"
|
||||||
DIGEST_FILE=""
|
DIGEST_FILE=""
|
||||||
BACKUP_FILE=""
|
BACKUP_FILE=""
|
||||||
SAVEDIR=""
|
SAVEDIR=""
|
||||||
DIGEST_FILE_TMP="/tmp/hashboot.digesttmp"
|
DIGEST_FILE_TMP="/tmp/hashboot.digesttmp"
|
||||||
LOG_FILE="/tmp/hashboot.log"
|
LOG_FILE="/var/log/hashboot.log"
|
||||||
MBR_DEVICE="/dev/sda"
|
MBR_DEVICE="/dev/sda"
|
||||||
MBR_SIZE=1024
|
MBR_SIZE=1024
|
||||||
MBR_TMP="/tmp/mbr"
|
MBR_TMP="/tmp/mbr"
|
||||||
|
@ -28,7 +31,7 @@ BOOT_MOUNTED=0
|
||||||
CONFIG_FILE="/etc/hashboot.cfg"
|
CONFIG_FILE="/etc/hashboot.cfg"
|
||||||
COUNTER=0
|
COUNTER=0
|
||||||
DD_STATUS="none"
|
DD_STATUS="none"
|
||||||
PROGRAMMER="no" #standard change enables bios mode
|
PROGRAMMER=${PROGRAMMER:=internal}
|
||||||
#bitmask:
|
#bitmask:
|
||||||
# 001=mbr
|
# 001=mbr
|
||||||
# 010=files
|
# 010=files
|
||||||
|
@ -43,33 +46,36 @@ die ()
|
||||||
umount /boot
|
umount /boot
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Delete temporary files
|
||||||
|
rm -f "${DIGEST_FILE_TMP}" "${MBR_TMP}" "${BIOS_TMP}"
|
||||||
|
|
||||||
[ -z "${2}" ] || echo "${2}" >&2
|
[ -z "${2}" ] || echo "${2}" >&2
|
||||||
exit ${1}
|
exit "${1}"
|
||||||
}
|
}
|
||||||
|
|
||||||
write_hashes ()
|
write_hashes ()
|
||||||
{
|
{
|
||||||
#Write header to ${1}
|
local file="${1}"
|
||||||
echo "#hashboot ${VERSION} - Algorithm: $(basename ${HASHER})" > ${1}
|
#Write header to ${file}
|
||||||
|
echo "#hashboot ${VERSION} - Algorithm: $(basename ${HASHER})" > "${file}"
|
||||||
|
|
||||||
if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
if [ $((CKMODES & 001)) -ne 0 ]; then
|
||||||
#copy mbr to file
|
#copy mbr to file
|
||||||
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
|
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
|
||||||
#Write hash of MBR to ${1}
|
#Write hash of MBR to ${file}
|
||||||
${HASHER} ${MBR_TMP} >> ${1}
|
${HASHER} ${MBR_TMP} >> "${file}"
|
||||||
fi
|
fi
|
||||||
if [ $((${CKMODES} & 010)) -ne 0 ]; then
|
if [ $((CKMODES & 010)) -ne 0 ]; then
|
||||||
#Write hashes of all regular files to ${1}
|
#Write hashes of all regular files to ${file}
|
||||||
find /boot -type f -exec ${HASHER} --binary {} >> ${1} +
|
# shellcheck disable=SC2227
|
||||||
|
find /boot -type f -exec ${HASHER} --binary {} >> "${file}" +
|
||||||
fi
|
fi
|
||||||
if [ $((${CKMODES} & 100)) != 0 ]; then
|
if [ $((CKMODES & 100)) -ne 0 ]; then
|
||||||
#if we set an programmer chip in config
|
|
||||||
if [ ! "${PROGRAMMER}" == "no" ]; then
|
|
||||||
#read bios to file
|
#read bios to file
|
||||||
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
|
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
|
||||||
#and write hashes of bios files to ${1}
|
#and write hashes of bios files to ${file}
|
||||||
${HASHER} ${BIOS_TMP} >> ${1}
|
${HASHER} ${BIOS_TMP} >> "${file}"
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -88,7 +94,9 @@ then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Debian < 8 check
|
# Debian < 8 check
|
||||||
if which lsb_release > /dev/null 2>&1 && [ "$(lsb_release -si)" == "Debian" ] && [ $(lsb_release -sr | cut -d'.' -f1) -lt 8 ]
|
if command -v lsb_release > /dev/null \
|
||||||
|
&& [ "$(lsb_release -si)" == "Debian" ] \
|
||||||
|
&& [ "$(lsb_release -sr | cut -d'.' -f1)" -lt 8 ]
|
||||||
then
|
then
|
||||||
DD_STATUS="noxfer"
|
DD_STATUS="noxfer"
|
||||||
fi
|
fi
|
||||||
|
@ -96,9 +104,10 @@ fi
|
||||||
#Look for config file and set ${MBR_DEVICE}.
|
#Look for config file and set ${MBR_DEVICE}.
|
||||||
if [ -f ${CONFIG_FILE} ]
|
if [ -f ${CONFIG_FILE} ]
|
||||||
then
|
then
|
||||||
|
# shellcheck source=/dev/null
|
||||||
source ${CONFIG_FILE} || die 9 "Error reading config file"
|
source ${CONFIG_FILE} || die 9 "Error reading config file"
|
||||||
#compatibility to old cfg format
|
#compatibility to old cfg format
|
||||||
if [ ! -z "${BACKUP_FILE}" ]; then
|
if [ -n "${BACKUP_FILE}" ]; then
|
||||||
SAVEDIR="/var/lib/hashboot"
|
SAVEDIR="/var/lib/hashboot"
|
||||||
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
|
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
|
||||||
mkdir -p ${SAVEDIR}
|
mkdir -p ${SAVEDIR}
|
||||||
|
@ -109,6 +118,7 @@ then
|
||||||
sed -i '/BACKUP_FILE/d' ${CONFIG_FILE}
|
sed -i '/BACKUP_FILE/d' ${CONFIG_FILE}
|
||||||
echo "The backup und the digests have been moved to ${SAVEDIR}"
|
echo "The backup und the digests have been moved to ${SAVEDIR}"
|
||||||
fi
|
fi
|
||||||
|
# here we extrapolate paths from savedir.
|
||||||
DIGEST_FILE="${SAVEDIR}/hashboot.digest"
|
DIGEST_FILE="${SAVEDIR}/hashboot.digest"
|
||||||
BACKUP_FILE="${SAVEDIR}/boot-backup.tar"
|
BACKUP_FILE="${SAVEDIR}/boot-backup.tar"
|
||||||
#If not found, create one and ask for ${MBR_DEVICE}
|
#If not found, create one and ask for ${MBR_DEVICE}
|
||||||
|
@ -116,59 +126,47 @@ else
|
||||||
#Create ${CONFIG_FILE} with defaults if noninterctive
|
#Create ${CONFIG_FILE} with defaults if noninterctive
|
||||||
if [ -t "0" ]
|
if [ -t "0" ]
|
||||||
then
|
then
|
||||||
echo -n "Which device contains the MBR? [/dev/sda] "
|
|
||||||
read -r MBR_DEVICE
|
|
||||||
[ -z "${MBR_DEVICE}" ] && MBR_DEVICE="/dev/sda"
|
|
||||||
echo "#Device with the MBR on it" > ${CONFIG_FILE}
|
|
||||||
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
|
|
||||||
|
|
||||||
echo -n "Where should backup file and digestfile be stored? [/var/lib/hashboot] "
|
echo -n "Where should backup file and digestfile be stored? [/var/lib/hashboot] "
|
||||||
read -r SAVEDIR
|
read -r SAVEDIR
|
||||||
echo "#Where the Backup files are stored" >> ${CONFIG_FILE}
|
[ -z "${SAVEDIR}" ] && SAVEDIR="/var/lib/hashboot"
|
||||||
|
echo "#Where the Backup files are stored" > ${CONFIG_FILE}
|
||||||
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
|
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
|
||||||
DIGEST_FILE="${SAVEDIR}/hashboot.digest"
|
DIGEST_FILE="${SAVEDIR}/hashboot.digest"
|
||||||
BACKUP_FILE="${SAVEDIR}/boot-backup.tar"
|
BACKUP_FILE="${SAVEDIR}/boot-backup.tar"
|
||||||
mkdir -p ${SAVEDIR}
|
mkdir -p ${SAVEDIR}
|
||||||
echo -n "Include BIOS check? (y/n)"
|
|
||||||
read prompt
|
|
||||||
while ! [[ $prompt == "y" || $prompt == "Y" || $prompt == "n" || $prompt == "N" ]]; do
|
|
||||||
read prompt
|
|
||||||
done
|
|
||||||
if [[ "${prompt}" == "y" || "${prompt}" == "Y" ]]; then
|
|
||||||
if which flashrom; then
|
|
||||||
flashrom
|
|
||||||
echo -n "Which programmer? (eg. internal) "
|
|
||||||
read p
|
|
||||||
echo "PROGRAMMER=${p}" >> ${CONFIG_FILE}
|
|
||||||
else
|
|
||||||
echo "No flashrom found. You need to install it."
|
|
||||||
echo "PROGRAMMER=${PROGRAMMER}" >> ${CONFIG_FILE}
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "PROGRAMMER=no" >> ${CONFIG_FILE}
|
|
||||||
fi
|
|
||||||
echo "What do we check?"
|
echo "What do we check?"
|
||||||
echo "001=mbr"
|
echo "001=mbr"
|
||||||
echo "010=files"
|
echo "010=files"
|
||||||
echo "100=bios"
|
echo "100=core-/libreboot bios"
|
||||||
echo "eg. 101 for mbr and bios: "
|
echo "eg. 101 for mbr and bios: "
|
||||||
read CKMODES
|
read -r CKMODES
|
||||||
|
echo "#001=mbr,010=files,100=bios" >> ${CONFIG_FILE}
|
||||||
echo "CKMODES=$CKMODES" >> ${CONFIG_FILE}
|
echo "CKMODES=$CKMODES" >> ${CONFIG_FILE}
|
||||||
else
|
|
||||||
echo "#Device with the MBR on it" > ${CONFIG_FILE}
|
if [ $((CKMODES & 001)) -ne 0 ]; then
|
||||||
|
echo -n "Which device contains the MBR? [/dev/sda] "
|
||||||
|
read -r MBR_DEVICE
|
||||||
|
[ -z "${MBR_DEVICE}" ] && MBR_DEVICE="/dev/sda"
|
||||||
|
echo "#Device with the MBR on it" >> ${CONFIG_FILE}
|
||||||
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
|
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
|
||||||
echo "#Where the Backup files are stored" >> ${CONFIG_FILE}
|
fi
|
||||||
echo "BACKUP_FILE=${BACKUP_FILE}" >> ${CONFIG_FILE}
|
|
||||||
echo "CKMODES=$CKMODES" >> ${CONFIG_FILE}
|
if [ $((CKMODES & 100)) -ne 0 ]; then
|
||||||
echo "PROGRAMMER=${PROGRAMMER}" >> ${CONFIG_FILE}
|
if ! command -v flashrom > /dev/null; then
|
||||||
|
echo "You need to have flashrom installed!"
|
||||||
|
echo "Currently it is not installed, don't reboot"
|
||||||
|
echo "If you need another programmer than internal"
|
||||||
|
echo "use the variable PROGRAMMER in ${CONFIG_FILE}!"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
die 9 "No config file found. Run hashboot interactively to generate one."
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${2}" > "1" ]; then
|
if [ $((CKMODES & 001)) -ne 0 ]; then
|
||||||
CKMODES=${2}
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
|
||||||
# Find out where the first partition starts and set ${MBR_SIZE} in KiB
|
# Find out where the first partition starts and set ${MBR_SIZE} in KiB
|
||||||
sectorsize=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep '^Units' | awk '{print $8}' )
|
sectorsize=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep '^Units' | awk '{print $8}' )
|
||||||
if [ "${sectorsize}" == "=" ] # Older versions of util-linux
|
if [ "${sectorsize}" == "=" ] # Older versions of util-linux
|
||||||
|
@ -181,7 +179,7 @@ if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
||||||
startsector=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep -A1 'Device' | tail -n1 | awk '{print $3}' )
|
startsector=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep -A1 'Device' | tail -n1 | awk '{print $3}' )
|
||||||
fi
|
fi
|
||||||
|
|
||||||
MBR_SIZE=$(expr ${sectorsize} \* ${startsector} / 1024)
|
MBR_SIZE=$((sectorsize * startsector / 1024))
|
||||||
|
|
||||||
if [ ${?} != 0 ]
|
if [ ${?} != 0 ]
|
||||||
then
|
then
|
||||||
|
@ -193,10 +191,10 @@ fi
|
||||||
if [ "${1}" == "index" ]
|
if [ "${1}" == "index" ]
|
||||||
then
|
then
|
||||||
#Try different hashers, use the most secure
|
#Try different hashers, use the most secure
|
||||||
HASHER=$(/usr/bin/which sha512sum 2> /dev/null)
|
HASHER=$(command -v sha512sum)
|
||||||
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha384sum 2> /dev/null)
|
test -z "${HASHER}" && HASHER=$(command -v sha384sum)
|
||||||
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha256sum 2> /dev/null)
|
test -z "${HASHER}" && HASHER=$(command -v sha256sum)
|
||||||
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha224sum 2> /dev/null)
|
test -z "${HASHER}" && HASHER=$(command -v sha224sum)
|
||||||
#If we found no hasher: exit
|
#If we found no hasher: exit
|
||||||
[ -z "${HASHER}" ] && die 5 "No hash calculator found"
|
[ -z "${HASHER}" ] && die 5 "No hash calculator found"
|
||||||
|
|
||||||
|
@ -215,18 +213,25 @@ then
|
||||||
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '<' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
|
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '<' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
|
||||||
do
|
do
|
||||||
#delete from tar
|
#delete from tar
|
||||||
tar --delete -v -P -f $BACKUP_FILE $file
|
tar --delete -v -P -f ${BACKUP_FILE} "${file}"
|
||||||
done
|
done
|
||||||
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '>' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
|
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '>' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
|
||||||
do
|
do
|
||||||
tar -r -v -P -f $BACKUP_FILE $file
|
tar -r -v -P -f $BACKUP_FILE "${file}"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
#nur, wenn das updaten des Backups geklappt hat. *im Hinterkopf behalt*
|
#nur, wenn das updaten des Backups geklappt hat. *im Hinterkopf behalt*
|
||||||
mv ${DIGEST_FILE_TMP} ${DIGEST_FILE}
|
mv ${DIGEST_FILE_TMP} ${DIGEST_FILE}
|
||||||
else
|
else
|
||||||
write_hashes $DIGEST_FILE
|
write_hashes $DIGEST_FILE
|
||||||
tar -cpPf ${BACKUP_FILE} ${BIOS} ${MBR_TMP} /boot ${DIGEST_FILE} || die 7 "Error writing ${BACKUP_FILE}"
|
INCLUDE_FILES=""
|
||||||
|
if [ -f "${MBR_TMP}" ]; then
|
||||||
|
INCLUDE_FILES="${INCLUDE_FILES} ${MBR_TMP}"
|
||||||
|
fi
|
||||||
|
if [ -f "${BIOS_TMP}" ]; then
|
||||||
|
INCLUDE_FILES="${BIOS_TMP}"
|
||||||
|
fi
|
||||||
|
tar -cpPf "${BACKUP_FILE}" ${INCLUDE_FILES} /boot ${DIGEST_FILE} || die 7 "Error writing ${BACKUP_FILE}"
|
||||||
echo "Backup written to ${BACKUP_FILE}"
|
echo "Backup written to ${BACKUP_FILE}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -234,34 +239,33 @@ elif [ "${1}" == "check" ]
|
||||||
then
|
then
|
||||||
[ -f ${DIGEST_FILE} ] || die 9 "No digestfile"
|
[ -f ${DIGEST_FILE} ] || die 9 "No digestfile"
|
||||||
HASHER=$(head -n1 ${DIGEST_FILE} | awk '{print $5}')
|
HASHER=$(head -n1 ${DIGEST_FILE} | awk '{print $5}')
|
||||||
if [ $((${CKMODES} & 001)) != 0 ]; then
|
if [ $((CKMODES & 001)) != 0 ]; then
|
||||||
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
|
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
|
||||||
grep ${MBR_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee ${LOG_FILE}
|
grep ${MBR_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee ${LOG_FILE}
|
||||||
if [ ${PIPESTATUS[2]} -ne 0 ]
|
if [ "${PIPESTATUS[2]}" -ne 0 ]
|
||||||
then
|
then
|
||||||
echo " !! TIME TO PANIK: MBR WAS MODIFIED !!"
|
echo " !! TIME TO PANIK: MBR WAS MODIFIED !!"
|
||||||
COUNTER=$((COUNTER + 1))
|
COUNTER=$((COUNTER + 1))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ $((${CKMODES} & 010)) -ne 0 ]; then
|
if [ $((CKMODES & 010)) -ne 0 ]; then
|
||||||
grep -v ${MBR_TMP} ${DIGEST_FILE} | grep -v ${BIOS_TMP} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
|
grep -v ${MBR_TMP} ${DIGEST_FILE} | grep -v ${BIOS_TMP} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
|
||||||
if [ ${PIPESTATUS[2]} -ne 0 ]
|
if [ "${PIPESTATUS[2]}" -ne 0 ]
|
||||||
then
|
then
|
||||||
echo " !! TIME TO PANIK: AT LEAST 1 FILE WAS MODIFIED !!"
|
echo " !! TIME TO PANIK: AT LEAST 1 FILE WAS MODIFIED !!"
|
||||||
COUNTER=$((COUNTER + 2))
|
COUNTER=$((COUNTER + 2))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ $((${CKMODES} & 100)) -ne 0 ]; then
|
if [ $((CKMODES & 100)) -ne 0 ]; then
|
||||||
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
|
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
|
||||||
#if we set an programmer chip in config, find line with hash for bios and compare. if smthg wrong, panic
|
#if we set an programmer chip in config, find line with hash for bios and compare. if smthg wrong, panic
|
||||||
if [ ! ${PROGRAMMER} == "no" ]; then
|
|
||||||
grep ${BIOS_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
|
grep ${BIOS_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
|
||||||
if [ ${PIPESTATUS[2]} -ne 0 ]
|
if [ "${PIPESTATUS[2]}" -ne 0 ]
|
||||||
then
|
then
|
||||||
echo " !! TIME TO PANIK: BIOS WAS MODIFIED !!"
|
echo " !! TIME TO PANIK: BIOS WAS MODIFIED !!"
|
||||||
COUNTER=$((COUNTER + 10))
|
COUNTER=$((COUNTER + 10))
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ${COUNTER} -gt 0 ]; then
|
if [ ${COUNTER} -gt 0 ]; then
|
||||||
|
@ -272,15 +276,16 @@ then
|
||||||
echo "Restoring files from backup... (type yes or no for each file)"
|
echo "Restoring files from backup... (type yes or no for each file)"
|
||||||
|
|
||||||
#For each failed file: ask if it should be recovered from backup
|
#For each failed file: ask if it should be recovered from backup
|
||||||
|
# shellcheck disable=2013
|
||||||
for file in $(cut -d: -f1 ${LOG_FILE})
|
for file in $(cut -d: -f1 ${LOG_FILE})
|
||||||
do
|
do
|
||||||
tar -xpPvwf ${BACKUP_FILE} ${file}
|
tar -xpPvwf ${BACKUP_FILE} "${file}"
|
||||||
[ $? != 0 ] && echo "Error restoring ${file} from backup, continuing" >&2
|
[ ${?} != 0 ] && echo "Error restoring ${file} from backup, continuing" >&2
|
||||||
#If the MBR is to be recovered, copy to ${MBR_DEVICE}
|
#If the MBR is to be recovered, copy to ${MBR_DEVICE}
|
||||||
if [ "${file}" == ${MBR_TMP} ]
|
if [ "${file}" == ${MBR_TMP} ]
|
||||||
then
|
then
|
||||||
cp ${MBR_TMP} ${MBR_DEVICE}
|
cp ${MBR_TMP} ${MBR_DEVICE}
|
||||||
[ $? != 0 ] && echo "Error restoring MBR from backup, continuing" >&2
|
[ ${?} != 0 ] && echo "Error restoring MBR from backup, continuing" >&2
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
= hashboot(1)
|
||||||
|
tastytea <tastytea@tastytea.de>; teldra <teldra@rotce.de>
|
||||||
|
:Date: 2019-04-12
|
||||||
|
:Revision: 0.9.8
|
||||||
|
:man source: hashboot
|
||||||
|
:man version: {revision}
|
||||||
|
:man manual: General Commands Manual
|
||||||
|
|
||||||
|
== NAME
|
||||||
|
|
||||||
|
hashboot - generate checksums and a backup for /boot, MBR and BIOS.
|
||||||
|
|
||||||
|
== SYNOPSIS
|
||||||
|
|
||||||
|
*hashboot* _index_|_check_|_recover_
|
||||||
|
|
||||||
|
== DESCRIPTION
|
||||||
|
|
||||||
|
hashboot hashes all files in `/boot` and the MBR to check them during early
|
||||||
|
boot. It is intended for when you have encrypted the root partition but not the
|
||||||
|
boot partition. The checksums and a backup of the contents of `/boot` are stored
|
||||||
|
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
|
||||||
|
option to restore the file from backup.
|
||||||
|
|
||||||
|
If there is a core- or libreboot bios and flashrom installed, hashboot can
|
||||||
|
check bios for modifications too.
|
||||||
|
|
||||||
|
== OPTIONS
|
||||||
|
|
||||||
|
*index*::
|
||||||
|
generate checksums and a backup for `/boot`, MBR and BIOS.
|
||||||
|
|
||||||
|
*check*::
|
||||||
|
check `/boot`, MBR and BIOS.
|
||||||
|
|
||||||
|
*recover*::
|
||||||
|
replace corrupted files with the backup.
|
||||||
|
|
||||||
|
== CONFIGURATION
|
||||||
|
|
||||||
|
The configuration file is in `/etc/hashboot.conf`.
|
||||||
|
|
||||||
|
=== Possible options
|
||||||
|
|
||||||
|
[frame="none",grid="none"]
|
||||||
|
|============
|
||||||
|
|SAVEDIR | The checksums and the backup are stored here.
|
||||||
|
|CKMODES | 001=mbr, 010=files, 100=bios.
|
||||||
|
|MBR_DEVICE | Device with the MBR on it.
|
||||||
|
|PROGRAMMER | Use this programmer instead of "internal". Will be passed to flashrom.
|
||||||
|
|============
|
||||||
|
|
||||||
|
|
||||||
|
== REPORTING BUGS
|
||||||
|
|
||||||
|
Bugtracker: https://github.com/tastytea/hashboot/issues
|
|
@ -0,0 +1,12 @@
|
||||||
|
[Trigger]
|
||||||
|
Operation = Install
|
||||||
|
Operation = Upgrade
|
||||||
|
Operation = Remove
|
||||||
|
Type = Package
|
||||||
|
Target = *
|
||||||
|
|
||||||
|
[Action]
|
||||||
|
Description = Regenerating hashboot checksums...
|
||||||
|
When = PostTransaction
|
||||||
|
Exec = /usr/bin/hashboot index
|
||||||
|
Depends = hashboot
|
|
@ -0,0 +1,39 @@
|
||||||
|
#!/sbin/openrc-run
|
||||||
|
# Copyright 1999-2019 Gentoo Authors
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
description="Check integrity of files in /boot"
|
||||||
|
|
||||||
|
depend()
|
||||||
|
{
|
||||||
|
need localmount
|
||||||
|
before xdm
|
||||||
|
}
|
||||||
|
|
||||||
|
start()
|
||||||
|
{
|
||||||
|
ebegin "Checking integrity of files in /boot"
|
||||||
|
|
||||||
|
# See if hashboot is accessible
|
||||||
|
which hashboot > /dev/null || return 255
|
||||||
|
|
||||||
|
hashboot check
|
||||||
|
ret=$?
|
||||||
|
# If return code is 1-3 or 10-13
|
||||||
|
if [ ${ret} -ge 1 ] && [ ${ret} -le 3 ] || [ ${ret} -ge 10 ] && [ ${ret} -le 13 ]; then
|
||||||
|
echo -n "Recover files? [y/N] "
|
||||||
|
read -r yesno
|
||||||
|
if [ "${yesno}" == "y" ]; then
|
||||||
|
hashboot recover
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Dropping to shell. Type exit to continue."
|
||||||
|
sh
|
||||||
|
return ${ret}
|
||||||
|
elif [ ${ret} != 0 ]; then
|
||||||
|
eerror "Unexpected error number ${ret}."
|
||||||
|
return ${ret}
|
||||||
|
fi
|
||||||
|
|
||||||
|
eend 0
|
||||||
|
}
|
|
@ -0,0 +1,56 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: hashboot
|
||||||
|
# Required-Start: $mountall
|
||||||
|
# Required-Stop:
|
||||||
|
# Default-Start: S
|
||||||
|
# Default-Stop:
|
||||||
|
# Short-Description: Check integrity of files in /boot
|
||||||
|
### END INIT INFO
|
||||||
|
|
||||||
|
#PATH=/sbin:/bin:/usr/bin:/usr
|
||||||
|
|
||||||
|
# See if hashboot is accessible
|
||||||
|
test -x $(which hashboot) || exit 255
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
log_daemon_msg "Checking integrity of files in /boot"
|
||||||
|
|
||||||
|
hashboot check
|
||||||
|
ret=$?
|
||||||
|
if [ ${ret} -ge 1 ] && [ ${ret} -le 3 ] || [ ${ret} -ge 10 ] && [ ${ret} -le 13 ]; then
|
||||||
|
log_end_msg ${ret}
|
||||||
|
|
||||||
|
echo -n "Recover files? [y/N] "
|
||||||
|
read -r yesno
|
||||||
|
if [ "${yesno}" == "y" ]; then
|
||||||
|
hashboot recover
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Dropping to shell. Type exit to continue."
|
||||||
|
sh
|
||||||
|
exit ${ret}
|
||||||
|
elif [ ${ret} != 0 ]; then
|
||||||
|
log_end_msg ${ret}
|
||||||
|
eerror "Unexpected error number ${ret}."
|
||||||
|
exit ${ret}
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_end_msg 0
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
# No-op
|
||||||
|
;;
|
||||||
|
restart|reload|force-reload|status)
|
||||||
|
echo "Error: argument '$1' not supported" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: /etc/init.d/hashboot {start|stop}"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
|
@ -1,37 +0,0 @@
|
||||||
#!/sbin/openrc-run
|
|
||||||
|
|
||||||
description="Check integrity of files in /boot"
|
|
||||||
|
|
||||||
depend()
|
|
||||||
{
|
|
||||||
need localmount
|
|
||||||
before xdm
|
|
||||||
}
|
|
||||||
|
|
||||||
start()
|
|
||||||
{
|
|
||||||
ebegin "Checking integrity of files in /boot"
|
|
||||||
|
|
||||||
# See if hashboot is accessible
|
|
||||||
which hashboot > /dev/null || return 255
|
|
||||||
|
|
||||||
hashboot check
|
|
||||||
if [ $? -gt 0 ] && [ $? -le 3 ]
|
|
||||||
then
|
|
||||||
echo -n "Recover files? [y/N] "
|
|
||||||
read -r yesno
|
|
||||||
if [ "${yesno}" == "y" ]
|
|
||||||
then
|
|
||||||
hashboot recover
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Dropping to shell. Type exit to continue."
|
|
||||||
sh
|
|
||||||
return 3
|
|
||||||
elif [ $? != 0 ]
|
|
||||||
then
|
|
||||||
return $?
|
|
||||||
fi
|
|
||||||
|
|
||||||
eend 0
|
|
||||||
}
|
|
|
@ -1,58 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: hashboot
|
|
||||||
# Required-Start: $mountall
|
|
||||||
# Required-Stop:
|
|
||||||
# Default-Start: S
|
|
||||||
# Default-Stop:
|
|
||||||
# Short-Description: Check integrity of files in /boot
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
#PATH=/sbin:/bin:/usr/bin:/usr
|
|
||||||
|
|
||||||
# See if hashboot is accessible
|
|
||||||
test -x $(which hashboot) || exit 255
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
log_daemon_msg "Checking integrity of files in /boot"
|
|
||||||
|
|
||||||
hashboot check
|
|
||||||
if [ $? -gt 0 ] && [ $? -le 3 ]
|
|
||||||
then
|
|
||||||
log_end_msg 4
|
|
||||||
|
|
||||||
echo -n "Recover files? [y/N] "
|
|
||||||
read -r yesno
|
|
||||||
if [ "${yesno}" == "y" ]
|
|
||||||
then
|
|
||||||
hashboot recover
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Dropping to shell. Type exit to continue."
|
|
||||||
sh
|
|
||||||
exit 3
|
|
||||||
elif [ $? != 0 ]
|
|
||||||
then
|
|
||||||
log_end_msg $?
|
|
||||||
exit $?
|
|
||||||
fi
|
|
||||||
|
|
||||||
log_end_msg 0
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
# No-op
|
|
||||||
|
|
||||||
;;
|
|
||||||
restart|reload|force-reload|status)
|
|
||||||
echo "Error: argument '$1' not supported" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: /etc/init.d/hashboot {start|stop}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0
|
|
Loading…
Reference in New Issue