Verifying md5 of installed deb packages with debsums (#3955)

* Typo in packaga name * WIP: Test for packages integrity just before closing images * Working debsum check * Dialog is not needed * Optimisations - uninstall debsums as we don't need it later on * Cosmetics Assuming this is related to both Ubuntu and Debian Co-authored-by: Werner <EvilOlaf@users.noreply.github.com>
2022-07-09 11:36:52 +02:00 · 2022-07-09 11:36:52 +02:00 · 047a2447f6
commit 047a2447f6
parent 7466687a77
11 changed files with 18 additions and 0 deletions
--- a/config/cli/bullseye/debootstrap/packages
+++ b/config/cli/bullseye/debootstrap/packages
@ -7,6 +7,7 @@ crda
 cron
 dbus
 dbus-user-session
+debsums
 dmsetup
 fdisk
 gnupg
--- a/config/cli/bullseye/main/packages.uninstall
+++ b/config/cli/bullseye/main/packages.uninstall
@ -0,0 +1 @@
+debsums
--- a/config/cli/buster/debootstrap/packages
+++ b/config/cli/buster/debootstrap/packages
@ -6,6 +6,7 @@ cpio
 cron
 dbus
 dbus-user-session
+debsums
 dmsetup
 fdisk
 gnupg
--- a/config/cli/buster/main/packages.uninstall
+++ b/config/cli/buster/main/packages.uninstall
@ -0,0 +1 @@
+debsums
--- a/config/cli/focal/debootstrap/packages
+++ b/config/cli/focal/debootstrap/packages
@ -7,6 +7,7 @@ crda
 cron
 dbus
 dbus-user-session
+debsums
 dmsetup
 fdisk
 gnupg
--- a/config/cli/focal/main/packages.uninstall
+++ b/config/cli/focal/main/packages.uninstall
@ -0,0 +1 @@
+debsums
--- a/config/cli/jammy/debootstrap/packages
+++ b/config/cli/jammy/debootstrap/packages
@ -6,6 +6,7 @@ cpio
 cron
 dbus
 dbus-user-session
+debsums
 dmsetup
 fdisk
 gnupg
--- a/config/cli/jammy/main/packages.uninstall
+++ b/config/cli/jammy/main/packages.uninstall
@ -0,0 +1 @@
+debsums
--- a/config/cli/sid/debootstrap/packages
+++ b/config/cli/sid/debootstrap/packages
@ -6,6 +6,7 @@ cpio
 cron
 dbus
 dbus-user-session
+debsums
 dmsetup
 fdisk
 gnupg
--- a/config/cli/sid/main/packages.uninstall
+++ b/config/cli/sid/main/packages.uninstall
@ -0,0 +1 @@
+debsums
--- a/lib/debootstrap.sh
+++ b/lib/debootstrap.sh
@ -334,6 +334,14 @@ create_rootfs_cache()
 			[[ ${EVALPIPE[0]} -ne 0 ]] && exit_with_error "Installation of Armbian desktop packages for ${BRANCH} ${BOARD} ${RELEASE} ${DESKTOP_APPGROUPS_SELECTED} ${DESKTOP_ENVIRONMENT} ${BUILD_MINIMAL} failed"
 		fi

+		# stage: check md5 sum of installed packages. Just in case.
+		display_alert "Check MD5 sum of installed packages" "info"
+		eval "LC_ALL=C LANG=C sudo chroot $SDCARD /bin/bash -e -c 'dpkg-query -f "'\${binary:Package}\\n'" -W | xargs debsums'" \
+			${PROGRESS_LOG_TO_FILE:+' | tee -a $DEST/${LOG_SUBPATH}/debootstrap.log'} \
+			${OUTPUT_VERYSILENT:+' >/dev/null 2>/dev/null'} ';EVALPIPE=(${PIPESTATUS[@]})'
+
+		[[ ${EVALPIPE[0]} -ne 0 ]] && exit_with_error "MD5 sums check of installed packages failed"
+
 		# Remove packages from packages.uninstall

 		display_alert "Uninstall packages" "$PACKAGE_LIST_UNINSTALL" "info"