Package: simple-cdd
Version: 0.6.9
Severity: minor
Tags: security
X-Debbugs-Cc: [email protected]
Hi,
When I run md5sum -c md5sum.txt in a mounted iso create by simple-cdd,
I get the following errors:
md5sum -c md5sum.txt
......
md5sum: WARNING: 1 computed checksum did NOT match
then run:
md5sum -c md5sum.txt |grep -v OK
./boot/grub/grub.cfg: FAILED
md5sum: WARNING: 1 computed checksum did NOT match
I find ./boot/grub/grub.cfg is changed.
The last line of ./boot/grub/grub.cfg is:
set timeout=3
The checksum will match after remove this line in ./boot/grub/grub.cfg file.
I had set BOOT_TIMEOUT=3 in my build.conf.
I search simple-cdd source code repo, in tools/build/debian-cd file from line
118:
grubcfg="$TDIR/$CODENAME/CD1/boot/grub/grub.cfg"
if [ -f "$grubcfg" ]; then
if [ -n "$BOOT_TIMEOUT" ]; then
SEC_TIMEOUT=$(( $BOOT_TIMEOUT / 10 ))
echo "set timeout=$SEC_TIMEOUT" >> $grubcfg
fi
The "set timeout=3" line is appended to grub.cfg when BOOT_TIMEOUT is set.
IMHO, the grub.cfg checksum in md5sum.txt should computed again.
This is a little affect about security to iso.
I hope this bug can been fix.
Thanks!
-- System Information:
Release: 12.5.2
Codename: bookworm
Architecture: x86_64
Kernel: Linux 6.8.11-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8),
LANGUAGE=zh_CN:zh
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages simple-cdd depends on:
ii dctrl-tools 2.24-3+b1
ii debian-cd 3.2.1+deb12u1
ii lsb-release 12.0-1
ii python3 3.11.2-1+b1
ii python3-simple-cdd 0.6.9
ii reprepro 5.3.1-1+deb12u1
ii rsync 3.2.7-1
ii wget 1.21.3-1+b2
Versions of packages simple-cdd recommends:
ii dose-distcheck 7.0.0-1+b2
Versions of packages simple-cdd suggests:
pn qemu-system | qemu-kvm <none>
-- no debconf information