Compare commits

..

No commits in common. "master" and "0.9.7" have entirely different histories.

17 changed files with 202 additions and 452 deletions

View File

@ -1,119 +0,0 @@
kind: pipeline
name: check
volumes:
- name: debian-package-cache
host:
path: /var/cache/debian-package-cache
trigger:
event:
exclude:
- tag
steps:
- name: shellcheck
image: debian:stretch-slim
pull: always
commands:
- rm /etc/apt/apt.conf.d/docker-clean
- rm /var/cache/apt/archives/lock
- echo "APT::Default-Release \"stretch\";" >> /etc/apt/apt.conf.d/00default_release
- echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list.d/buster.list
- apt-get update -q
- apt-get install -qy -t buster shellcheck
- shellcheck hashboot
volumes:
- name: debian-package-cache
path: /var/cache/apt/archives
- name: notify
image: drillster/drone-email
pull: always
settings:
host: cryptoparty-celle.de
from: drone@tzend.de
username:
from_secret: email_username
password:
from_secret: email_password
when:
status: [ changed, failure ]
---
kind: pipeline
name: release
volumes:
- name: debian-package-cache
host:
path: /var/cache/debian-package-cache
- name: gpg-key
host:
path: /home/tastytea/misc/autosign_gpg.key
trigger:
event:
- tag
steps:
- name: download tar.gz
image: plugins/download
settings:
source: https://schlomp.space/tastytea/hashboot/archive/${DRONE_TAG}.tar.gz
destination: hashboot-${DRONE_TAG}.tar.gz
- name: download zip
image: plugins/download
settings:
source: https://schlomp.space/tastytea/hashboot/archive/${DRONE_TAG}.zip
destination: hashboot-${DRONE_TAG}.zip
- name: signature
image: debian:stretch-slim
pull: always
commands:
- rm /etc/apt/apt.conf.d/docker-clean
- rm -f /var/cache/apt/archives/lock
- apt-get update -q
- apt-get install -qy gnupg
- gpg --import /var/autosign_gpg.key
- gpg --verbose --detach-sign *.tar.gz
- gpg --verbose --detach-sign *.zip
volumes:
- name: debian-package-cache
path: /var/cache/apt/archives
- name: gpg-key
path: /var/autosign_gpg.key
- name: release
image: plugins/gitea-release
pull: always
settings:
base_url: https://schlomp.space
api_key:
from_secret: gitea_token
title: ${DRONE_TAG}
prerelease: true
files:
- hashboot-${DRONE_TAG}.tar.gz
- hashboot-${DRONE_TAG}.tar.gz.sig
- hashboot-${DRONE_TAG}.zip
- hashboot-${DRONE_TAG}.zip.sig
checksum:
- sha256
- sha512
- name: notify
image: drillster/drone-email
pull: always
settings:
host: cryptoparty-celle.de
from: drone@tzend.de
username:
from_secret: email_username
password:
from_secret: email_password
when:
status: [ changed, failure ]

1
.gitignore vendored
View File

@ -1 +0,0 @@
/hashboot.1

View File

@ -1,4 +1,4 @@
"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.
"THE HUG-WARE LICENSE" (Revision 1):
xo <xo@rotce.de> and tastytea <tastytea@tastytea.de> wrote these files. As long
as you retain this notice you can do whatever you want with this stuff. If we
meet some day, and you think this stuff is worth it, you can give us a hug.

View File

@ -1,76 +1,31 @@
**hashboot** hashes all files in `/boot` and the MBR to check them during early
boot. It is intended for when you have encrypted the root partition but not the
boot partition. The checksums and a backup of the contents of `/boot` are stored
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
option to restore the file from backup.
If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)
installed, **hashboot** can check the BIOS for modifications too.
We moved our code to
[schlomp.space](https://schlomp.space/tastytea/hashboot) but we keep the
[GitHub-repo](https://github.com/tastytea/hashboot) as a mirror.
**hashboot** hashes all files in `/boot` to check them during early boot. It is
intended for when you have encrypted the root partition but not the boot
partition. The checksums and a backup of the contents of `/boot` are stored in
`/var/lib/hashboot` by default. If a checksum doesn't match, you have the option
to restore the file from backup.
# Install
## Packages
### Void Linux
``` shell
xbps-install -S hashboot
```
### Gentoo Linux
Ebuilds are available via the
[tastytea repository](https://schlomp.space/tastytea/overlay).
``` shell
emerge -a sys-apps/hashboot
rc-update add hashboot boot
```
### Arch Linux
Use the [package from AUR](https://aur.archlinux.org/packages/hashboot/).
## Manual
### Any distro
The releases on
[schlomp.space](https://schlomp.space/tastytea/hashboot/releases) are
PGP-signed. The key-ID is `F7301ADFC9ED262448C42B64242E5AC4DA587BF9`
(`242E5AC4DA587BF9`). You can fetch it with `gpg --locate-key
autosign@tastytea.de`.
* Make hashboot executable
* Place hashboot anywhere in ${PATH}
* Place hashboot anywhere in $PATH
* Install the appropriate init script
* If applicable, copy `hooks/kernel-postinst` to /etc/kernel/post{inst,rm}.d/zzz-hashboot
(make sure it is called after all other hooks)
* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run
`build_manpage.sh`.
* If applicable, copy kernel-hook to /etc/kernel/post{inst,rm}.d/zzz-hashboot (make sure it is called after all other hooks)
# Usage
* First run creates a configuration file. Select the desired checkroutines
* Run `hashboot index` to generate checksums and a backup for /boot and MBR
* Run `hashboot check` to check /boot and MBR
* Run `hashboot recover` to replace corrupted files with the backup
* Run "hashboot index" to generate checksums and a backup for /boot and MBR
* Run "hashboot check" to check /boot and MBR
* Run "hashboot recover" to replace corrupted files with the backup
# Notes
* You can't use the openrc/sysv init scripts with parallel boot.
* The systemd and SysVinit init scripts have not been tested in a while, but
will probably work.
# License
```PLAIN
"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.
"THE HUG-WARE LICENSE" (Revision 1):
xo <xo@rotce.de> and tastytea <tastytea@tastytea.de> wrote these files. As long
as you retain this notice you can do whatever you want with this stuff. If we
meet some day, and you think this stuff is worth it, you can give us a hug.
```

View File

@ -1,12 +0,0 @@
#!/bin/sh
if [ -f "hashboot.1.adoc" ]; then
name="hashboot"
version="$(grep VERSION hashboot | head -n1 | cut -d\" -f2)"
dir="$(dirname ${0})"
sed -Ei "s/(Revision: +)[0-9]+\.[0-9]+\.[0-9]+/\1${version}/" ${name}.1.adoc
a2x --doctype manpage --format manpage --no-xmllint ${name}.1.adoc
else
echo "hashboot.1.adoc not found." >&2
fi

171
hashboot
View File

@ -5,23 +5,20 @@
#7 = write error, 8 = dd error, 9 = file not found
#10 = bios mismatch, 11 == mbr&bios mismatch, 12 = files&bios mismatch
#13 = mbr&bios&files mismatch
###############################################################################
# "THE HUG-WARE LICENSE" (Revision 2): #
# teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this. #
# As Long as you retain this notice you can do whatever you want with this. #
# If we meet some day, and you think this is nice, you can give us a hug. #
###############################################################################
###################################################################################
# "THE HUG-WARE LICENSE" (Revision 1): #
# xo <xo@rotce.de> and tastytea <tastytea@tastytea.de> wrote these files. As long #
# as you retain this notice you can do whatever you want with this stuff. If we #
# meet some day, and you think this stuff is worth it, you can give us a hug. #
###################################################################################
# Disable warnings about $?.
# shellcheck disable=SC2181
VERSION="0.9.14"
VERSION="0.9.7"
PATH="/bin:/usr/bin:/sbin:/usr/sbin:${PATH}"
DIGEST_FILE=""
BACKUP_FILE=""
SAVEDIR=""
DIGEST_FILE_TMP="/tmp/hashboot.digesttmp"
LOG_FILE="/var/log/hashboot.log"
LOG_FILE="/tmp/hashboot.log"
MBR_DEVICE="/dev/sda"
MBR_SIZE=1024
MBR_TMP="/tmp/mbr"
@ -31,7 +28,7 @@ BOOT_MOUNTED=0
CONFIG_FILE="/etc/hashboot.cfg"
COUNTER=0
DD_STATUS="none"
PROGRAMMER=${PROGRAMMER:=internal}
PROGRAMMER="no" #standard change enables bios mode
#bitmask:
# 001=mbr
# 010=files
@ -46,36 +43,33 @@ die ()
umount /boot
fi
# Delete temporary files
rm -f "${DIGEST_FILE_TMP}" "${MBR_TMP}" "${BIOS_TMP}"
[ -z "${2}" ] || echo "${2}" >&2
exit "${1}"
exit ${1}
}
write_hashes ()
{
local file="${1}"
#Write header to ${file}
echo "#hashboot ${VERSION} - Algorithm: $(basename ${HASHER})" > "${file}"
#Write header to ${1}
echo "#hashboot ${VERSION} - Algorithm: $(basename ${HASHER})" > ${1}
if [ $((CKMODES & 001)) -ne 0 ]; then
if [ $((${CKMODES} & 001)) -ne 0 ]; then
#copy mbr to file
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
#Write hash of MBR to ${file}
${HASHER} ${MBR_TMP} >> "${file}"
#Write hash of MBR to ${1}
${HASHER} ${MBR_TMP} >> ${1}
fi
if [ $((CKMODES & 010)) -ne 0 ]; then
#Write hashes of all regular files to ${file}
# shellcheck disable=SC2227
find /boot -type f -exec ${HASHER} --binary {} >> "${file}" +
if [ $((${CKMODES} & 010)) -ne 0 ]; then
#Write hashes of all regular files to ${1}
find /boot -type f -exec ${HASHER} --binary {} >> ${1} +
fi
if [ $((CKMODES & 100)) -ne 0 ]; then
if [ $((${CKMODES} & 100)) != 0 ]; then
#if we set an programmer chip in config
if [ ! "${PROGRAMMER}" == "no" ]; then
#read bios to file
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
#and write hashes of bios files to ${file}
${HASHER} ${BIOS_TMP} >> "${file}"
#and write hashes of bios files to ${1}
${HASHER} ${BIOS_TMP} >> ${1}
fi
fi
}
@ -94,9 +88,7 @@ then
fi
# Debian < 8 check
if command -v lsb_release > /dev/null \
&& [ "$(lsb_release -si)" == "Debian" ] \
&& [ "$(lsb_release -sr | cut -d'.' -f1)" -lt 8 ]
if which lsb_release > /dev/null 2>&1 && [ "$(lsb_release -si)" == "Debian" ] && [ $(lsb_release -sr | cut -d'.' -f1) -lt 8 ]
then
DD_STATUS="noxfer"
fi
@ -104,10 +96,9 @@ fi
#Look for config file and set ${MBR_DEVICE}.
if [ -f ${CONFIG_FILE} ]
then
# shellcheck source=/dev/null
source ${CONFIG_FILE} || die 9 "Error reading config file"
#compatibility to old cfg format
if [ -n "${BACKUP_FILE}" ]; then
if [ ! -z "${BACKUP_FILE}" ]; then
SAVEDIR="/var/lib/hashboot"
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
mkdir -p ${SAVEDIR}
@ -118,7 +109,6 @@ then
sed -i '/BACKUP_FILE/d' ${CONFIG_FILE}
echo "The backup und the digests have been moved to ${SAVEDIR}"
fi
# here we extrapolate paths from savedir.
DIGEST_FILE="${SAVEDIR}/hashboot.digest"
BACKUP_FILE="${SAVEDIR}/boot-backup.tar"
#If not found, create one and ask for ${MBR_DEVICE}
@ -126,47 +116,59 @@ else
#Create ${CONFIG_FILE} with defaults if noninterctive
if [ -t "0" ]
then
echo -n "Which device contains the MBR? [/dev/sda] "
read -r MBR_DEVICE
[ -z "${MBR_DEVICE}" ] && MBR_DEVICE="/dev/sda"
echo "#Device with the MBR on it" > ${CONFIG_FILE}
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
echo -n "Where should backup file and digestfile be stored? [/var/lib/hashboot] "
read -r SAVEDIR
[ -z "${SAVEDIR}" ] && SAVEDIR="/var/lib/hashboot"
echo "#Where the Backup files are stored" > ${CONFIG_FILE}
echo "#Where the Backup files are stored" >> ${CONFIG_FILE}
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
DIGEST_FILE="${SAVEDIR}/hashboot.digest"
BACKUP_FILE="${SAVEDIR}/boot-backup.tar"
mkdir -p ${SAVEDIR}
echo -n "Include BIOS check? (y/n)"
read prompt
while ! [[ $prompt == "y" || $prompt == "Y" || $prompt == "n" || $prompt == "N" ]]; do
read prompt
done
if [[ "${prompt}" == "y" || "${prompt}" == "Y" ]]; then
if which flashrom; then
flashrom
echo -n "Which programmer? (eg. internal) "
read p
echo "PROGRAMMER=${p}" >> ${CONFIG_FILE}
else
echo "No flashrom found. You need to install it."
echo "PROGRAMMER=${PROGRAMMER}" >> ${CONFIG_FILE}
fi
else
echo "PROGRAMMER=no" >> ${CONFIG_FILE}
fi
echo "What do we check?"
echo "001=mbr"
echo "010=files"
echo "100=core-/libreboot bios"
echo "100=bios"
echo "eg. 101 for mbr and bios: "
read -r CKMODES
echo "#001=mbr,010=files,100=bios" >> ${CONFIG_FILE}
read CKMODES
echo "CKMODES=$CKMODES" >> ${CONFIG_FILE}
if [ $((CKMODES & 001)) -ne 0 ]; then
echo -n "Which device contains the MBR? [/dev/sda] "
read -r MBR_DEVICE
[ -z "${MBR_DEVICE}" ] && MBR_DEVICE="/dev/sda"
echo "#Device with the MBR on it" >> ${CONFIG_FILE}
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
fi
if [ $((CKMODES & 100)) -ne 0 ]; then
if ! command -v flashrom > /dev/null; then
echo "You need to have flashrom installed!"
echo "Currently it is not installed, don't reboot"
echo "If you need another programmer than internal"
echo "use the variable PROGRAMMER in ${CONFIG_FILE}!"
fi
fi
else
die 9 "No config file found. Run hashboot interactively to generate one."
echo "#Device with the MBR on it" > ${CONFIG_FILE}
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
echo "#Where the Backup files are stored" >> ${CONFIG_FILE}
echo "BACKUP_FILE=${BACKUP_FILE}" >> ${CONFIG_FILE}
echo "CKMODES=$CKMODES" >> ${CONFIG_FILE}
echo "PROGRAMMER=${PROGRAMMER}" >> ${CONFIG_FILE}
fi
fi
if [ $((CKMODES & 001)) -ne 0 ]; then
if [ "${2}" > "1" ]; then
CKMODES=${2}
fi
if [ $((${CKMODES} & 001)) -ne 0 ]; then
# Find out where the first partition starts and set ${MBR_SIZE} in KiB
sectorsize=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep '^Units' | awk '{print $8}' )
if [ "${sectorsize}" == "=" ] # Older versions of util-linux
@ -179,7 +181,7 @@ if [ $((CKMODES & 001)) -ne 0 ]; then
startsector=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep -A1 'Device' | tail -n1 | awk '{print $3}' )
fi
MBR_SIZE=$((sectorsize * startsector / 1024))
MBR_SIZE=$(expr ${sectorsize} \* ${startsector} / 1024)
if [ ${?} != 0 ]
then
@ -191,10 +193,10 @@ fi
if [ "${1}" == "index" ]
then
#Try different hashers, use the most secure
HASHER=$(command -v sha512sum)
test -z "${HASHER}" && HASHER=$(command -v sha384sum)
test -z "${HASHER}" && HASHER=$(command -v sha256sum)
test -z "${HASHER}" && HASHER=$(command -v sha224sum)
HASHER=$(/usr/bin/which sha512sum 2> /dev/null)
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha384sum 2> /dev/null)
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha256sum 2> /dev/null)
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha224sum 2> /dev/null)
#If we found no hasher: exit
[ -z "${HASHER}" ] && die 5 "No hash calculator found"
@ -213,25 +215,18 @@ then
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '<' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
do
#delete from tar
tar --delete -v -P -f ${BACKUP_FILE} "${file}"
tar --delete -v -P -f $BACKUP_FILE $file
done
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '>' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
do
tar -r -v -P -f $BACKUP_FILE "${file}"
tar -r -v -P -f $BACKUP_FILE $file
done
fi
#nur, wenn das updaten des Backups geklappt hat. *im Hinterkopf behalt*
mv ${DIGEST_FILE_TMP} ${DIGEST_FILE}
else
write_hashes $DIGEST_FILE
INCLUDE_FILES=""
if [ -f "${MBR_TMP}" ]; then
INCLUDE_FILES="${INCLUDE_FILES} ${MBR_TMP}"
fi
if [ -f "${BIOS_TMP}" ]; then
INCLUDE_FILES="${BIOS_TMP}"
fi
tar -cpPf "${BACKUP_FILE}" ${INCLUDE_FILES} /boot ${DIGEST_FILE} || die 7 "Error writing ${BACKUP_FILE}"
tar -cpPf ${BACKUP_FILE} ${BIOS} ${MBR_TMP} /boot ${DIGEST_FILE} || die 7 "Error writing ${BACKUP_FILE}"
echo "Backup written to ${BACKUP_FILE}"
fi
@ -239,33 +234,34 @@ elif [ "${1}" == "check" ]
then
[ -f ${DIGEST_FILE} ] || die 9 "No digestfile"
HASHER=$(head -n1 ${DIGEST_FILE} | awk '{print $5}')
if [ $((CKMODES & 001)) != 0 ]; then
if [ $((${CKMODES} & 001)) != 0 ]; then
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
grep ${MBR_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee ${LOG_FILE}
if [ "${PIPESTATUS[2]}" -ne 0 ]
if [ ${PIPESTATUS[2]} -ne 0 ]
then
echo " !! TIME TO PANIK: MBR WAS MODIFIED !!"
COUNTER=$((COUNTER + 1))
fi
fi
if [ $((CKMODES & 010)) -ne 0 ]; then
if [ $((${CKMODES} & 010)) -ne 0 ]; then
grep -v ${MBR_TMP} ${DIGEST_FILE} | grep -v ${BIOS_TMP} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
if [ "${PIPESTATUS[2]}" -ne 0 ]
if [ ${PIPESTATUS[2]} -ne 0 ]
then
echo " !! TIME TO PANIK: AT LEAST 1 FILE WAS MODIFIED !!"
COUNTER=$((COUNTER + 2))
fi
fi
if [ $((CKMODES & 100)) -ne 0 ]; then
if [ $((${CKMODES} & 100)) -ne 0 ]; then
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
#if we set an programmer chip in config, find line with hash for bios and compare. if smthg wrong, panic
if [ ! ${PROGRAMMER} == "no" ]; then
grep ${BIOS_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
if [ "${PIPESTATUS[2]}" -ne 0 ]
if [ ${PIPESTATUS[2]} -ne 0 ]
then
echo " !! TIME TO PANIK: BIOS WAS MODIFIED !!"
COUNTER=$((COUNTER + 10))
fi
fi
fi
if [ ${COUNTER} -gt 0 ]; then
@ -276,16 +272,15 @@ then
echo "Restoring files from backup... (type yes or no for each file)"
#For each failed file: ask if it should be recovered from backup
# shellcheck disable=2013
for file in $(cut -d: -f1 ${LOG_FILE})
do
tar -xpPvwf ${BACKUP_FILE} "${file}"
[ ${?} != 0 ] && echo "Error restoring ${file} from backup, continuing" >&2
tar -xpPvwf ${BACKUP_FILE} ${file}
[ $? != 0 ] && echo "Error restoring ${file} from backup, continuing" >&2
#If the MBR is to be recovered, copy to ${MBR_DEVICE}
if [ "${file}" == ${MBR_TMP} ]
then
cp ${MBR_TMP} ${MBR_DEVICE}
[ ${?} != 0 ] && echo "Error restoring MBR from backup, continuing" >&2
[ $? != 0 ] && echo "Error restoring MBR from backup, continuing" >&2
fi
done
else

View File

@ -1,56 +0,0 @@
= hashboot(1)
tastytea <tastytea@tastytea.de>; teldra <teldra@rotce.de>
:Date: 2019-04-12
:Revision: 0.9.8
:man source: hashboot
:man version: {revision}
:man manual: General Commands Manual
== NAME
hashboot - generate checksums and a backup for /boot, MBR and BIOS.
== SYNOPSIS
*hashboot* _index_|_check_|_recover_
== DESCRIPTION
hashboot hashes all files in `/boot` and the MBR to check them during early
boot. It is intended for when you have encrypted the root partition but not the
boot partition. The checksums and a backup of the contents of `/boot` are stored
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
option to restore the file from backup.
If there is a core- or libreboot bios and flashrom installed, hashboot can
check bios for modifications too.
== OPTIONS
*index*::
generate checksums and a backup for `/boot`, MBR and BIOS.
*check*::
check `/boot`, MBR and BIOS.
*recover*::
replace corrupted files with the backup.
== CONFIGURATION
The configuration file is in `/etc/hashboot.conf`.
=== Possible options
[frame="none",grid="none"]
|============
|SAVEDIR | The checksums and the backup are stored here.
|CKMODES | 001=mbr, 010=files, 100=bios.
|MBR_DEVICE | Device with the MBR on it.
|PROGRAMMER | Use this programmer instead of "internal". Will be passed to flashrom.
|============
== REPORTING BUGS
Bugtracker: https://github.com/tastytea/hashboot/issues

View File

@ -1,12 +0,0 @@
[Trigger]
Operation = Install
Operation = Upgrade
Operation = Remove
Type = Package
Target = *
[Action]
Description = Regenerating hashboot checksums...
When = PostTransaction
Exec = /usr/bin/hashboot index
Depends = hashboot

View File

@ -1,39 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
description="Check integrity of files in /boot"
depend()
{
need localmount
before xdm
}
start()
{
ebegin "Checking integrity of files in /boot"
# See if hashboot is accessible
which hashboot > /dev/null || return 255
hashboot check
ret=$?
# If return code is 1-3 or 10-13
if [ ${ret} -ge 1 ] && [ ${ret} -le 3 ] || [ ${ret} -ge 10 ] && [ ${ret} -le 13 ]; then
echo -n "Recover files? [y/N] "
read -r yesno
if [ "${yesno}" == "y" ]; then
hashboot recover
fi
echo "Dropping to shell. Type exit to continue."
sh
return ${ret}
elif [ ${ret} != 0 ]; then
eerror "Unexpected error number ${ret}."
return ${ret}
fi
eend 0
}

View File

@ -1,56 +0,0 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: hashboot
# Required-Start: $mountall
# Required-Stop:
# Default-Start: S
# Default-Stop:
# Short-Description: Check integrity of files in /boot
### END INIT INFO
#PATH=/sbin:/bin:/usr/bin:/usr
# See if hashboot is accessible
test -x $(which hashboot) || exit 255
case "$1" in
start)
log_daemon_msg "Checking integrity of files in /boot"
hashboot check
ret=$?
if [ ${ret} -ge 1 ] && [ ${ret} -le 3 ] || [ ${ret} -ge 10 ] && [ ${ret} -le 13 ]; then
log_end_msg ${ret}
echo -n "Recover files? [y/N] "
read -r yesno
if [ "${yesno}" == "y" ]; then
hashboot recover
fi
echo "Dropping to shell. Type exit to continue."
sh
exit ${ret}
elif [ ${ret} != 0 ]; then
log_end_msg ${ret}
eerror "Unexpected error number ${ret}."
exit ${ret}
fi
log_end_msg 0
;;
stop)
# No-op
;;
restart|reload|force-reload|status)
echo "Error: argument '$1' not supported" >&2
exit 1
;;
*)
echo "Usage: /etc/init.d/hashboot {start|stop}"
exit 1
;;
esac
exit 0

37
initscript.openrc Executable file
View File

@ -0,0 +1,37 @@
#!/sbin/openrc-run
description="Check integrity of files in /boot"
depend()
{
need localmount
before xdm
}
start()
{
ebegin "Checking integrity of files in /boot"
# See if hashboot is accessible
which hashboot > /dev/null || return 255
hashboot check
if [ $? -gt 0 ] && [ $? -le 3 ]
then
echo -n "Recover files? [y/N] "
read -r yesno
if [ "${yesno}" == "y" ]
then
hashboot recover
fi
echo "Dropping to shell. Type exit to continue."
sh
return 3
elif [ $? != 0 ]
then
return $?
fi
eend 0
}

58
initscript.sysv Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: hashboot
# Required-Start: $mountall
# Required-Stop:
# Default-Start: S
# Default-Stop:
# Short-Description: Check integrity of files in /boot
### END INIT INFO
#PATH=/sbin:/bin:/usr/bin:/usr
# See if hashboot is accessible
test -x $(which hashboot) || exit 255
case "$1" in
start)
log_daemon_msg "Checking integrity of files in /boot"
hashboot check
if [ $? -gt 0 ] && [ $? -le 3 ]
then
log_end_msg 4
echo -n "Recover files? [y/N] "
read -r yesno
if [ "${yesno}" == "y" ]
then
hashboot recover
fi
echo "Dropping to shell. Type exit to continue."
sh
exit 3
elif [ $? != 0 ]
then
log_end_msg $?
exit $?
fi
log_end_msg 0
;;
stop)
# No-op
;;
restart|reload|force-reload|status)
echo "Error: argument '$1' not supported" >&2
exit 1
;;
*)
echo "Usage: /etc/init.d/hashboot {start|stop}"
exit 1
;;
esac
exit 0