[OpenWrt-Devel] [PATCH] [generic] Checksum for all files inside package
Michal Hrusecky
michal.hrusecky at nic.cz
Thu May 5 04:58:57 EDT 2016
This patch introduces possibility to have checksums of all files installed from
packages calculated on build and be part of the package metadata. It could be
useful to verify everything installed properly and that there are no errors on
the storage.
Signed-off-by: Michal Hrusecky <Michal.Hrusecky at nic.cz>
---
config/Config-build.in | 9 +++
include/package-ipkg.mk | 5 ++
package/base-files/Makefile | 3 +
package/base-files/files/sbin/pkg_check | 130 ++++++++++++++++++++++++++++++++
4 files changed, 147 insertions(+)
create mode 100755 package/base-files/files/sbin/pkg_check
diff --git a/config/Config-build.in b/config/Config-build.in
index 5ad940b..dd94fc5 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -55,6 +55,15 @@ menu "Global build settings"
This removes all ipkg/opkg status data files from the target directory
before building the root filesystem.
+ config FILES_MD5_SUM
+ bool
+ prompt "Provide checksums for all installed files"
+ default n
+ help
+ Enables computation of md5 checksums for all files that are part of
+ package. Can be used to verify that filesystem is intact and all
+ files were correctly installed.
+
config COLLECT_KERNEL_DEBUG
bool
prompt "Collect kernel debug information"
diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index eb4c874..b3a0d6f 100644
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
@@ -187,6 +187,11 @@ $(_endef)
$(CheckDependencies)
$(RSTRIP) $$(IDIR_$(1))
+ if [ "$$(CONFIG_FILES_MD5_SUM)" = "y" ]; then \
+ (cd $$(IDIR_$(1)); \
+ find . -type f \! -path ./CONTROL/\* -exec md5sum \{\} \; | \
+ sed 's|\([[:blank:]]\)\./|\1/|' > $$(IDIR_$(1))/CONTROL/files-md5sum ) \
+ fi
(cd $$(IDIR_$(1))/CONTROL; \
( \
echo "$$$$CONTROL"; \
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 8bb6225..7e0e96f 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -180,6 +180,9 @@ define Package/base-files/install
echo "$$$${conffile##$(1)}" >> $(1)/CONTROL/conffiles; \
fi \
done
+ ifneq ($(CONFIG_FILES_MD5_SUM),y)
+ rm $(1)/sbin/pkg_check
+ endif
endef
ifneq ($(DUMP),1)
diff --git a/package/base-files/files/sbin/pkg_check b/package/base-files/files/sbin/pkg_check
new file mode 100755
index 0000000..5dadb3f
--- /dev/null
+++ b/package/base-files/files/sbin/pkg_check
@@ -0,0 +1,130 @@
+#!/bin/sh
+#
+# Package checksums checking script
+# (C) 2016 CZ.NIC, z.s.p.o.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+ERRFATAL="no"
+QUIET="yes"
+MISSING=""
+SUMMARY=""
+NL="
+"
+
+# Arguments parsing
+while expr "x$1" : "x-" > /dev/null; do
+ if [ "x$1" = "x-s" ]; then
+ ERRFATAL="yes"
+ shift
+ elif [ "x$1" = "x-v" ]; then
+ QUIET=" no"
+ shift
+ else
+ echo "Usage: $(basename $0) [-s] [-v] [pkg1 pkg2 ...]"
+ echo
+ echo " -s Stop on first change"
+ echo " -v Verbose"
+ if [ "x$1" = "x-h" ]; then
+ exit 0
+ else
+ echo
+ echo "ERROR: Unknown option '$1'"
+ exit 1
+ fi
+ fi
+done
+
+# Check all packages by default
+if [ -z "$1" ]; then
+ set $(cd /usr/lib/opkg/info/; for i in *.files-md5sum; do basename $i .files-md5sum; done)
+fi
+
+# Iterate over packages
+while [ "$1" ]; do
+ if [ \! -f "/usr/lib/opkg/info/$1.files-md5sum" ]; then
+ if [ "$ERRFATAL" = no ]; then
+ echo " * No checksums for $1 - skipping"
+ echo
+ else
+ echo " * No checksums for $1 - exiting"
+ exit 1
+ fi
+ if [ -z "$MISSING" ]; then
+ MISSING="$1"
+ else
+ MISSING="$MISSING, $1"
+ fi
+ shift
+ continue
+ fi
+ [ $QUIET = yes ] || echo " * Checking package $1:"
+ ERR=""
+ CHECK="`md5sum -c /usr/lib/opkg/info/$1.files-md5sum 2> /dev/null`"
+
+ # Are the changed files config files?
+ if [ $? -ne 0 ] && [ "`cat "/usr/lib/opkg/info/$1.files-md5sum"`" ]; then
+ NEWCHECK="`echo "$CHECK" | grep '^.*: OK$'`"
+ for i in `echo "$CHECK" | sed -n 's|^\(.*\): FAILED$|\1|p'`; do
+ if [ "`grep "^$i\$" "/usr/lib/opkg/info/$1.conffiles" 2> /dev/null`" ] || \
+ [ "`echo "$i" | grep "^/etc/uci-defaults/"`" ]; then
+ NEWCHECK="${NEWCHECK}${NL}${i}: CONFIGURED"
+ else
+ NEWCHECK="${NEWCHECK}${NL}${i}: FAILED"
+ ERR="y"
+ fi
+ done
+ CHECK="$NEWCHECK"
+ fi
+
+ # Do we have changed files or not?
+ if [ -z "$ERR" ]; then
+ [ $QUIET = yes ] || [ -z "`cat "/usr/lib/opkg/info/$1.files-md5sum"`" ] || echo "$CHECK" | sed 's|^| - |'
+ [ $QUIET = yes ] || echo " * Package $1 is ok"
+ [ $QUIET = yes ] || echo
+ else
+ if [ $QUIET = yes ]; then
+ echo " * Changes found in package $1:"
+ echo "$CHECK" | sed -n 's|^\(.*:[[:blank:]]*FAILED\)$| - \1|p'
+ else
+ echo "$CHECK" | sed 's|^| - |'
+ echo " * Changes found in package $1!"
+ fi
+ if [ "$ERRFATAL" = yes ]; then
+ echo
+ echo "Exiting on first change found!"
+ exit 1
+ fi
+ for i in `echo "$CHECK" | sed -n 's|^\(.*\): FAILED$|\1|p'`; do
+ SUMMARY="${SUMMARY}${NL} - $1: $i"
+ done
+ echo
+ fi
+ shift
+done
+
+# If there are changed files, report them
+if [ "$SUMMARY" ]; then
+ echo "Some packages contain changed files!"
+ echo "Maybe something worth looking into?"
+ echo "Here is the list of packages and changed files:"
+ echo "$SUMMARY"
+fi
+if [ "$MISSING" ]; then
+ echo "Following packages are missing checksums: $MISSING"
+fi
+if [ "$MISSING" ] || [ "$SUMMARY" ]; then
+ exit 1
+fi
--
2.8.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list