Created
March 31, 2017 22:51
-
-
Save jpouellet/abe5cf438267afffc851a1a11d8be8f0 to your computer and use it in GitHub Desktop.
qubes-rpc service to write image to USB stick & return hash of contents actually written
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $# -eq 0 ]; then | |
| dev=/dev/sda | |
| else | |
| # Protected by arg-specific qubes-rpc policy. | |
| dev=/dev/"$1" | |
| fi | |
| if ! [ -b "$dev" ]; then | |
| echo "${0##*/}: $dev: No such block device" >&2 | |
| exit 1 | |
| fi | |
| # Keep track of exactly how much we wrote to know where to stop reading later. | |
| len=$(sudo tee -- "$dev" | wc -c) | |
| echo "${0##*/}: Done writing $len bytes to $dev. Verifying..." >&2 | |
| # Read it back from actual media, only once, passing it to all checksums. | |
| # Wait for all hashes to be done, and guarantee consistent ordering. | |
| sudo head -c "$len" -- "$dev" | ( | |
| tee >(sha1sum --tag) >(sha256sum --tag) > >(sha512sum --tag) | |
| ) | sort |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The purpose of the hash is not so much for image verification (it should already be trusted before you decide to write it), but rather to detect when you have failing (or perhaps malicious?) media.