added SHA512 stage3 verification

3 files changed, 73 insertions, 42 deletions

diff --git a/amd64-hardened-nomultilib/build.sh b/amd64-hardened-nomultilib/build.sh
index 96f6ad8..83bbbed 100755
--- a/amd64-hardened-nomultilib/build.sh
+++ b/amd64-hardened-nomultilib/build.sh
@@ -1,29 +1,45 @@
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+	#echo $1 $2
+	#ls -l $1 $2
+	test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+	calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+	#echo aaaa $test_sum bbb $calculated_sum
+	if [[ "$test_sum" == "$calculated_sum" ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
 suffix=$3 # e.g. -hardened
 arch=$1
-busybox_version=$2
 dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
 
+# Create working directory, keep a copy of busybox handy
 mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
+cp /bin/busybox .
 
-latest_stage3=$(curl "${base_url}/latest-stage3-amd64-hardened+nomultilib.txt" 2>/dev/null | grep -v '#' | awk '{print $1}')
-stage3=$(basename "${latest_stage3}")
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then echo "DIGEST sum is okey"; else echo "DIGEST sum is NOT okey"; return 1; fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
 
-# Self destruct
-rm -f /Dockerfile /build.sh
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
 
-echo "Bootstrapped ${stage3} into /:"
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
+
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
 ls --color -lah
+
diff --git a/amd64-hardened/build.sh b/amd64-hardened/build.sh
index 644f62d..83bbbed 100755
--- a/amd64-hardened/build.sh
+++ b/amd64-hardened/build.sh
@@ -21,7 +21,6 @@ stage3="$(basename ${stage3path})"
 
 # Create working directory, keep a copy of busybox handy
 mkdir newWorldOrder; cd newWorldOrder
-<<<<<<< HEAD
 cp /bin/busybox .
 
 echo "Downloading and extracting ${stage3path}..."
diff --git a/amd64-nomultilib/build.sh b/amd64-nomultilib/build.sh
index ade04b8..83bbbed 100755
--- a/amd64-nomultilib/build.sh
+++ b/amd64-nomultilib/build.sh
@@ -1,29 +1,45 @@
-suffix=$3 # e.g. -nomultilib
+# First param is package tarball, 2nd is the *.DIGEST file
+VerifyShaOfStage3()
+{
+	#echo $1 $2
+	#ls -l $1 $2
+	test_sum=$(awk -v myvar="$1" '$2==myvar {for(i=1; i<=1; i++) { print $1; exit}}' $2)
+	calculated_sum=$(sha512sum $1 | awk '{print $1}' -)
+	#echo aaaa $test_sum bbb $calculated_sum
+	if [[ "$test_sum" == "$calculated_sum" ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+suffix=$3 # e.g. -hardened
 arch=$1
-busybox_version=$2
 dist="http://distfiles.gentoo.org/releases/${arch}/autobuilds/"
-stage3="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3path="$(wget -q -O- ${dist}/latest-stage3-${arch}${suffix}.txt | tail -n 1 | cut -f 1 -d ' ')"
+stage3="$(basename ${stage3path})"
 
+# Create working directory, keep a copy of busybox handy
 mkdir newWorldOrder; cd newWorldOrder
-echo "Downloading and extracting ${stage3}..."
-wget -q -c "${dist}/${stage3}"
-bunzip2 -c $(basename ${stage3}) | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
-rm -f $(basename ${stage3})
-wget -q -O /busybox "http://www.busybox.net/downloads/binaries/latest/busybox-${busybox_version}"
-chmod +x /busybox
-/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
-/busybox cp -fRap lib* /
-/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
-/busybox cp -fRap etc/* /etc/
-cd /
-#commit suicide
-/busybox rm -rf newWorldOrder /busybox /build.sh /linuxrc
+cp /bin/busybox .
 
-latest_stage3=$(curl "${base_url}/latest-stage3-amd64-nomultilib.txt" 2>/dev/null | grep -v '#' | awk '{print $1}')
-stage3=$(basename "${latest_stage3}")
+echo "Downloading and extracting ${stage3path}..."
+wget -q -c "${dist}/${stage3path}" "${dist}/${stage3path}.DIGESTS"
+if VerifyShaOfStage3 $stage3 "${stage3}.DIGESTS"; then echo "DIGEST sum is okey"; else echo "DIGEST sum is NOT okey"; return 1; fi
+bunzip2 -c ${stage3} | tar --exclude "./etc/hosts" --exclude "./sys/*" -xf -
+/newWorldOrder/busybox rm -f $stage3
 
-# Self destruct
-rm -f /Dockerfile /build.sh
+echo "Installing stage 3"
+/newWorldOrder/busybox rm -rf /lib* /usr /var /bin /sbin /opt /mnt /media /root /home /run /tmp
+/newWorldOrder/busybox cp -fRap lib* /
+/newWorldOrder/busybox cp -fRap bin boot home media mnt opt root run sbin tmp usr var /
+/newWorldOrder/busybox cp -fRap etc/* /etc/
 
-echo "Bootstrapped ${stage3} into /:"
+# Cleaning
+cd /
+/newWorldOrder/busybox rm -rf /newWorldOrder /build.sh /linuxrc
+
+# Say hello
+echo "Bootstrapped ${stage3path} into /:"
 ls --color -lah
+