From patchwork Thu Sep 5 03:16:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Edgecumbe X-Patchwork-Id: 1212 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id 3922312FEA886 for ; Thu, 5 Sep 2019 03:16:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on apollo X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=DKIM_INVALID=1, DKIM_SIGNED=0.1,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001 autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-BL-Results: [127.0.9.2] Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Thu, 5 Sep 2019 03:16:52 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id EE2C415298F2DC; Thu, 5 Sep 2019 03:16:49 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS; Thu, 5 Sep 2019 03:16:49 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id D13542C264; Thu, 5 Sep 2019 03:16:49 +0000 (UTC) Authentication-Results: luna.archlinux.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=esotericnonsense.com header.i=@esotericnonsense.com header.b=KCSu2dOw; dkim=fail reason="signature verification failed" (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=rkuxRUMb Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 31D272C25D for ; Thu, 5 Sep 2019 03:16:46 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by luna.archlinux.org (Postfix) with ESMTPS for ; Thu, 5 Sep 2019 03:16:46 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 2DD9215298F2D9 for ; Thu, 5 Sep 2019 03:16:42 +0000 (UTC) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS for ; Thu, 5 Sep 2019 03:16:41 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 107CD21CFD; Wed, 4 Sep 2019 23:16:41 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Wed, 04 Sep 2019 23:16:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= esotericnonsense.com; h=from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; s=fm1; bh=9G23+lvznlwmk tuLKPD4GkHLFOBAo9d6G/KnAxQBfgc=; b=KCSu2dOwuHVIW2M3CdGcwTLSP12m9 XKJn/Nlncsq7vC/sjCLoZquE+tLXSnqVYFsIwjfy3JkUaVO9aF/MWipZmp5liSXG u2LeNp8XQNGOxpPxbRfTpE+DaRvZY19uk2AhmR0HDgZ6EmVzDocjtH/BjGZZa2zj y1qad317P5di0FA6vkDtQYhy9VntIU5wAx2xzC0f3nQDrKB510jFDVrd4Emgoqoy GSdiSqPgik5ye8XYybvFxQZjhB/1KbLwR/lMzGnNJGVLFC9vfgHwfDbs8SeiZ5ZB Lk3DiQleLDDVrKd+NcckhNxxZ3Ygvg0IpxGl2g5tJxkAQ3ujHItXLWFIw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9G23+lvznlwmktuLK PD4GkHLFOBAo9d6G/KnAxQBfgc=; b=rkuxRUMbT3hMKOY2FQoDbnXrIllqXTlkb aLBVoG7YvN9XipcdwZMrJn/pkFjG2HNYeAnaYG/cnUl2NXv0V2fgE4bIZ5BxoDOm wmin1MTyRl/sfyeVJsWcld8SZBQzHfg6dkTlgla0DxXunthyzDp6Z1743774kzW6 qfM41vHr9SnFPngkeyfDUpr0Ykxi27kfv8Wm72PQNc4ZbV39s0Q7KslEWIdUn2xw L6S1XuKBUr5b7aSUuk7KakAj6WCoZ7E2II8jhLgh7BB4DYaLkPPC+vWLwWZhiPNz q1kOen07fWO0vpMjB66ctYhFnhAAvLoVwetN4Vir1LehkgJE7/27A== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudejiedgieekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepffgrnhhivghlucfgughgvggtuhhmsggvuceoghhithesvghsohht vghrihgtnhhonhhsvghnshgvrdgtohhmqeenucffohhmrghinhepghhithhhuhgsuhhsvg hrtghonhhtvghnthdrtghomhenucfkphepudefledrudeivddrudefuddrvdefjeenucfr rghrrghmpehmrghilhhfrhhomhepvghmrghilhesvghsohhtvghrihgtnhhonhhsvghnsh gvrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost.localdomain (test.electronrelocation.com [139.162.131.237]) by mail.messagingengine.com (Postfix) with ESMTPA id E99AD8005A; Wed, 4 Sep 2019 23:16:39 -0400 (EDT) From: Daniel Edgecumbe To: arch-releng@archlinux.org Date: Thu, 5 Sep 2019 04:16:34 +0100 Message-Id: <20190905031634.14340-1-git@esotericnonsense.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Subject: [arch-releng] [PATCH] [configs/releng] Add sha256sums for TianoCore efi downloads X-BeenThere: arch-releng@archlinux.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Arch Linux Release Engineering List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Arch Linux Release Engineering Cc: Daniel Edgecumbe Errors-To: arch-releng-bounces@archlinux.org Sender: "arch-releng" We should be integrity checking these downloads. This will also aid in future reproducibility efforts as the build will bomb out early in case of failure. Signed-off-by: Daniel Edgecumbe --- configs/releng/build.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 659e8de..857e01d 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -168,9 +168,14 @@ make_efi() { ${script_path}/efiboot/loader/entries/archiso-x86_64-usb.conf > ${work_dir}/iso/loader/entries/archiso-x86_64.conf # EFI Shell 2.0 for UEFI 2.3+ - curl -o ${work_dir}/iso/EFI/shellx64_v2.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi + echo "Downloading shellx64_v2.efi..." + curl -sSo ${work_dir}/iso/EFI/shellx64_v2.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi + echo "04c89f19efee2a22660fd4650ff9add88e962d102b1b713e535f4e32a07c5185 ${work_dir}/iso/EFI/shellx64_v2.efi" | sha256sum -c > /dev/null + # EFI Shell 1.0 for non UEFI 2.3+ - curl -o ${work_dir}/iso/EFI/shellx64_v1.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/FullShell/X64/Shell_Full.efi + echo "Downloading shellx64_v1.efi..." + curl -sSo ${work_dir}/iso/EFI/shellx64_v1.efi https://raw.githubusercontent.com/tianocore/edk2/UDK2018/EdkShellBinPkg/FullShell/X64/Shell_Full.efi + echo "ea5e763a8a5f9733dbf7c33ffa16a19e078c6af635b51d8457bc377a22106a8c ${work_dir}/iso/EFI/shellx64_v1.efi" | sha256sum -c > /dev/null } # Prepare efiboot.img::/EFI for "El Torito" EFI boot mode