Talos-2 fixes to comply with hashing file standard. Bypass flash-gui.sh prompt when talos-2 ato validate hashes against hashes provided under tgz through flash.sh validation (still offer zip and tgz, which tgz might change to zip later but only tgz offered through builds)

tlaurion · JonathonHall-Purism · commit 56d38e112c6d · 2023-11-16T08:44:39.000-05:00
Attempt to address #1526 (comment) Signed-off-by: Thierry Laurion <insurgo@riseup.net>
diff --git a/boards/talos-2/talos-2.config b/boards/talos-2/talos-2.config
@@ -64,6 +64,6 @@ $(board_build)/$(OUTPUT_PREFIX).tgz: \
 	rm -rf $(board_build)/pkg # cleanup in case directory exists
 	mkdir $(board_build)/pkg
 	cp $^ $(board_build)/pkg
-	cd $(board_build)/pkg && sha256sum * > hashes.txt
+	cd $(board_build)/pkg && sha256sum * > sha256sum.txt
 	cd $(board_build)/pkg && tar zcf $@ *
 	rm -r $(board_build)/pkg
diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh
@@ -63,7 +63,11 @@ while true; do
       --yesno "You will need to insert a USB drive containing your BIOS image (*.$UPDATE_PKG_EXT or\n*.$UPDATE_PLAIN_EXT).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 0 80); then
       mount_usb
       if grep -q /media /proc/mounts; then
-        find /media ! -path '*/\.*' -type f \( -name "*.$UPDATE_PLAIN_EXT" -o -type f -name "*.$UPDATE_PKG_EXT" \) | sort >/tmp/filelist.txt
+        if [ "${CONFIG_BOARD%_*}" = talos-2 ]; then
+          find /media ! -path '*/\.*' -type f -name "*.$UPDATE_PLAIN_EXT" | sort >/tmp/filelist.txt
+        else
+          find /media ! -path '*/\.*' -type f \( -name "*.$UPDATE_PLAIN_EXT" -o -type f -name "*.$UPDATE_PKG_EXT" \) | sort >/tmp/filelist.txt
+        fi
         file_selector "/tmp/filelist.txt" "Choose the ROM to flash"
         if [ "$FILE" == "" ]; then
           exit 1
@@ -109,12 +113,19 @@ while true; do
           # Continue on using the verified ROM
           ROM="$PACKAGE_ROM"
         else
+          # talos-2 uses a .tgz file for its "plain" update, contains other parts as well, validated against hashes under flash.sh
+          # Skip prompt for hash validation for talos-2. Only method is through tgz or through bmc with individual parts
+          if [ "${CONFIG_BOARD%_*}" != talos-2 ]; then
           # a rom file was provided. exit if we shall not proceed
           ROM="$PKG_FILE"
           ROM_HASH=$(sha256sum "$ROM" | awk '{print $1}') || die "Failed to hash ROM file"
           if ! (whiptail $CONFIG_ERROR_BG_COLOR --title 'Flash ROM without integrity check?' \
             --yesno "You have provided a *.$UPDATE_PLAIN_EXT file. The integrity of the file can not be\nchecked automatically for this file type.\n\nROM: $ROM\nSHA256SUM: $ROM_HASH\n\nIf you do not know how to check the file integrity yourself,\nyou should use a *.$UPDATE_PKG_EXT file instead.\n\nIf the file is damaged, you will not be able to boot anymore.\nDo you want to proceed flashing without file integrity check?" 0 80); then
             exit 1
+            fi
+          else
+            #We are on talos-2, so we have a tgz file. We will pass it directly to flash.sh which will take care of it
+            ROM="$PKG_FILE"
           fi
         fi
 
diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh
@@ -180,7 +180,7 @@ if [ "$READ" -eq 0 ] && [ "${ROM##*.}" = tgz ]; then
         mkdir /tmp/verified_rom
 
         tar -C /tmp/verified_rom -xf $ROM || die "Rom archive $ROM could not be extracted"
-        if ! (cd /tmp/verified_rom/ && sha256sum -cs hashes.txt); then
+    if ! (cd /tmp/verified_rom/ && sha256sum -cs sha256sum.txt); then
             die "Provided tgz image did not pass hash verification"
         fi
 
