diff --git a/building/build-iso/generate.sh b/building/build-iso/generate.sh index c7142dddd..b22e07d32 100755 --- a/building/build-iso/generate.sh +++ b/building/build-iso/generate.sh @@ -30,10 +30,13 @@ ADMITVER="$(head -n 1 ../build-debs/homeworld-admitclient/debian/changelog | cut cp "../build-debs/binaries/homeworld-apt-setup_${SETUPVER}_amd64.deb" "." cp "../build-debs/binaries/homeworld-admitclient_${ADMITVER}_amd64.deb" "." cp "${ADMISSION_PUBKEY}" admission.pem +./utils/verify-homeworld-repo.py +./utils/fetch-package-from-repo.py homeworld-apt-setup +./utils/fetch-package-from-repo.py homeworld-admitclient echo "ADMISSION_SERVER=\"${ADMISSION_SERVER}\"" >admission.conf cpio -o -H newc -A -F cd/initrd <") + exit(0) + +package_name = sys.argv[1] +print("Looking for: ", package_name) +#package_version = sys.argv[2] +packages_file = open("Packages") +line = packages_file.readline().strip() +escape = 0 +while not line == ("Package: " + package_name) and escape < 2: + if line == "": + escape += 1 + else: + escape = 0 + line = packages_file.readline().strip() + +url = None +while line is not "": + if line.startswith("Filename: "): + line = line.replace("Filename: ", "") + url = repo_url + line + break + line = packages_file.readline().strip() + +if url is None: + print("Unknown Package Name") + exit(1) + +print("Downloading file from url:", url) +subprocess.call(["curl", "-O", url]) +print("Done!") + + + + diff --git a/building/build-iso/utils/verify-homeworld-repo.py b/building/build-iso/utils/verify-homeworld-repo.py new file mode 100755 index 000000000..a196e27ef --- /dev/null +++ b/building/build-iso/utils/verify-homeworld-repo.py @@ -0,0 +1,67 @@ +#!/usr/bin/python3.6 + +import re +import hashlib +import urllib.request +import subprocess + +with urllib.request.urlopen('http://web.mit.edu/hyades/debian/dists/homeworld/Release.gpg') as response: + file = open("Release.gpg", "w") + file.write(response.read().decode('utf-8')) + file.close() + +with urllib.request.urlopen('http://web.mit.edu/hyades/debian/dists/homeworld/Release') as response: + file = open("Release", "w") + file.write(response.read().decode('utf-8')) + file.close() + +gpg_verify_exit_code = subprocess.call(["gpg", "--no-default-keyring", "--keyring", "../../build-debs/homeworld-apt-setup/homeworld-archive-keyring.gpg", + "--verify", "Release.gpg", "Release"]) + +if gpg_verify_exit_code: + print("Failed to verify the Homeworld repo Release file") + exit(1) + +release_file = open('Release', 'r') +engaged = False +sha256_hash = None +for line in release_file: + if line == 'SHA256:\n': + engaged = True + continue + if engaged: + if line[0] == ' ': + line2 = re.sub(r"^(\w+) \d+ ([^ ]+)$", r"\2", line.strip()) + if line2 == 'main/binary-amd64/Packages': + sha256_hash = re.sub(r"^(\w+) \d+ ([^ ]+)$", r"\1", line.strip()) + print('Found Packages SHA-256 Hash:', sha256_hash) + else: + engaged = False + break +release_file.close() + +if sha256_hash is None: + print("Failed to extract SHA-256 Hash for Homeworld's repo Packages. Aborting...") + exit(1) + +Packages = None +with urllib.request.urlopen('http://web.mit.edu/hyades/debian/dists/homeworld/main/binary-amd64/Packages') as response: + Packages = response.read() + +if Packages is None: + print("Failed to fetch Homeworld's Packages file from repo. Aborting...") + exit(1) + +packages_hash = hashlib.sha256(Packages).hexdigest() +if not packages_hash == sha256_hash: + print("Packages file verification failed. Aborting...") + exit(1) +else: + print("Verified Packages file from repo") + +packages_file = open("Packages", "w") +packages_file.write(Packages.decode('utf-8')) +packages_file.close() + +print("Packages file saved as Packages.") +print("Done!") \ No newline at end of file