Compare commits
42 Commits
Author | SHA1 | Date |
---|---|---|
tastytea | 775b854cd1 | |
tastytea | c06b25c54a | |
tastytea | 023bd8b2de | |
tastytea | 7c0b3ef862 | |
tastytea | dc12c45581 | |
tastytea | 078f86c732 | |
tastytea | 326d4a30b6 | |
tastytea | 7b2e19bdef | |
tastytea | 7f32a7c5e4 | |
tastytea | 329095f5fa | |
tastytea | 9e9bfe3749 | |
tastytea | f571b962c1 | |
tastytea | 4d0b0cf8e4 | |
tastytea | e2ecb17afe | |
tastytea | 7d013ff78f | |
tastytea | aa95914010 | |
tastytea | 89e85108ed | |
tastytea | a8ba52f834 | |
tastytea | e3830ed8d6 | |
tastytea | c9cbf76701 | |
tastytea | 23c3704f3b | |
tastytea | 202e1bfad2 | |
tastytea | 71b41300b3 | |
tastytea | a4f8837aa2 | |
Hunter Peavey | be684bb473 | |
Teldra | 25111f02a7 | |
Hunter Peavey | b2a7dd0959 | |
Hunter Peavey | 22ec91cc9d | |
tastytea | 2be01c031b | |
tastytea | 3437eba5ea | |
tastytea | 1e63a10a99 | |
tastytea | 9de04f11fc | |
tastytea | 02121e496c | |
tastytea | 191753a17e | |
tastytea | 358b75f429 | |
tastytea | 62d8a78c03 | |
tastytea | b0d7c515cd | |
tastytea | 72be9701a1 | |
Teldra | 44f8a4f184 | |
teldra | 82c1d64718 | |
Teldra | 7c386ac209 | |
teldra | 51f3afb14d |
|
@ -0,0 +1,119 @@
|
|||
kind: pipeline
|
||||
name: check
|
||||
|
||||
volumes:
|
||||
- name: debian-package-cache
|
||||
host:
|
||||
path: /var/cache/debian-package-cache
|
||||
|
||||
trigger:
|
||||
event:
|
||||
exclude:
|
||||
- tag
|
||||
|
||||
steps:
|
||||
- name: shellcheck
|
||||
image: debian:stretch-slim
|
||||
pull: always
|
||||
commands:
|
||||
- rm /etc/apt/apt.conf.d/docker-clean
|
||||
- rm /var/cache/apt/archives/lock
|
||||
- echo "APT::Default-Release \"stretch\";" >> /etc/apt/apt.conf.d/00default_release
|
||||
- echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list.d/buster.list
|
||||
- apt-get update -q
|
||||
- apt-get install -qy -t buster shellcheck
|
||||
- shellcheck hashboot
|
||||
volumes:
|
||||
- name: debian-package-cache
|
||||
path: /var/cache/apt/archives
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
pull: always
|
||||
settings:
|
||||
host: cryptoparty-celle.de
|
||||
from: drone@tzend.de
|
||||
username:
|
||||
from_secret: email_username
|
||||
password:
|
||||
from_secret: email_password
|
||||
when:
|
||||
status: [ changed, failure ]
|
||||
|
||||
---
|
||||
|
||||
kind: pipeline
|
||||
name: release
|
||||
|
||||
volumes:
|
||||
- name: debian-package-cache
|
||||
host:
|
||||
path: /var/cache/debian-package-cache
|
||||
- name: gpg-key
|
||||
host:
|
||||
path: /home/tastytea/misc/autosign_gpg.key
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- tag
|
||||
|
||||
steps:
|
||||
- name: download tar.gz
|
||||
image: plugins/download
|
||||
settings:
|
||||
source: https://schlomp.space/tastytea/hashboot/archive/${DRONE_TAG}.tar.gz
|
||||
destination: hashboot-${DRONE_TAG}.tar.gz
|
||||
|
||||
- name: download zip
|
||||
image: plugins/download
|
||||
settings:
|
||||
source: https://schlomp.space/tastytea/hashboot/archive/${DRONE_TAG}.zip
|
||||
destination: hashboot-${DRONE_TAG}.zip
|
||||
|
||||
- name: signature
|
||||
image: debian:stretch-slim
|
||||
pull: always
|
||||
commands:
|
||||
- rm /etc/apt/apt.conf.d/docker-clean
|
||||
- rm -f /var/cache/apt/archives/lock
|
||||
- apt-get update -q
|
||||
- apt-get install -qy gnupg
|
||||
- gpg --import /var/autosign_gpg.key
|
||||
- gpg --verbose --detach-sign *.tar.gz
|
||||
- gpg --verbose --detach-sign *.zip
|
||||
volumes:
|
||||
- name: debian-package-cache
|
||||
path: /var/cache/apt/archives
|
||||
- name: gpg-key
|
||||
path: /var/autosign_gpg.key
|
||||
|
||||
- name: release
|
||||
image: plugins/gitea-release
|
||||
pull: always
|
||||
settings:
|
||||
base_url: https://schlomp.space
|
||||
api_key:
|
||||
from_secret: gitea_token
|
||||
title: ${DRONE_TAG}
|
||||
prerelease: true
|
||||
files:
|
||||
- hashboot-${DRONE_TAG}.tar.gz
|
||||
- hashboot-${DRONE_TAG}.tar.gz.sig
|
||||
- hashboot-${DRONE_TAG}.zip
|
||||
- hashboot-${DRONE_TAG}.zip.sig
|
||||
checksum:
|
||||
- sha256
|
||||
- sha512
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
pull: always
|
||||
settings:
|
||||
host: cryptoparty-celle.de
|
||||
from: drone@tzend.de
|
||||
username:
|
||||
from_secret: email_username
|
||||
password:
|
||||
from_secret: email_password
|
||||
when:
|
||||
status: [ changed, failure ]
|
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
|||
"THE HUG-WARE LICENSE" (Revision 2):
|
||||
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
|
||||
As Long as you retain this notice you can do whatever you want with this.
|
||||
As long as you retain this notice you can do whatever you want with this.
|
||||
If we meet some day, and you think this is nice, you can give us a hug.
|
||||
|
|
60
README.md
60
README.md
|
@ -4,31 +4,73 @@ boot partition. The checksums and a backup of the contents of `/boot` are stored
|
|||
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
|
||||
option to restore the file from backup.
|
||||
|
||||
If there is a core- or libreboot bios and flashrom installed, **hashboot** can check bios for modifications too.
|
||||
If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)
|
||||
installed, **hashboot** can check the BIOS for modifications too.
|
||||
|
||||
We moved our code to
|
||||
[schlomp.space](https://schlomp.space/tastytea/hashboot) but we keep the
|
||||
[GitHub-repo](https://github.com/tastytea/hashboot) as a mirror.
|
||||
|
||||
# Install
|
||||
|
||||
## Packages
|
||||
|
||||
### Void Linux
|
||||
|
||||
``` shell
|
||||
xbps-install -S hashboot
|
||||
```
|
||||
|
||||
### Gentoo Linux
|
||||
|
||||
Ebuilds are available via the
|
||||
[tastytea repository](https://schlomp.space/tastytea/overlay).
|
||||
|
||||
``` shell
|
||||
emerge -a sys-apps/hashboot
|
||||
rc-update add hashboot boot
|
||||
```
|
||||
|
||||
### Arch Linux
|
||||
|
||||
Use the [package from AUR](https://aur.archlinux.org/packages/hashboot/).
|
||||
|
||||
## Manual
|
||||
|
||||
### Any distro
|
||||
|
||||
The releases on
|
||||
[schlomp.space](https://schlomp.space/tastytea/hashboot/releases) are
|
||||
PGP-signed. The key-ID is `F7301ADFC9ED262448C42B64242E5AC4DA587BF9`
|
||||
(`242E5AC4DA587BF9`). You can fetch it with `gpg --locate-key
|
||||
autosign@tastytea.de`.
|
||||
|
||||
* Make hashboot executable
|
||||
* Place hashboot anywhere in $PATH
|
||||
* Place hashboot anywhere in ${PATH}
|
||||
* Install the appropriate init script
|
||||
* If applicable, copy kernel-hook to /etc/kernel/post{inst,rm}.d/zzz-hashboot (make sure it is called after all other hooks)
|
||||
* To generate the manpage, install asciidoc and run `build_manpage.sh`.
|
||||
* If applicable, copy `hooks/kernel-postinst` to /etc/kernel/post{inst,rm}.d/zzz-hashboot
|
||||
(make sure it is called after all other hooks)
|
||||
* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run
|
||||
`build_manpage.sh`.
|
||||
|
||||
# Usage
|
||||
* First run creates a configuration file. Use bitmask to select desired checkroutines
|
||||
* Run "hashboot index" to generate checksums and a backup for /boot and MBR
|
||||
* Run "hashboot check" to check /boot and MBR
|
||||
* Run "hashboot recover" to replace corrupted files with the backup
|
||||
|
||||
* First run creates a configuration file. Select the desired checkroutines
|
||||
* Run `hashboot index` to generate checksums and a backup for /boot and MBR
|
||||
* Run `hashboot check` to check /boot and MBR
|
||||
* Run `hashboot recover` to replace corrupted files with the backup
|
||||
|
||||
# Notes
|
||||
|
||||
* You can't use the openrc/sysv init scripts with parallel boot.
|
||||
* The systemd and SysVinit init scripts have not been tested in a while, but
|
||||
will probably work.
|
||||
|
||||
# License
|
||||
|
||||
```PLAIN
|
||||
"THE HUG-WARE LICENSE" (Revision 2):
|
||||
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
|
||||
As Long as you retain this notice you can do whatever you want with this.
|
||||
As long as you retain this notice you can do whatever you want with this.
|
||||
If we meet some day, and you think this is nice, you can give us a hug.
|
||||
```
|
||||
|
|
87
hashboot
87
hashboot
|
@ -8,11 +8,14 @@
|
|||
###############################################################################
|
||||
# "THE HUG-WARE LICENSE" (Revision 2): #
|
||||
# teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this. #
|
||||
# As Long as you retain this notice you can do whatever you want with this. #
|
||||
# As Long as you retain this notice you can do whatever you want with this. #
|
||||
# If we meet some day, and you think this is nice, you can give us a hug. #
|
||||
###############################################################################
|
||||
|
||||
VERSION="0.9.10"
|
||||
# Disable warnings about $?.
|
||||
# shellcheck disable=SC2181
|
||||
|
||||
VERSION="0.9.14"
|
||||
PATH="/bin:/usr/bin:/sbin:/usr/sbin:${PATH}"
|
||||
DIGEST_FILE=""
|
||||
BACKUP_FILE=""
|
||||
|
@ -47,29 +50,31 @@ die ()
|
|||
rm -f "${DIGEST_FILE_TMP}" "${MBR_TMP}" "${BIOS_TMP}"
|
||||
|
||||
[ -z "${2}" ] || echo "${2}" >&2
|
||||
exit ${1}
|
||||
exit "${1}"
|
||||
}
|
||||
|
||||
write_hashes ()
|
||||
{
|
||||
#Write header to ${1}
|
||||
echo "#hashboot ${VERSION} - Algorithm: $(basename ${HASHER})" > ${1}
|
||||
local file="${1}"
|
||||
#Write header to ${file}
|
||||
echo "#hashboot ${VERSION} - Algorithm: $(basename ${HASHER})" > "${file}"
|
||||
|
||||
if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
||||
if [ $((CKMODES & 001)) -ne 0 ]; then
|
||||
#copy mbr to file
|
||||
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
|
||||
#Write hash of MBR to ${1}
|
||||
${HASHER} ${MBR_TMP} >> ${1}
|
||||
#Write hash of MBR to ${file}
|
||||
${HASHER} ${MBR_TMP} >> "${file}"
|
||||
fi
|
||||
if [ $((${CKMODES} & 010)) -ne 0 ]; then
|
||||
#Write hashes of all regular files to ${1}
|
||||
find /boot -type f -exec ${HASHER} --binary {} >> ${1} +
|
||||
if [ $((CKMODES & 010)) -ne 0 ]; then
|
||||
#Write hashes of all regular files to ${file}
|
||||
# shellcheck disable=SC2227
|
||||
find /boot -type f -exec ${HASHER} --binary {} >> "${file}" +
|
||||
fi
|
||||
if [ $((${CKMODES} & 100)) -ne 0 ]; then
|
||||
if [ $((CKMODES & 100)) -ne 0 ]; then
|
||||
#read bios to file
|
||||
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
|
||||
#and write hashes of bios files to ${1}
|
||||
${HASHER} ${BIOS_TMP} >> ${1}
|
||||
#and write hashes of bios files to ${file}
|
||||
${HASHER} ${BIOS_TMP} >> "${file}"
|
||||
|
||||
fi
|
||||
}
|
||||
|
@ -89,7 +94,9 @@ then
|
|||
fi
|
||||
|
||||
# Debian < 8 check
|
||||
if which lsb_release > /dev/null 2>&1 && [ "$(lsb_release -si)" == "Debian" ] && [ $(lsb_release -sr | cut -d'.' -f1) -lt 8 ]
|
||||
if command -v lsb_release > /dev/null \
|
||||
&& [ "$(lsb_release -si)" == "Debian" ] \
|
||||
&& [ "$(lsb_release -sr | cut -d'.' -f1)" -lt 8 ]
|
||||
then
|
||||
DD_STATUS="noxfer"
|
||||
fi
|
||||
|
@ -97,9 +104,10 @@ fi
|
|||
#Look for config file and set ${MBR_DEVICE}.
|
||||
if [ -f ${CONFIG_FILE} ]
|
||||
then
|
||||
# shellcheck source=/dev/null
|
||||
source ${CONFIG_FILE} || die 9 "Error reading config file"
|
||||
#compatibility to old cfg format
|
||||
if [ ! -z "${BACKUP_FILE}" ]; then
|
||||
if [ -n "${BACKUP_FILE}" ]; then
|
||||
SAVEDIR="/var/lib/hashboot"
|
||||
echo "SAVEDIR=${SAVEDIR}" >> ${CONFIG_FILE}
|
||||
mkdir -p ${SAVEDIR}
|
||||
|
@ -132,11 +140,11 @@ else
|
|||
echo "010=files"
|
||||
echo "100=core-/libreboot bios"
|
||||
echo "eg. 101 for mbr and bios: "
|
||||
read CKMODES
|
||||
read -r CKMODES
|
||||
echo "#001=mbr,010=files,100=bios" >> ${CONFIG_FILE}
|
||||
echo "CKMODES=$CKMODES" >> ${CONFIG_FILE}
|
||||
|
||||
if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
||||
if [ $((CKMODES & 001)) -ne 0 ]; then
|
||||
echo -n "Which device contains the MBR? [/dev/sda] "
|
||||
read -r MBR_DEVICE
|
||||
[ -z "${MBR_DEVICE}" ] && MBR_DEVICE="/dev/sda"
|
||||
|
@ -144,21 +152,21 @@ else
|
|||
echo "MBR_DEVICE=${MBR_DEVICE}" >> ${CONFIG_FILE}
|
||||
fi
|
||||
|
||||
if [ $((${CKMODES} & 100)) -ne 0 ]; then
|
||||
if ! which flashrom; then
|
||||
if [ $((CKMODES & 100)) -ne 0 ]; then
|
||||
if ! command -v flashrom > /dev/null; then
|
||||
echo "You need to have flashrom installed!"
|
||||
echo "Currently it is not installed, don't reboot"
|
||||
echo "If you need another programmer than internal"
|
||||
echo "use the variable PROGRAMMER in $CONFIG_FILE\!"
|
||||
echo "use the variable PROGRAMMER in ${CONFIG_FILE}!"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
else
|
||||
die 9 "No config file found. Run hashboot interactively to generate one."
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
||||
if [ $((CKMODES & 001)) -ne 0 ]; then
|
||||
# Find out where the first partition starts and set ${MBR_SIZE} in KiB
|
||||
sectorsize=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep '^Units' | awk '{print $8}' )
|
||||
if [ "${sectorsize}" == "=" ] # Older versions of util-linux
|
||||
|
@ -171,7 +179,7 @@ if [ $((${CKMODES} & 001)) -ne 0 ]; then
|
|||
startsector=$(LC_ALL=C fdisk -l ${MBR_DEVICE} | grep -A1 'Device' | tail -n1 | awk '{print $3}' )
|
||||
fi
|
||||
|
||||
MBR_SIZE=$(expr ${sectorsize} \* ${startsector} / 1024)
|
||||
MBR_SIZE=$((sectorsize * startsector / 1024))
|
||||
|
||||
if [ ${?} != 0 ]
|
||||
then
|
||||
|
@ -183,10 +191,10 @@ fi
|
|||
if [ "${1}" == "index" ]
|
||||
then
|
||||
#Try different hashers, use the most secure
|
||||
HASHER=$(/usr/bin/which sha512sum 2> /dev/null)
|
||||
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha384sum 2> /dev/null)
|
||||
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha256sum 2> /dev/null)
|
||||
test -z "${HASHER}" && HASHER=$(/usr/bin/which sha224sum 2> /dev/null)
|
||||
HASHER=$(command -v sha512sum)
|
||||
test -z "${HASHER}" && HASHER=$(command -v sha384sum)
|
||||
test -z "${HASHER}" && HASHER=$(command -v sha256sum)
|
||||
test -z "${HASHER}" && HASHER=$(command -v sha224sum)
|
||||
#If we found no hasher: exit
|
||||
[ -z "${HASHER}" ] && die 5 "No hash calculator found"
|
||||
|
||||
|
@ -205,11 +213,11 @@ then
|
|||
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '<' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
|
||||
do
|
||||
#delete from tar
|
||||
tar --delete -v -P -f $BACKUP_FILE $file
|
||||
tar --delete -v -P -f ${BACKUP_FILE} "${file}"
|
||||
done
|
||||
for file in $(diff ${DIGEST_FILE} ${DIGEST_FILE_TMP} | grep -v '#hashboot' | grep '>' | cut -d'*' -f2 | sed 's/\ /\\ /g' );
|
||||
do
|
||||
tar -r -v -P -f $BACKUP_FILE $file
|
||||
tar -r -v -P -f $BACKUP_FILE "${file}"
|
||||
done
|
||||
fi
|
||||
#nur, wenn das updaten des Backups geklappt hat. *im Hinterkopf behalt*
|
||||
|
@ -231,28 +239,28 @@ elif [ "${1}" == "check" ]
|
|||
then
|
||||
[ -f ${DIGEST_FILE} ] || die 9 "No digestfile"
|
||||
HASHER=$(head -n1 ${DIGEST_FILE} | awk '{print $5}')
|
||||
if [ $((${CKMODES} & 001)) != 0 ]; then
|
||||
if [ $((CKMODES & 001)) != 0 ]; then
|
||||
dd if=${MBR_DEVICE} of=${MBR_TMP} bs=${MBR_SIZE}K count=1 status=${DD_STATUS} || die 8
|
||||
grep ${MBR_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee ${LOG_FILE}
|
||||
if [ ${PIPESTATUS[2]} -ne 0 ]
|
||||
if [ "${PIPESTATUS[2]}" -ne 0 ]
|
||||
then
|
||||
echo " !! TIME TO PANIK: MBR WAS MODIFIED !!"
|
||||
COUNTER=$((COUNTER + 1))
|
||||
fi
|
||||
fi
|
||||
if [ $((${CKMODES} & 010)) -ne 0 ]; then
|
||||
if [ $((CKMODES & 010)) -ne 0 ]; then
|
||||
grep -v ${MBR_TMP} ${DIGEST_FILE} | grep -v ${BIOS_TMP} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
|
||||
if [ ${PIPESTATUS[2]} -ne 0 ]
|
||||
if [ "${PIPESTATUS[2]}" -ne 0 ]
|
||||
then
|
||||
echo " !! TIME TO PANIK: AT LEAST 1 FILE WAS MODIFIED !!"
|
||||
COUNTER=$((COUNTER + 2))
|
||||
fi
|
||||
fi
|
||||
if [ $((${CKMODES} & 100)) -ne 0 ]; then
|
||||
if [ $((CKMODES & 100)) -ne 0 ]; then
|
||||
flashrom --programmer ${PROGRAMMER} -r ${BIOS_TMP} > /dev/null 2>&1
|
||||
#if we set an programmer chip in config, find line with hash for bios and compare. if smthg wrong, panic
|
||||
grep ${BIOS_TMP} ${DIGEST_FILE} | ${HASHER} --check --warn --quiet --strict | tee -a ${LOG_FILE}
|
||||
if [ ${PIPESTATUS[2]} -ne 0 ]
|
||||
if [ "${PIPESTATUS[2]}" -ne 0 ]
|
||||
then
|
||||
echo " !! TIME TO PANIK: BIOS WAS MODIFIED !!"
|
||||
COUNTER=$((COUNTER + 10))
|
||||
|
@ -268,15 +276,16 @@ then
|
|||
echo "Restoring files from backup... (type yes or no for each file)"
|
||||
|
||||
#For each failed file: ask if it should be recovered from backup
|
||||
# shellcheck disable=2013
|
||||
for file in $(cut -d: -f1 ${LOG_FILE})
|
||||
do
|
||||
tar -xpPvwf ${BACKUP_FILE} ${file}
|
||||
[ $? != 0 ] && echo "Error restoring ${file} from backup, continuing" >&2
|
||||
tar -xpPvwf ${BACKUP_FILE} "${file}"
|
||||
[ ${?} != 0 ] && echo "Error restoring ${file} from backup, continuing" >&2
|
||||
#If the MBR is to be recovered, copy to ${MBR_DEVICE}
|
||||
if [ "${file}" == ${MBR_TMP} ]
|
||||
then
|
||||
cp ${MBR_TMP} ${MBR_DEVICE}
|
||||
[ $? != 0 ] && echo "Error restoring MBR from backup, continuing" >&2
|
||||
[ ${?} != 0 ] && echo "Error restoring MBR from backup, continuing" >&2
|
||||
fi
|
||||
done
|
||||
else
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
= hashboot(1)
|
||||
tastytea <tastytea@tastytea.de>; teldra <teldra@rotce.de>
|
||||
:Date: 2019-02-24
|
||||
:Date: 2019-04-12
|
||||
:Revision: 0.9.8
|
||||
:man source: hashboot
|
||||
:man version: {revision}
|
||||
|
@ -27,12 +27,14 @@ check bios for modifications too.
|
|||
|
||||
== OPTIONS
|
||||
|
||||
[frame="none",grid="none"]
|
||||
|============
|
||||
| *index* | generate checksums and a backup for `/boot`, MBR and BIOS.
|
||||
| *check* | check `/boot`, MBR and BIOS.
|
||||
| *recover* | replace corrupted files with the backup.
|
||||
|============
|
||||
*index*::
|
||||
generate checksums and a backup for `/boot`, MBR and BIOS.
|
||||
|
||||
*check*::
|
||||
check `/boot`, MBR and BIOS.
|
||||
|
||||
*recover*::
|
||||
replace corrupted files with the backup.
|
||||
|
||||
== CONFIGURATION
|
||||
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
[Trigger]
|
||||
Operation = Install
|
||||
Operation = Upgrade
|
||||
Operation = Remove
|
||||
Type = Package
|
||||
Target = *
|
||||
|
||||
[Action]
|
||||
Description = Regenerating hashboot checksums...
|
||||
When = PostTransaction
|
||||
Exec = /usr/bin/hashboot index
|
||||
Depends = hashboot
|
|
@ -0,0 +1,39 @@
|
|||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2019 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
description="Check integrity of files in /boot"
|
||||
|
||||
depend()
|
||||
{
|
||||
need localmount
|
||||
before xdm
|
||||
}
|
||||
|
||||
start()
|
||||
{
|
||||
ebegin "Checking integrity of files in /boot"
|
||||
|
||||
# See if hashboot is accessible
|
||||
which hashboot > /dev/null || return 255
|
||||
|
||||
hashboot check
|
||||
ret=$?
|
||||
# If return code is 1-3 or 10-13
|
||||
if [ ${ret} -ge 1 ] && [ ${ret} -le 3 ] || [ ${ret} -ge 10 ] && [ ${ret} -le 13 ]; then
|
||||
echo -n "Recover files? [y/N] "
|
||||
read -r yesno
|
||||
if [ "${yesno}" == "y" ]; then
|
||||
hashboot recover
|
||||
fi
|
||||
|
||||
echo "Dropping to shell. Type exit to continue."
|
||||
sh
|
||||
return ${ret}
|
||||
elif [ ${ret} != 0 ]; then
|
||||
eerror "Unexpected error number ${ret}."
|
||||
return ${ret}
|
||||
fi
|
||||
|
||||
eend 0
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
#!/bin/bash
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: hashboot
|
||||
# Required-Start: $mountall
|
||||
# Required-Stop:
|
||||
# Default-Start: S
|
||||
# Default-Stop:
|
||||
# Short-Description: Check integrity of files in /boot
|
||||
### END INIT INFO
|
||||
|
||||
#PATH=/sbin:/bin:/usr/bin:/usr
|
||||
|
||||
# See if hashboot is accessible
|
||||
test -x $(which hashboot) || exit 255
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
log_daemon_msg "Checking integrity of files in /boot"
|
||||
|
||||
hashboot check
|
||||
ret=$?
|
||||
if [ ${ret} -ge 1 ] && [ ${ret} -le 3 ] || [ ${ret} -ge 10 ] && [ ${ret} -le 13 ]; then
|
||||
log_end_msg ${ret}
|
||||
|
||||
echo -n "Recover files? [y/N] "
|
||||
read -r yesno
|
||||
if [ "${yesno}" == "y" ]; then
|
||||
hashboot recover
|
||||
fi
|
||||
|
||||
echo "Dropping to shell. Type exit to continue."
|
||||
sh
|
||||
exit ${ret}
|
||||
elif [ ${ret} != 0 ]; then
|
||||
log_end_msg ${ret}
|
||||
eerror "Unexpected error number ${ret}."
|
||||
exit ${ret}
|
||||
fi
|
||||
|
||||
log_end_msg 0
|
||||
;;
|
||||
stop)
|
||||
# No-op
|
||||
;;
|
||||
restart|reload|force-reload|status)
|
||||
echo "Error: argument '$1' not supported" >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/hashboot {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -1,37 +0,0 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
description="Check integrity of files in /boot"
|
||||
|
||||
depend()
|
||||
{
|
||||
need localmount
|
||||
before xdm
|
||||
}
|
||||
|
||||
start()
|
||||
{
|
||||
ebegin "Checking integrity of files in /boot"
|
||||
|
||||
# See if hashboot is accessible
|
||||
which hashboot > /dev/null || return 255
|
||||
|
||||
hashboot check
|
||||
if [ $? -gt 0 ] && [ $? -le 3 ]
|
||||
then
|
||||
echo -n "Recover files? [y/N] "
|
||||
read -r yesno
|
||||
if [ "${yesno}" == "y" ]
|
||||
then
|
||||
hashboot recover
|
||||
fi
|
||||
|
||||
echo "Dropping to shell. Type exit to continue."
|
||||
sh
|
||||
return 3
|
||||
elif [ $? != 0 ]
|
||||
then
|
||||
return $?
|
||||
fi
|
||||
|
||||
eend 0
|
||||
}
|
|
@ -1,58 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: hashboot
|
||||
# Required-Start: $mountall
|
||||
# Required-Stop:
|
||||
# Default-Start: S
|
||||
# Default-Stop:
|
||||
# Short-Description: Check integrity of files in /boot
|
||||
### END INIT INFO
|
||||
|
||||
#PATH=/sbin:/bin:/usr/bin:/usr
|
||||
|
||||
# See if hashboot is accessible
|
||||
test -x $(which hashboot) || exit 255
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
log_daemon_msg "Checking integrity of files in /boot"
|
||||
|
||||
hashboot check
|
||||
if [ $? -gt 0 ] && [ $? -le 3 ]
|
||||
then
|
||||
log_end_msg 4
|
||||
|
||||
echo -n "Recover files? [y/N] "
|
||||
read -r yesno
|
||||
if [ "${yesno}" == "y" ]
|
||||
then
|
||||
hashboot recover
|
||||
fi
|
||||
|
||||
echo "Dropping to shell. Type exit to continue."
|
||||
sh
|
||||
exit 3
|
||||
elif [ $? != 0 ]
|
||||
then
|
||||
log_end_msg $?
|
||||
exit $?
|
||||
fi
|
||||
|
||||
log_end_msg 0
|
||||
;;
|
||||
stop)
|
||||
# No-op
|
||||
|
||||
;;
|
||||
restart|reload|force-reload|status)
|
||||
echo "Error: argument '$1' not supported" >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/hashboot {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue