Last active
November 22, 2019 19:50
-
-
Save polymorphm/ba7a1063f19d08f7b2f48bc03425f76b to your computer and use it in GitHub Desktop.
running kernel from a flash; and verifying that boot files are still okay
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| kernel_flash_name='plm-notebook' | |
| boot_path='/boot' | |
| kernel_vmlinuz_file='vmlinuz-linux' | |
| kernel_img_files=('intel-ucode.img' 'amd-ucode.img' 'initramfs-linux.img') | |
| kernel_cmdline="\\kernels\\$kernel_flash_name\\$kernel_vmlinuz_file.efi initrd=\\kernels\\$kernel_flash_name\\intel-ucode.img initrd=\\kernels\\$kernel_flash_name\\amd-ucode.img initrd=\\kernels\\$kernel_flash_name\\initramfs-linux.img root=UUID=6581314d-6709-416e-9c61-166211b7163e rw rootflags=subvol=arch1-root rd.luks.name=e85a4aea-f191-431c-b6f8-93ba70d95d73=root loglevel=3 quiet" | |
| flash_path='/dev/disk/by-id/usb-SanDisk__Cruzer_Fit_4C530000240815113164-0:0' | |
| flash_part_path="$flash_path-part1" | |
| run_path="/run/$kernel_flash_name.kernel-flash" | |
| mnt_path="$run_path/mnt" | |
| efi_shell_file='BOOTX64.EFI' | |
| efi_shell_hash='423bcc767fe4f03ef18fa2423769e9465c11c86c3959d231ab8e7d67181c9ce8 *-' | |
| check_flash_parts () { | |
| echo 'check_flash_parts: ls...' | |
| if [ "x$(ls -1 -- "$flash_path"-part*)" != "x$flash_part_path" ] | |
| then | |
| echo 'check_flash_parts: ls error' 1>&2 | |
| return 1 | |
| fi | |
| } | |
| check_efi_shell () { | |
| echo 'check_efi_shell: sha256sum...' | |
| local mnt_efi_shell_hash="$(sha256sum -b <"$mnt_path/EFI/BOOT/$efi_shell_file")" | |
| if [ "x$mnt_efi_shell_hash" != "x$efi_shell_hash" ] | |
| then | |
| echo "check_efi_shell: sha256sum error: $mnt_efi_shell_hash $efi_shell_hash" 1>&2 | |
| return 1 | |
| fi | |
| } | |
| do_mkdirs () { | |
| echo 'do_mkdirs: mkdir run...' | |
| if ! mkdir -m0700 -- "$run_path" | |
| then | |
| echo 'do_mkdirs: mkdir run error' 1>&2 | |
| return 1 | |
| fi | |
| echo 'do_mkdirs: mkdir mnt...' | |
| if ! mkdir -- "$mnt_path" | |
| then | |
| echo 'do_mkdirs: mkdir mnt error' 1>&2 | |
| return 1 | |
| fi | |
| } | |
| do_rmdirs () { | |
| if [ -d "$mnt_path" ] | |
| then | |
| echo 'do_rmdirs: rmdir mnt...' | |
| if ! rmdir -- "$mnt_path" | |
| then | |
| echo 'do_rmdirs: rmdir mnt error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| if [ -d "$run_path" ] | |
| then | |
| echo 'do_rmdirs: rmdir run...' | |
| if ! rmdir -- "$run_path" | |
| then | |
| echo 'do_rmdirs: rmdir run error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| } | |
| do_mount () { | |
| echo 'do_mount: mount...' | |
| if ! mount -tvfat -- "$flash_part_path" "$mnt_path" | |
| then | |
| echo 'do_mount: mount error' 1>&2 | |
| return 1 | |
| fi | |
| } | |
| do_umount () { | |
| echo 'do_umount: umount...' | |
| if ! umount -- "$mnt_path" | |
| then | |
| echo 'do_umount: umount error' 1>&2 | |
| return 1 | |
| fi | |
| } | |
| do_sync_files () { | |
| if [ ! -d "$mnt_path/kernels" ] | |
| then | |
| echo 'do_sync_files: mkdir kernels...' | |
| if ! mkdir -- "$mnt_path/kernels" | |
| then | |
| echo 'do_sync_files: mkdir kernels error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| if [ -d "$mnt_path/kernels/$kernel_flash_name.new" ] | |
| then | |
| echo 'do_sync_files: rm prev new...' | |
| if ! rm -rf -- "$mnt_path/kernels/$kernel_flash_name.new" | |
| then | |
| echo 'do_sync_files: rm prev new error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| echo 'do_sync_files: mkdir new...' | |
| if ! mkdir -- "$mnt_path/kernels/$kernel_flash_name.new" | |
| then | |
| echo 'do_sync_files: mkdir new error' 1>&2 | |
| return 1 | |
| fi | |
| echo 'do_sync_files: cp vmlinuz...' | |
| if ! cp --no-preserve=timestamps -- "$boot_path/$kernel_vmlinuz_file" \ | |
| "$mnt_path/kernels/$kernel_flash_name.new/$kernel_vmlinuz_file.efi" | |
| then | |
| echo 'do_sync_files: cp vmlinuz error' 1>&2 | |
| return 1 | |
| fi | |
| for kernel_img_file in "${kernel_img_files[@]}" | |
| do | |
| echo "do_sync_files: cp img: $kernel_img_file..." | |
| if ! cp --no-preserve=timestamps -- "$boot_path/$kernel_img_file" \ | |
| "$mnt_path/kernels/$kernel_flash_name.new/$kernel_img_file" | |
| then | |
| echo "do_sync_files: cp img error: $kernel_img_file" 1>&2 | |
| return 1 | |
| fi | |
| done | |
| echo 'do_sync_files: writing nsh...' | |
| if ! echo "$kernel_cmdline" >"$mnt_path/kernels/$kernel_flash_name.new/boot.nsh" | |
| then | |
| echo 'do_sync_files: writing nsh error' 1>&2 | |
| return 1 | |
| fi | |
| echo 'do_sync_files: sha256sum origin boot...' | |
| if ! (cd -- "$boot_path" && find -type f -exec sha256sum -b -- '{}' '+') \ | |
| >"$mnt_path/kernels/$kernel_flash_name.new/origin-boot.sha256" | |
| then | |
| echo 'do_sync_files: sha256sum origin boot error' 1>&2 | |
| return 1 | |
| fi | |
| if [ -d "$mnt_path/kernels/$kernel_flash_name.old" ] | |
| then | |
| echo 'do_sync_files: rm prev old...' | |
| if ! rm -rf -- "$mnt_path/kernels/$kernel_flash_name.old" | |
| then | |
| echo 'do_sync_files: rm prev old error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| if [ -d "$mnt_path/kernels/$kernel_flash_name" ] | |
| then | |
| echo 'do_sync_files: mv curr to old...' | |
| if ! mv -- "$mnt_path/kernels/$kernel_flash_name" "$mnt_path/kernels/$kernel_flash_name.old" | |
| then | |
| echo 'do_sync_files: mv curr to old error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| echo 'do_sync_files: mv new to curr...' | |
| if ! mv -- "$mnt_path/kernels/$kernel_flash_name.new" "$mnt_path/kernels/$kernel_flash_name" | |
| then | |
| echo 'do_sync_files: mv new to curr error' 1>&2 | |
| return 1 | |
| fi | |
| if [ -d "$mnt_path/kernels/$kernel_flash_name.old" ] | |
| then | |
| echo 'do_sync_files: rm old...' | |
| if ! rm -rf -- "$mnt_path/kernels/$kernel_flash_name.old" | |
| then | |
| echo 'do_sync_files: rm old error' 1>&2 | |
| return 1 | |
| fi | |
| fi | |
| } | |
| do_verify_files () { | |
| local rv='0' | |
| echo "do_verify_files: reading nsh..." | |
| if [ "x$(cat "$mnt_path/kernels/$kernel_flash_name/boot.nsh")" != "x$kernel_cmdline" ] | |
| then | |
| echo "do_verify_files: reading nsh error" 1>&2 | |
| rv='1' | |
| fi | |
| echo "do_verify_files: sha256sum vmlinuz..." | |
| local mnt_file_hash="$(sha256sum -b <"$mnt_path/kernels/$kernel_flash_name/$kernel_vmlinuz_file.efi")" | |
| local boot_file_hash="$(sha256sum -b <"$boot_path/$kernel_vmlinuz_file")" | |
| if [ "x$mnt_file_hash" != "x$boot_file_hash" ] | |
| then | |
| echo "do_verify_files: sha256sum vmlinuz error: $mnt_file_hash $boot_file_hash" 1>&2 | |
| rv='1' | |
| fi | |
| for kernel_img_file in "${kernel_img_files[@]}" | |
| do | |
| echo "do_verify_files: sha256sum: $kernel_img_file..." | |
| local mnt_file_hash="$(sha256sum -b <"$mnt_path/kernels/$kernel_flash_name/$kernel_img_file")" | |
| local boot_file_hash="$(sha256sum -b <"$boot_path/$kernel_img_file")" | |
| if [ "x$mnt_file_hash" != "x$boot_file_hash" ] | |
| then | |
| echo "do_verify_files: sha256sum error: $kernel_img_file $mnt_file_hash $boot_file_hash" 1>&2 | |
| rv='1' | |
| fi | |
| done | |
| if [ "x$rv" == 'x0' ] | |
| then | |
| echo 'verification kernel flash successful!' | |
| else | |
| echo 'verification kernel flash failure!' | |
| fi | |
| echo 'do_verify_files: sha256sum checking origin boot...' | |
| if ! (cd -- "$boot_path" && sha256sum -c) \ | |
| <"$mnt_path/kernels/$kernel_flash_name/origin-boot.sha256" | |
| then | |
| echo 'do_verify_files: sha256sum checking origin boot error' 1>&2 | |
| rv='1' | |
| fi | |
| if [ "x$rv" == 'x0' ] | |
| then | |
| echo 'verification kernel flash and origin boot successful!' | |
| else | |
| echo 'verification kernel flash or/and origin boot failure!' | |
| fi | |
| return -- "$rv" | |
| } | |
| do_sync () { | |
| if ! check_flash_parts | |
| then | |
| return 1 | |
| fi | |
| if ! do_mkdirs | |
| then | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_mount | |
| then | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! check_efi_shell | |
| then | |
| do_umount | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_sync_files | |
| then | |
| do_umount | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_umount | |
| then | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_rmdirs | |
| then | |
| return 1 | |
| fi | |
| } | |
| do_verify () { | |
| if ! check_flash_parts | |
| then | |
| return 1 | |
| fi | |
| if ! do_mkdirs | |
| then | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_mount | |
| then | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! check_efi_shell | |
| then | |
| do_umount | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_verify_files | |
| then | |
| do_umount | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_umount | |
| then | |
| do_rmdirs | |
| return 1 | |
| fi | |
| if ! do_rmdirs | |
| then | |
| return 1 | |
| fi | |
| } | |
| if [ "x$(id -u)" != 'x0' ] | |
| then | |
| echo 'error: run the utility as root' 1>&2 | |
| exit 1 | |
| fi | |
| if [ "x$#" == "x1" ] && [ "x$1" == 'xsync' ] | |
| then | |
| do_sync | |
| exit | |
| fi | |
| if [ "x$#" == "x1" ] && [ "x$1" == 'xverify' ] | |
| then | |
| do_verify | |
| exit | |
| fi | |
| echo 'invalid arguments' | |
| exit 2 | |
| # vi:ts=4:sw=4:et |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment