admin: Error out if we see malformed or mismatched checksums for /boot

The kernel/initramfs both need to end in -SHA256 and match.
2024-10-26 17:25:36 +03:00 · 2013-08-30 18:10:35 -04:00 · 2013-08-30 18:10:35 -04:00 · 72a8f41ad4
commit 72a8f41ad4
parent 23e2593b6d
1 changed files with 34 additions and 4 deletions
--- a/src/ostree/ot-admin-deploy.c
+++ b/src/ostree/ot-admin-deploy.c
@ -376,6 +376,8 @@ get_kernel_from_tree (GFile         *deployroot,
  gs_unref_object GFileEnumerator *dir_enum = NULL;
  gs_unref_object GFile *ret_kernel = NULL;
  gs_unref_object GFile *ret_initramfs = NULL;
+  gs_free char *kernel_checksum = NULL;
+  gs_free char *initramfs_checksum = NULL;

  dir_enum = g_file_enumerate_children (bootdir, OSTREE_GIO_FAST_QUERYINFO,
                                        G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
@ -395,11 +397,27 @@ get_kernel_from_tree (GFile         *deployroot,
        break;

      name = g_file_info_get_name (file_info);
-
+      
      if (ret_kernel == NULL && g_str_has_prefix (name, "vmlinuz-"))
-        ret_kernel = g_file_get_child (bootdir, name);
+        {
+          const char *dash = strrchr (name, '-');
+          g_assert (dash);
+          if (ostree_validate_structureof_checksum_string (dash + 1, NULL))
+            {
+              kernel_checksum = g_strdup (dash + 1);
+              ret_kernel = g_file_get_child (bootdir, name);
+            }
+        }
      else if (ret_initramfs == NULL && g_str_has_prefix (name, "initramfs-"))
-        ret_initramfs = g_file_get_child (bootdir, name);
+        {
+          const char *dash = strrchr (name, '-');
+          g_assert (dash);
+          if (ostree_validate_structureof_checksum_string (dash + 1, NULL))
+            {
+              initramfs_checksum = g_strdup (dash + 1);
+              ret_initramfs = g_file_get_child (bootdir, name);
+            }
+        }
      
      if (ret_kernel && ret_initramfs)
        break;
@ -408,11 +426,23 @@ get_kernel_from_tree (GFile         *deployroot,
  if (ret_kernel == NULL)
    {
      g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
-                   "Failed to find boot/vmlinuz-CHECKSUM in %s",
+                   "Failed to find boot/vmlinuz-<CHECKSUM> in %s",
                   gs_file_get_path_cached (deployroot));
      goto out;
    }

+  if (ret_initramfs != NULL)
+    {
+      if (strcmp (kernel_checksum, initramfs_checksum) != 0)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
+                       "Mismatched kernel %s checksum vs initrd %s",
+                       gs_file_get_basename_cached (ret_initramfs),
+                       gs_file_get_basename_cached (ret_initramfs));
+          goto out;
+        }
+    }
+
  ot_transfer_out_value (out_kernel, &ret_kernel);
  ot_transfer_out_value (out_initramfs, &ret_initramfs);
  ret = TRUE;