mirror of
https://github.com/linuxboot/linuxboot
synced 2024-11-21 23:59:59 +00:00
remove heads commandline tools
This commit is contained in:
Trammell hudson
parent
377b9f4f24
commit
e6d9e32bdc
150
bin/cpio-clean
150
bin/cpio-clean
@ -1,150 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
# Clean all non-deterministric fields in a newc cpio file
|
||||
#
|
||||
# Items fixed:
|
||||
# Files are sorted by name
|
||||
# Inode numbers are based on the hash of the filename
|
||||
# File timestamp is set to 1970-01-01T00:00:00
|
||||
# uid/gid are set to root
|
||||
# check field is zeroed
|
||||
# nlinks is set to zero, since the filesystem manages it
|
||||
#
|
||||
use warnings;
|
||||
use strict;
|
||||
use Data::Dumper;
|
||||
use Digest::MD5 'md5_hex';
|
||||
|
||||
# struct cpio_newc_header {
|
||||
# char c_magic[6]; -6
|
||||
# char c_ino[8]; -- set to a monotonic value 0
|
||||
# char c_mode[8]; 8
|
||||
# char c_uid[8]; 16
|
||||
# char c_gid[8]; 24
|
||||
# char c_nlink[8]; 32
|
||||
# char c_mtime[8]; 40 -- set to zero
|
||||
# char c_filesize[8]; 48
|
||||
# char c_devmajor[8]; 56
|
||||
# char c_devminor[8]; 64
|
||||
# char c_rdevmajor[8]; 72
|
||||
# char c_rdevminor[8]; 80
|
||||
# char c_namesize[8]; 88
|
||||
# char c_check[8]; 96
|
||||
# }; // 104
|
||||
# followed by namesize bytes of name (padded to be a multiple of 4)
|
||||
# followed dby filesize bytes of file (padded to be a multiple of 4)
|
||||
|
||||
# Read the entire file at once
|
||||
undef $/;
|
||||
|
||||
# Generate a map of all of the files in the cpio archive
|
||||
# This will also merge multiple cpio files
|
||||
my %entries;
|
||||
my $trailer;
|
||||
|
||||
while(<>)
|
||||
{
|
||||
for(my $i = 0 ; $i < length $_ ; )
|
||||
{
|
||||
my $magic = substr($_, $i, 6);
|
||||
if ($magic ne "070701")
|
||||
{
|
||||
die "$ARGV: offset $i: invalid magic '$magic'\n";
|
||||
}
|
||||
|
||||
my $namesize = substr($_, $i + 6+88, 8);
|
||||
my $filesize = substr($_, $i + 6+48, 8);
|
||||
|
||||
if ($namesize =~ /[^0-9A-Fa-f]/)
|
||||
{
|
||||
die "$ARGV: offset $i: invalid characters in namesize '$namesize'\n";
|
||||
}
|
||||
|
||||
if ($filesize =~ /[^0-9A-Fa-f]/)
|
||||
{
|
||||
die "$ARGV: offset $i: invalid characters in filesize '$filesize'\n";
|
||||
}
|
||||
|
||||
# Convert them to hex
|
||||
$namesize = hex $namesize;
|
||||
$filesize = hex $filesize;
|
||||
|
||||
#print STDERR "name: '$namesize', filesize: '$filesize'\n";
|
||||
|
||||
my $name = substr($_, $i + 6+104, $namesize);
|
||||
#print STDERR Dumper($name);
|
||||
|
||||
# Align the header size to be a multiple of four bytes
|
||||
my $entry_size = (6+104 + $namesize + 3) & ~3;
|
||||
$entry_size += ($filesize + 3) & ~3;
|
||||
|
||||
my $entry = substr($_, $i, $entry_size);
|
||||
$i += $entry_size;
|
||||
|
||||
if ($name =~ /^TRAILER!!!/)
|
||||
{
|
||||
$trailer = $entry;
|
||||
last;
|
||||
}
|
||||
|
||||
$entries{$name} = $entry;
|
||||
}
|
||||
|
||||
die "$ARGV: No trailer!\n" unless $trailer;
|
||||
}
|
||||
|
||||
# Apply the cleaning to each one
|
||||
for my $filename (sort keys %entries)
|
||||
{
|
||||
my $entry = $entries{$filename};
|
||||
my $zero = sprintf "%08x", 0;
|
||||
|
||||
# inodes are hashed to be deterministic
|
||||
# and hopefully not colliding
|
||||
my $md5 = md5_hex($filename);
|
||||
my $d0 = hex substr($md5, 0, 8) ;
|
||||
my $d1 = hex substr($md5, 8, 8) ;
|
||||
my $d2 = hex substr($md5, 16, 8) ;
|
||||
my $d3 = hex substr($md5, 24, 8) ;
|
||||
my $hash = sprintf "%08x", $d0 ^ $d1 ^ $d2 ^ $d3;
|
||||
|
||||
#warn "$filename: $md5 -> $hash\n";
|
||||
substr($entry, 6 + 0, 8) = $hash;
|
||||
|
||||
# set timestamps to zero
|
||||
substr($entry, 6 + 40, 8) = $zero;
|
||||
|
||||
# remove group/user permissions, leaving only
|
||||
# the owner bits intact.
|
||||
my $mode = hex substr($entry, 6 + 8, 8);
|
||||
$mode &= ~0077;
|
||||
#$mode |= $mode >> 3 | $mode >> 6;
|
||||
substr($entry, 6 + 8, 8) = sprintf "%08X", $mode;
|
||||
|
||||
# set uid/gid to zero
|
||||
substr($entry, 6 + 16, 8) = $zero;
|
||||
substr($entry, 6 + 24, 8) = $zero;
|
||||
|
||||
# zero out the nlinks, since it is managed by the real fs
|
||||
substr($entry, 6 + 32, 8) = $zero;
|
||||
|
||||
# set the device major/minor to zero
|
||||
substr($entry, 6 + 56, 8) = $zero;
|
||||
substr($entry, 6 + 64, 8) = $zero;
|
||||
|
||||
# set check to zero
|
||||
substr($entry, 6 + 96, 8) = $zero;
|
||||
|
||||
$entries{$filename} = $entry;
|
||||
}
|
||||
|
||||
|
||||
# Print them in sorted order
|
||||
for my $filename (sort keys %entries)
|
||||
{
|
||||
my $entry = $entries{$filename};
|
||||
print $entry;
|
||||
}
|
||||
|
||||
# Output the trailer to mark the end of the archive
|
||||
print $trailer;
|
||||
__END__
|
||||
104
bin/verity-sign
104
bin/verity-sign
@ -1,104 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
# Generate dm-verity hashes and sign the root hash
|
||||
#
|
||||
# Output looks like
|
||||
#
|
||||
# VERITY header information for hdd.img
|
||||
# UUID: 73532888-a3e9-4f16-a50a-1d03a265b94f
|
||||
# Hash type: 1
|
||||
# Data blocks: 7680
|
||||
# Data block size: 4096
|
||||
# Hash block size: 4096
|
||||
# Hash algorithm: sha256
|
||||
# Salt: 3d0cd593d29715005794c4e1cd5164c14ba6456c3dbd2c6d8a26007c01ca9937
|
||||
# Root hash: 91beda90d7fa1ab92463344966eb56ec9706f4f26063933a86d701a02a961a10
|
||||
#
|
||||
my $usage = <<"";
|
||||
Usage:
|
||||
size=32
|
||||
dd if=/dev/zero of=hdd.img bs=1M count=$size
|
||||
mkfs.ext4 -b 4096 ./hdd.img
|
||||
mkdir /tmp/loop
|
||||
sudo mount -o loop hdd.img /tmp/loop
|
||||
(populate /tmp/loop)
|
||||
sudo umount /tmp/loop
|
||||
veritysetup \
|
||||
--hash-offset $[$size*1024*1024] \
|
||||
--data-blocks $[$size*1024*1024/4096] \
|
||||
format hdd.img hdd.img \
|
||||
| ./verity-sign /dev/sda1 \
|
||||
| gpg --clearsign \
|
||||
| tee hdd.table
|
||||
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
my $dev = shift;
|
||||
|
||||
local $_ = <STDIN>;
|
||||
chomp;
|
||||
|
||||
my ($orig_device) = /^VERITY header information for (.*)/
|
||||
or die "Missing VERITY header\n";
|
||||
|
||||
my %params;
|
||||
|
||||
$dev ||= $orig_device;
|
||||
|
||||
while(<>)
|
||||
{
|
||||
chomp;
|
||||
my ($key,$value) = split /:\s+/;
|
||||
$params{$key} = $value;
|
||||
}
|
||||
|
||||
my @missing;
|
||||
|
||||
|
||||
# All the necessary parameters were in the header, generate
|
||||
# the command to mount the filesystem
|
||||
my $data_blocks = $params{'Data blocks'}
|
||||
or push @missing, 'Data blocks';
|
||||
my $data_block_size = $params{'Data block size'}
|
||||
or push @missing, 'Data block size';
|
||||
my $hash_block_size = $params{'Hash block size'}
|
||||
or push @missing, 'Hash block size';
|
||||
my $salt = $params{'Salt'}
|
||||
or push @missing, 'Salt';
|
||||
my $root_hash = $params{'Root hash'}
|
||||
or push @missing, 'Root hash';
|
||||
my $hash_type = $params{'Hash type'}
|
||||
or push @missing, 'Hash type';
|
||||
my $hash_algorithm = $params{'Hash algorithm'}
|
||||
or push @missing, 'Hash algorithm';
|
||||
|
||||
# Check for any missing parameters
|
||||
die "Missing parameter: ", join(', ', @missing), "\n"
|
||||
if @missing;
|
||||
|
||||
# Compute the derived parameters
|
||||
my $data_size = $data_blocks * $data_block_size;
|
||||
my $data_size_512b = $data_size / 512;
|
||||
my $first_hash_block = $data_blocks + 1;
|
||||
|
||||
# The table must be on a single line
|
||||
my $table = sprintf "0 %d verity %d %s %s %d %d %d %d %s %s %s",
|
||||
$data_size_512b,
|
||||
$hash_type,
|
||||
$dev,
|
||||
$dev,
|
||||
$data_block_size,
|
||||
$hash_block_size,
|
||||
$data_blocks,
|
||||
$first_hash_block,
|
||||
$hash_algorithm,
|
||||
$root_hash,
|
||||
$salt,
|
||||
;
|
||||
|
||||
print "dmsetup create --readonly boot --table '$table'\n";
|
||||
print "dmsetup mknodes boot\n";
|
||||
print "mount -o ro /dev/mapper/boot /boot\n";
|
||||
|
||||
__END__
|
||||
Loading…
Reference in New Issue
Block a user