webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c19f2158e3eef81e4ea9d4597bb6aded1fe4823
bpfire/lfs/initscripts
Peter Müller 9a7e4d8506 Switch checksums from MD5 to BLAKE2 
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.

While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.

Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.

In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
2022-04-02 14:19:25 +00:00

206 lines
9.4 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
# Definitions
###############################################################################
include Config
VER = ipfire
THISAPP = initscripts
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
install : $(TARGET)
check :
download :
b2 :
###############################################################################
# Installation Details
###############################################################################
$(TARGET) :
@$(PREBUILD)
install -d -m 755 /etc/rc.d/rc0.d
install -d -m 755 /etc/rc.d/rc3.d
install -d -m 755 /etc/rc.d/rc6.d
install -d -m 755 /etc/rc.d/rcsysinit.d
install -d -m 755 /etc/rc.d/init.d
install -d -m 755 /etc/rc.d/init.d/networking
install -d -m 755 /etc/rc.d/init.d/networking/red.up
install -d -m 755 /etc/rc.d/init.d/networking/red.down
install -d -m 755 /etc/rc.d/helper
install -d -m 755 /etc/sysconfig
-rm -rf /etc/init.d
ln -svf rc.d/init.d /etc/init.d
# Create default ramdisk configuration
echo "RAMDISK_MODE=0" > /etc/sysconfig/ramdisk
for i in $(DIR_SRC)/src/initscripts/system/*; do \
install -v -m 754 $$i /etc/rc.d/init.d/; \
done
chmod 644 /etc/rc.d/init.d/functions
for i in $(DIR_SRC)/src/initscripts/networking/*; do \
if [ -f $$i ]; then \
install -v -m 754 $$i /etc/rc.d/init.d/networking/; \
fi; \
done
for i in $(DIR_SRC)/src/initscripts/networking/red.up/*; do \
install -v -m 754 $$i /etc/rc.d/init.d/networking/red.up/; \
done
for i in $(DIR_SRC)/src/initscripts/networking/red.down/*; do \
install -v -m 754 $$i /etc/rc.d/init.d/networking/red.down/; \
done
for i in $(DIR_SRC)/src/initscripts/sysconfig/*; do \
install -v -m 644 $$i /etc/sysconfig/; \
done
chmod -v 755 /etc/sysconfig/{firewall,rc}.local
for i in $(DIR_SRC)/src/initscripts/helper/*; do \
install -v -m 755 $$i /etc/rc.d/helper/; \
done
ln -sf ../init.d/sysklogd /etc/rc.d/rc0.d/K90sysklogd
ln -sf ../init.d/sendsignals /etc/rc.d/rc0.d/S60sendsignals
ln -sf ../init.d/localnet /etc/rc.d/rc0.d/S70localnet
ln -sf ../init.d/mountfs /etc/rc.d/rc0.d/S80mountfs
ln -sf ../init.d/swap /etc/rc.d/rc0.d/S90swap
ln -sf ../init.d/halt /etc/rc.d/rc0.d/S99halt
ln -sf ../init.d/sysklogd /etc/rc.d/rc3.d/S10sysklogd
ln -sf ../init.d/smartenabler /etc/rc.d/rc3.d/S19smartenabler
ln -sf ../init.d/messagebus /etc/rc.d/rc3.d/S15messagebus
ln -sf ../init.d/messagebus /etc/rc.d/rc0.d/K85messagebus
ln -sf ../init.d/messagebus /etc/rc.d/rc6.d/K85messagebus
ln -sf ../init.d/cpufreq /etc/rc.d/rc3.d/S18cpufreq
ln -sf ../init.d/sysklogd /etc/rc.d/rc6.d/K90sysklogd
ln -sf ../init.d/sendsignals /etc/rc.d/rc6.d/S60sendsignals
ln -sf ../init.d/mountfs /etc/rc.d/rc6.d/S70mountfs
ln -sf ../init.d/swap /etc/rc.d/rc6.d/S80swap
ln -sf ../init.d/localnet /etc/rc.d/rc6.d/S90localnet
ln -sf ../init.d/reboot /etc/rc.d/rc6.d/S99reboot
ln -sf ../init.d/sshd /etc/rc.d/rc0.d/K30sshd
ln -sf ../init.d/sshd /etc/rc.d/rc3.d/S30sshd
ln -sf ../init.d/sshd /etc/rc.d/rc6.d/K30sshd
ln -sf ../init.d/apache /etc/rc.d/rc0.d/K28apache
ln -sf ../init.d/apache /etc/rc.d/rc3.d/S32apache
ln -sf ../init.d/apache /etc/rc.d/rc6.d/K28apache
ln -sf ../init.d/fcron /etc/rc.d/rc0.d/K08fcron
ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron
ln -sf ../init.d/fcron /etc/rc.d/rc6.d/K08fcron
ln -sf ../init.d/suricata /etc/rc.d/rc0.d/K78suricata
ln -sf ../init.d/suricata /etc/rc.d/rc6.d/K78suricata
ln -sf ../init.d/network /etc/rc.d/rc0.d/K80network
ln -sf ../init.d/network /etc/rc.d/rc3.d/S20network
ln -sf ../init.d/network /etc/rc.d/rc6.d/K80network
ln -sf ../init.d/unbound /etc/rc.d/rc0.d/K86unbound
ln -sf ../init.d/unbound /etc/rc.d/rc3.d/S11unbound
ln -sf ../init.d/unbound /etc/rc.d/rc6.d/K86unbound
ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
ln -sf ../init.d/client175 /etc/rc.d/rc0.d/K34client175
ln -sf ../init.d/client175 /etc/rc.d/rc3.d/S66client175
ln -sf ../init.d/client175 /etc/rc.d/rc6.d/K34client175
ln -sf ../init.d/sslh /etc/rc.d/rc3.d/S98sslh
ln -sf ../init.d/sslh /etc/rc.d/rc0.d/K02sslh
ln -sf ../init.d/sslh /etc/rc.d/rc6.d/K02sslh
ln -sf ../init.d/vdradmin /etc/rc.d/rc3.d/S99vdradmin
ln -sf ../init.d/vdradmin /etc/rc.d/rc0.d/K01vdradmin
ln -sf ../init.d/vdradmin /etc/rc.d/rc6.d/K01vdradmin
ln -sf ../init.d/motion /etc/rc.d/rc3.d/S99motion
ln -sf ../init.d/motion /etc/rc.d/rc0.d/K01motion
ln -sf ../init.d/motion /etc/rc.d/rc6.d/K01motion
ln -sf ../init.d/imspetor /etc/rc.d/rc3.d/S99imspetor
ln -sf ../init.d/imspetor /etc/rc.d/rc0.d/K01imspetor
ln -sf ../init.d/imspetor /etc/rc.d/rc6.d/K01imspetor
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc0.d/K49cyrus-sasl
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc3.d/S24cyrus-sasl
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc6.d/K49cyrus-sasl
ln -sf ../init.d/leds /etc/rc.d/rc0.d/K79leds
ln -sf ../init.d/leds /etc/rc.d/rc3.d/S21leds
ln -sf ../init.d/leds /etc/rc.d/rc6.d/K79leds
ln -sf ../init.d/fireinfo /etc/rc.d/rc3.d/S15fireinfo
ln -sf ../init.d/conntrackd /etc/rc.d/rc0.d/K77conntrackd
ln -sf ../init.d/conntrackd /etc/rc.d/rc3.d/S22conntrackd
ln -sf ../init.d/conntrackd /etc/rc.d/rc6.d/K77conntrackd
ln -sf ../init.d/mountkernfs /etc/rc.d/rcsysinit.d/S00mountkernfs
ln -sf ../init.d/sysctl /etc/rc.d/rcsysinit.d/S01sysctl
ln -sf ../init.d/modules /etc/rc.d/rcsysinit.d/S05modules
ln -sf ../init.d/lvmetad /etc/rc.d/rcsysinit.d/S09lvmetad
ln -sf ../init.d/udev /etc/rc.d/rcsysinit.d/S10udev
ln -sf ../init.d/waitdrives /etc/rc.d/rcsysinit.d/S19waitdrives
ln -sf ../init.d/partresize /etc/rc.d/rcsysinit.d/S25partresize
ln -sf ../init.d/checkfs /etc/rc.d/rcsysinit.d/S30checkfs
ln -sf ../init.d/mountfs /etc/rc.d/rcsysinit.d/S40mountfs
ln -sf ../init.d/swap /etc/rc.d/rcsysinit.d/S41swap
ln -sf ../init.d/fsresize /etc/rc.d/rcsysinit.d/S42fsresize
ln -sf ../init.d/mounttmpfs /etc/rc.d/rcsysinit.d/S43mounttmpfs
ln -sf ../init.d/smt /etc/rc.d/rcsysinit.d/S44smt
ln -sf ../init.d/udev_retry /etc/rc.d/rcsysinit.d/S45udev_retry
ln -sf ../init.d/cleanfs /etc/rc.d/rcsysinit.d/S50cleanfs
ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd
ln -sf ../init.d/random /etc/rc.d/rcsysinit.d/S66random
ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console
ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire
ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init
ln -sf ../init.d/firstsetup /etc/rc.d/rcsysinit.d/S75firstsetup
ln -sf ../init.d/localnet /etc/rc.d/rcsysinit.d/S80localnet
ln -sf ../init.d/firewall /etc/rc.d/rcsysinit.d/S85firewall
ln -sf ../init.d/vnstat /etc/rc.d/rc3.d/S01vnstat
ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat
ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat
ln -sf ../init.d/wlanclient /etc/rc.d/rc0.d/K82wlanclient
ln -sf ../init.d/wlanclient /etc/rc.d/rc3.d/S19wlanclient
ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient
ln -sf ../../../../../usr/local/bin/qosctrl \
/etc/rc.d/init.d/networking/red.up/24-RS-qos
ln -sf ../../squid /etc/rc.d/init.d/networking/red.up/27-RS-squid
for i in green blue orange; do \
ln -sf any /etc/rc.d/init.d/networking/$$i; \
done
# intel intel no swconfig
ifeq "$(BUILD_PLATFORM)" "arm"
ln -sf ../init.d/swconfig /etc/rc.d/rcsysinit.d/S73swconfig
else
rm -vf /etc/rc.d/init.d/swconfig
endif
ln -sf ../init.d/acpid /etc/rc.d/rc3.d/S12acpid
ln -sf ../init.d/acpid /etc/rc.d/rc0.d/K87acpid
ln -sf ../init.d/acpid /etc/rc.d/rc6.d/K87acpid
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink