Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bootiso should automatically detect shaX and md5 files to check sums against ISO #16

Closed
jsamr opened this issue Jul 12, 2018 · 7 comments
Closed

Bootiso should automatically detect shaX and md5 files to check sums against ISO #16

jsamr opened this issue Jul 12, 2018 · 7 comments
Labels
safety scheduled-feature New feature or request
Milestone
v4.0.0

Comments

@jsamr
Copy link
Owner

jsamr commented Jul 12, 2018

No description provided.

@jsamr jsamr added the scheduled-feature New feature or request label Jul 12, 2018
@jsamr jsamr added this to the v3.2.0 milestone Jul 12, 2018
@jsamr jsamr changed the title Automatically detect shaX and md5 files to check sums against ISO Bootiso should automatically detect shaX and md5 files to check sums against ISO Jul 14, 2018
@jsamr jsamr added the safety label Aug 6, 2018
@jsamr jsamr modified the milestones: v3.2.0, v3.3.0 Jan 27, 2019
@SibrenVasse
Copy link
Contributor

I've made an implementation which looks in the directory of the ISO for the files:
md5sums*
MD5SUMS*
sha1sums*
SHA1SUMS*
sha256sums*
SHA256sums*
$filename.md5
$filename.sha1
$filename.sha256
$filename.sha512

Is that everything?

@jsamr
Copy link
Owner Author

jsamr commented Jan 31, 2019
edited
Loading

@SibrenVasse Thanks Sibren!

I think it's a de facto standard to use $filename.{ext}
I would go for

$filename.md5
$filename.sha1
$filename.sha256
$filename.sha512

and eventually add a flag such as --check-file-hash (...).{ext} for exotic names.

EDIT: I don't know other popular hash algorithms in this use case, but we can of course stay open to extension in the future

@SibrenVasse
Copy link
Contributor

I also wanted to support hashfiles provided by distros. Debian does it like this:
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
and arch like this:
https://mirrors.evowise.com/archlinux/iso/2019.01.01/
Or do you only want to support the $filename.$hash files?

Thus far, I've got these flags:
--no-hash-check) disable hash checking altogether
--force-hash-check) fail if no valid hash is found

Maybe --hash-file would be a nice flag name for the extra file to check?

@jsamr
Copy link
Owner Author

jsamr commented Jan 31, 2019

Maybe --hash-file would be a nice flag name for the extra file to check?

Definitly.

To understand your implementation schedule, what do you plan to do when a check fails while he hasn't used any related flag; prompt the user with an error?

The issue with a md5sums.txt file hanging in a directory is that we have no clue it is related to the ISO... So I am reluctant to automate anything that isn't predictable.

I would eventually accept the following flows :

Flow I : $filename.$hash exists

  1. if --no-hash-check is not set, automatically check the sum
  2. if the test fails:
    a. if --force-hash-check, failAndExit
    b. else print an echowarn message and prompt the user

Flow II : hash candidate exists (md5sums*)

  1. if --no-hash-check is not set, prompt and ask the user if he wants to check this file
  2. Do I.2

Flow III, --hash-file set

  1. If hash file does not exists, failAndExit
  2. Do I.2

@SibrenVasse
Copy link
Contributor

SibrenVasse commented Jan 31, 2019
edited
Loading

Well the hash files contain the filenames along with the hashes. So we can check if a md5sums* file is relevant to the iso, and only fail if the filename is in there.

So as I've currently implemented it:

Flow I : $filename.$hash exists

  1. if --no-hash-check is not set, automatically check the sum
  2. if the test fails:
    a. if --force-hash-check, failAndExit
    b. else print an echowarn message and prompt the user

Flow II : hash candidate exists (md5sums*)

  1. if --no-hash-check is not set and md5sums* contains filename
  2. Do I.2

Flow III, --hash-file set

  1. If hash file does not exists, failAndExit
  2. Do I.2 for all hash types

Flow IV, --force-hash-check set

  1. After all above flows, no applicable hash is found, failAndExit

If you'd like some changes to this, let me know!

@SibrenVasse
Copy link
Contributor

Also about the dependencies:
{"md5sum", "sha1sum", "sha256sum", "sha512sum"} reside in coreutils on debian and archlinux.
Do we need to add coreutils as a dependency?

@jsamr
Copy link
Owner Author

jsamr commented Jan 31, 2019
edited
Loading

Well the hash files contain the filenames along with the hashes. So we can check if a md5sums* file is relevant to the iso, and only fail if the filename is in there.

So as I've currently implemented it:

Flow I : $filename.$hash exists

1. if --no-hash-check is not set, automatically check the sum

2. if the test fails:
   a. if `--force-hash-check`, failAndExit
   b. else print an echowarn message and prompt the user

Flow II : hash candidate exists (md5sums*)

1. if `--no-hash-check` is not set and md5sums* contains filename

2. Do I.2

Flow III, --hash-file set

1. If hash file does not exists, failAndExit

2. Do I.2 for all hash types

Flow IV, --force-hash-check set

1. After all above flows, no applicable hash is found, failAndExit

If you'd like some changes to this, let me know!

Yes you are absolutely right (guess I've been lazy enough to never open a md5sum file) ; I'm good with these flows.

Also about the dependencies:
{"md5sum", "sha1sum", "sha256sum", "sha512sum"} reside in coreutils on debian and archlinux.
Do we need to add coreutils as a dependency?

yes, please append commandDependencies and commandPackages lists, mapping all the aforementioned utilities to coreutils

@SibrenVasse SibrenVasse mentioned this issue Jan 31, 2019
Closed
jsamr pushed a commit that referenced this issue Apr 4, 2019
@SibrenVasse @jsamr
Implements #16, ISO hash check
9efdcbf 
This commit is a rework from @SibrenVasse pull request #41

- fix a minor bug where ISO check was run twice, before and after sudo
- disable automatic ISO hash check with `--no-hash-check` flag
- exit when hash fails with `--force-hash-check` flag
- explicitly set a hash file with `--hash-file <file>` flag
@jsamr jsamr modified the milestones: v3.3.0, v3.4.0 Apr 4, 2019
@jsamr jsamr closed this as completed Apr 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
safety scheduled-feature New feature or request
Projects
None yet
Milestone
v4.0.0
Development

No branches or pull requests
2 participants
@jsamr @SibrenVasse