vasilito
b9874d0941
Add redbear-usb-storage-check in-guest binary that validates USB mass storage read and write I/O: discovers /scheme/disk/ devices, writes a test pattern to sector 2048, reads it back, verifies match, restores original content. Updates test-usb-storage-qemu.sh with write-proof verification step. Includes all accumulated Red Bear OS work: kernel patches, relibc patches, driver infrastructure, DRM/GPU, KDE recipes, firmware, validation tooling, build system hardening, and documentation.
151 lines
4.5 KiB
Bash
Executable File
151 lines
4.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# verify-sources-archived.sh — Verify release archive integrity.
|
|
#
|
|
# Usage:
|
|
# ./local/scripts/verify-sources-archived.sh --release=0.1.0
|
|
#
|
|
# Checks that BLAKE3SUMS file exists and all archives match.
|
|
# If archives are in sources/<target>/ format, verifies those too.
|
|
# Returns non-zero if any archive is missing or corrupted.
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
RELEASE=""
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: $(basename "$0") --release=<ver>
|
|
|
|
Verify release archive integrity.
|
|
|
|
Options:
|
|
--release=<ver> Release version (e.g., 0.1.0)
|
|
-h, --help Show this help
|
|
EOF
|
|
}
|
|
|
|
while [ $# -gt 0 ]; do
|
|
case "$1" in
|
|
--release=*) RELEASE="${1#*=}" ;;
|
|
-h|--help) usage; exit 0 ;;
|
|
*) echo "Unknown: $1"; usage >&2; exit 1 ;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
if [ -z "$RELEASE" ]; then
|
|
echo "ERROR: --release is required" >&2
|
|
exit 1
|
|
fi
|
|
|
|
ARCHIVE_DIR="$PROJECT_ROOT/sources/redbear-$RELEASE"
|
|
MANIFEST="$ARCHIVE_DIR/manifest.txt"
|
|
|
|
GREEN='\033[1;32m'
|
|
RED='\033[1;31m'
|
|
NC='\033[0m'
|
|
|
|
pass() { echo -e "${GREEN}PASS${NC}: $*"; }
|
|
fail() { echo -e "${RED}FAIL${NC}: $*"; }
|
|
|
|
errors=0
|
|
|
|
if [ ! -d "$ARCHIVE_DIR" ]; then
|
|
fail "release directory not found: $ARCHIVE_DIR"
|
|
available=$(ls -1d "$PROJECT_ROOT"/sources/redbear-* 2>/dev/null | xargs -n1 basename | tr '\n' ' ')
|
|
if [ -n "$available" ]; then
|
|
fail "available releases: $available"
|
|
fi
|
|
exit 1
|
|
fi
|
|
|
|
# 1. Verify .complete sentry exists (release is sealed)
|
|
if [ -f "$ARCHIVE_DIR/.complete" ]; then
|
|
pass ".complete sentry: $(cat "$ARCHIVE_DIR/.complete")"
|
|
else
|
|
fail ".complete sentry NOT FOUND — release may be incomplete or corrupted"
|
|
errors=$((errors + 1))
|
|
fi
|
|
|
|
# 2. Verify configs
|
|
if [ -d "$ARCHIVE_DIR/configs" ]; then
|
|
config_count=$(ls "$ARCHIVE_DIR/configs"/*.toml 2>/dev/null | wc -l)
|
|
pass "configs: $config_count files"
|
|
else
|
|
fail "configs directory not found"
|
|
errors=$((errors + 1))
|
|
fi
|
|
|
|
# 3. Verify patches
|
|
if [ -d "$ARCHIVE_DIR/patches" ]; then
|
|
patch_count=$(ls "$ARCHIVE_DIR/patches"/*.patch 2>/dev/null | wc -l)
|
|
pass "patches: $patch_count files"
|
|
fi
|
|
|
|
SOURCES_TARGET="$PROJECT_ROOT/sources/x86_64-unknown-redox"
|
|
|
|
# 4. Check for BLAKE3SUMS
|
|
if [ -f "$ARCHIVE_DIR/BLAKE3SUMS" ]; then
|
|
pass "BLAKE3SUMS present ($(wc -l < "$ARCHIVE_DIR/BLAKE3SUMS") entries)"
|
|
# Verify checksums against actual archive files in shared pool
|
|
verified=0
|
|
failed_checksums=0
|
|
while read -r hash filename; do
|
|
[ -z "$hash" ] && continue
|
|
archive_path="$ARCHIVE_DIR/tarballs/$filename"
|
|
[ ! -f "$archive_path" ] && archive_path="$ARCHIVE_DIR/snapshots/$filename"
|
|
if [ ! -f "$archive_path" ]; then
|
|
archive_path="$SOURCES_TARGET/$filename"
|
|
fi
|
|
if [ ! -f "$archive_path" ]; then
|
|
fail "archive missing: $filename"
|
|
errors=$((errors + 1))
|
|
continue
|
|
fi
|
|
if command -v b3sum >/dev/null 2>&1; then
|
|
computed=$(b3sum "$archive_path" | awk '{print $1}')
|
|
else
|
|
fail "b3sum not available — cannot verify BLAKE3SUMS"
|
|
errors=$((errors + 1))
|
|
break
|
|
fi
|
|
if [ "$computed" != "$hash" ]; then
|
|
fail "checksum mismatch: $filename (expected $hash, got $computed)"
|
|
failed_checksums=$((failed_checksums + 1))
|
|
errors=$((errors + 1))
|
|
else
|
|
verified=$((verified + 1))
|
|
fi
|
|
done < "$ARCHIVE_DIR/BLAKE3SUMS"
|
|
if [ "$verified" -gt 0 ]; then
|
|
pass "checksums verified: $verified archives"
|
|
fi
|
|
if [ "$failed_checksums" -gt 0 ]; then
|
|
fail "$failed_checksums checksum mismatches"
|
|
fi
|
|
else
|
|
fail "BLAKE3SUMS not found in $ARCHIVE_DIR"
|
|
errors=$((errors + 1))
|
|
fi
|
|
|
|
# 5. Count archives in sources/<target>/
|
|
SOURCES_TARGET="$PROJECT_ROOT/sources/x86_64-unknown-redox"
|
|
if [ -d "$ARCHIVE_DIR/tarballs" ]; then
|
|
archive_count=$(ls "$ARCHIVE_DIR/tarballs"/*.tar.gz 2>/dev/null | wc -l)
|
|
pass "source archives: $archive_count files in $ARCHIVE_DIR/tarballs/"
|
|
fi
|
|
|
|
echo ""
|
|
if [ "$errors" -eq 0 ]; then
|
|
echo -e "${GREEN}=========================================${NC}"
|
|
echo -e "${GREEN} Release $RELEASE: VERIFIED${NC}"
|
|
echo -e "${GREEN}=========================================${NC}"
|
|
else
|
|
echo -e "${RED}=========================================${NC}"
|
|
echo -e "${RED} Release $RELEASE: $errors error(s)${NC}"
|
|
echo -e "${RED}=========================================${NC}"
|
|
exit 1
|
|
fi
|