This patch introduces possibility to have checksums of all files installed from packages calculated on build and be part of the package metadata. It could be useful to verify everything installed properly and that there are no errors on the storage.
Signed-off-by: Michal Hrusecky <michal.hruse...@nic.cz> --- config/Config-build.in | 9 +++ include/package-ipkg.mk | 5 ++ package/base-files/Makefile | 3 + package/base-files/files/sbin/pkg_check | 130 ++++++++++++++++++++++++++++++++ 4 files changed, 147 insertions(+) create mode 100755 package/base-files/files/sbin/pkg_check diff --git a/config/Config-build.in b/config/Config-build.in index 5ad940b..dd94fc5 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -55,6 +55,15 @@ menu "Global build settings" This removes all ipkg/opkg status data files from the target directory before building the root filesystem. + config FILES_MD5_SUM + bool + prompt "Provide checksums for all installed files" + default n + help + Enables computation of md5 checksums for all files that are part of + package. Can be used to verify that filesystem is intact and all + files were correctly installed. + config COLLECT_KERNEL_DEBUG bool prompt "Collect kernel debug information" diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk index eb4c874..b3a0d6f 100644 --- a/include/package-ipkg.mk +++ b/include/package-ipkg.mk @@ -187,6 +187,11 @@ $(_endef) $(CheckDependencies) $(RSTRIP) $$(IDIR_$(1)) + if [ "$$(CONFIG_FILES_MD5_SUM)" = "y" ]; then \ + (cd $$(IDIR_$(1)); \ + find . -type f \! -path ./CONTROL/\* -exec md5sum \{\} \; | \ + sed 's|\([[:blank:]]\)\./|\1/|' > $$(IDIR_$(1))/CONTROL/files-md5sum ) \ + fi (cd $$(IDIR_$(1))/CONTROL; \ ( \ echo "$$$$CONTROL"; \ diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 8bb6225..7e0e96f 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -180,6 +180,9 @@ define Package/base-files/install echo "$$$${conffile##$(1)}" >> $(1)/CONTROL/conffiles; \ fi \ done + ifneq ($(CONFIG_FILES_MD5_SUM),y) + rm $(1)/sbin/pkg_check + endif endef ifneq ($(DUMP),1) diff --git a/package/base-files/files/sbin/pkg_check b/package/base-files/files/sbin/pkg_check new file mode 100755 index 0000000..5dadb3f --- /dev/null +++ b/package/base-files/files/sbin/pkg_check @@ -0,0 +1,130 @@ +#!/bin/sh +# +# Package checksums checking script +# (C) 2016 CZ.NIC, z.s.p.o. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +ERRFATAL="no" +QUIET="yes" +MISSING="" +SUMMARY="" +NL=" +" + +# Arguments parsing +while expr "x$1" : "x-" > /dev/null; do + if [ "x$1" = "x-s" ]; then + ERRFATAL="yes" + shift + elif [ "x$1" = "x-v" ]; then + QUIET=" no" + shift + else + echo "Usage: $(basename $0) [-s] [-v] [pkg1 pkg2 ...]" + echo + echo " -s Stop on first change" + echo " -v Verbose" + if [ "x$1" = "x-h" ]; then + exit 0 + else + echo + echo "ERROR: Unknown option '$1'" + exit 1 + fi + fi +done + +# Check all packages by default +if [ -z "$1" ]; then + set $(cd /usr/lib/opkg/info/; for i in *.files-md5sum; do basename $i .files-md5sum; done) +fi + +# Iterate over packages +while [ "$1" ]; do + if [ \! -f "/usr/lib/opkg/info/$1.files-md5sum" ]; then + if [ "$ERRFATAL" = no ]; then + echo " * No checksums for $1 - skipping" + echo + else + echo " * No checksums for $1 - exiting" + exit 1 + fi + if [ -z "$MISSING" ]; then + MISSING="$1" + else + MISSING="$MISSING, $1" + fi + shift + continue + fi + [ $QUIET = yes ] || echo " * Checking package $1:" + ERR="" + CHECK="`md5sum -c /usr/lib/opkg/info/$1.files-md5sum 2> /dev/null`" + + # Are the changed files config files? + if [ $? -ne 0 ] && [ "`cat "/usr/lib/opkg/info/$1.files-md5sum"`" ]; then + NEWCHECK="`echo "$CHECK" | grep '^.*: OK$'`" + for i in `echo "$CHECK" | sed -n 's|^\(.*\): FAILED$|\1|p'`; do + if [ "`grep "^$i\$" "/usr/lib/opkg/info/$1.conffiles" 2> /dev/null`" ] || \ + [ "`echo "$i" | grep "^/etc/uci-defaults/"`" ]; then + NEWCHECK="${NEWCHECK}${NL}${i}: CONFIGURED" + else + NEWCHECK="${NEWCHECK}${NL}${i}: FAILED" + ERR="y" + fi + done + CHECK="$NEWCHECK" + fi + + # Do we have changed files or not? + if [ -z "$ERR" ]; then + [ $QUIET = yes ] || [ -z "`cat "/usr/lib/opkg/info/$1.files-md5sum"`" ] || echo "$CHECK" | sed 's|^| - |' + [ $QUIET = yes ] || echo " * Package $1 is ok" + [ $QUIET = yes ] || echo + else + if [ $QUIET = yes ]; then + echo " * Changes found in package $1:" + echo "$CHECK" | sed -n 's|^\(.*:[[:blank:]]*FAILED\)$| - \1|p' + else + echo "$CHECK" | sed 's|^| - |' + echo " * Changes found in package $1!" + fi + if [ "$ERRFATAL" = yes ]; then + echo + echo "Exiting on first change found!" + exit 1 + fi + for i in `echo "$CHECK" | sed -n 's|^\(.*\): FAILED$|\1|p'`; do + SUMMARY="${SUMMARY}${NL} - $1: $i" + done + echo + fi + shift +done + +# If there are changed files, report them +if [ "$SUMMARY" ]; then + echo "Some packages contain changed files!" + echo "Maybe something worth looking into?" + echo "Here is the list of packages and changed files:" + echo "$SUMMARY" +fi +if [ "$MISSING" ]; then + echo "Following packages are missing checksums: $MISSING" +fi +if [ "$MISSING" ] || [ "$SUMMARY" ]; then + exit 1 +fi -- 2.8.1 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel