Verify Ubuntu Cloud Images using SHA256SUMS
Relies on https://cloud-images.ubuntu.com being served by a cert signed by one of the CA's trusted by the build host. Change-Id: I690b755acca54789110c2c8fa723c8b87b2485c9
This commit is contained in:
parent
0bbea74583
commit
b2314243c6
@ -10,12 +10,17 @@ IMG_PATH=~/.cache/image-create
|
|||||||
CLOUD_IMAGES=${CLOUD_IMAGES:-http://cloud-images.ubuntu.com/}
|
CLOUD_IMAGES=${CLOUD_IMAGES:-http://cloud-images.ubuntu.com/}
|
||||||
RELEASE=${RELEASE:-quantal}
|
RELEASE=${RELEASE:-quantal}
|
||||||
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-$RELEASE-server-cloudimg-$ARCH-root.tar.gz}
|
BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-$RELEASE-server-cloudimg-$ARCH-root.tar.gz}
|
||||||
|
SHA256SUMS=${SHA256SUMS:-https://cloud-images.ubuntu.com/$RELEASE/current/SHA256SUMS}
|
||||||
|
|
||||||
mkdir -p $IMG_PATH
|
mkdir -p $IMG_PATH
|
||||||
# TODO: don't cache -current forever.
|
# TODO: don't cache -current forever.
|
||||||
if [ ! -f $IMG_PATH/$BASE_IMAGE_FILE ] ; then
|
if [ ! -f $IMG_PATH/$BASE_IMAGE_FILE ] ; then
|
||||||
echo "Fetching Base Image"
|
echo "Fetching Base Image"
|
||||||
wget $CLOUD_IMAGES/$RELEASE/current/$BASE_IMAGE_FILE -O $IMG_PATH/$BASE_IMAGE_FILE.tmp
|
wget $CLOUD_IMAGES/$RELEASE/current/$BASE_IMAGE_FILE -O $IMG_PATH/$BASE_IMAGE_FILE.tmp
|
||||||
|
wget $SHA256SUMS -O $IMG_PATH/SHA256SUMS
|
||||||
|
pushd $IMG_PATH
|
||||||
|
awk "/$BASE_IMAGE_FILE/ { print \$0 \".tmp\" }" SHA256SUMS | sha256sum --check -
|
||||||
|
popd
|
||||||
mv $IMG_PATH/$BASE_IMAGE_FILE.tmp $IMG_PATH/$BASE_IMAGE_FILE
|
mv $IMG_PATH/$BASE_IMAGE_FILE.tmp $IMG_PATH/$BASE_IMAGE_FILE
|
||||||
fi
|
fi
|
||||||
# Extract the base image
|
# Extract the base image
|
||||||
|
Loading…
Reference in New Issue
Block a user