diff --git a/Makefile b/Makefile index e0a0656a..0646b629 100644 --- a/Makefile +++ b/Makefile @@ -23,18 +23,37 @@ all-%: download-% installer-% customize-% #------------------------------------------------------------------------------ # Download -# - download to build/01_base/$DISTRO -# - no file suffix, could be iso, qcow2 whatever -# - TODO: add chesksum verfication somehow +# - validate target is in $DISTRO list + SHA256|512_$DISTRO is defined +# - download to build/01_base/$DISTRO use .img suffix (coudld be iso, qcow2) +# - verify sha256/sha512 checksum #------------------------------------------------------------------------------ download: $(patsubst %, download-%, $(DISTROS)) -download-%: ${DIR_BASE}/%.img +download-%: validate-% ${DIR_BASE}/%.img @${INFO} "Download ${*} done" -${DIR_BASE}/%.img: validate-% +validate-%: + @if [[ ! "$(DISTROS)" == *"${*}"* ]]; then \ + ${ERROR} "Unknown distro ${*}"; \ + fi + @if [[ -z "${SHA256_${*}}" ]] && [[ -z "${SHA512_${*}}" ]]; then \ + ${ERROR} "Undefined checksum for ${*}, add SHA256_${*} or SHA512_${*} var to Makefile.distros"; \ + fi + +${DIR_BASE}/%.img: @${INFO} "Starting $* download" curl -sS -L -f -o "$@" "${URL_${*}}" + @if [[ -n "${SHA256_${*}}" ]]; then \ + echo "${SHA256_${*}} ${DIR_BASE}/$*.img" > ${DIR_BASE}/$*.img.sha256; \ + if ! sha256sum -c ${DIR_BASE}/$*.img.sha256; then \ + ${ERROR} "${*} sha256ssum WRONG, delete ${DIR_BASE}/$*.img or update the checksum"; \ + fi \ + elif [[ -n "${SHA512_${*}}" ]]; then \ + echo "${SHA512_${*}} ${DIR_BASE}/$*.img" > ${DIR_BASE}/$*.img.sha512; \ + if ! sha512sum -c ${DIR_BASE}/$*.img.sha512; then \ + ${ERROR} "${*} sha512sum WRONG, delete ${DIR_BASE}/$*.img or update the checksum"; \ + fi \ + fi #------------------------------------------------------------------------------ # Install (optional) @@ -89,15 +108,6 @@ context-linux: $(patsubst %, context-linux/out/%, $(LINUX_CONTEXT_PACKAGES)) context-linux/out/%: cd context-linux; ./generate-all.sh -#------------------------------------------------------------------------------ -# validate before download -#------------------------------------------------------------------------------ -validate-%: - @if [[ ! "$(DISTROS)" == *"${*}"* ]]; then \ - echo "[ERROR] Unknown distro ${*}"; \ - exit 1; \ - fi - #------------------------------------------------------------------------------ # help #------------------------------------------------------------------------------ diff --git a/Makefile.config b/Makefile.config index 142cd57c..aec73989 100644 --- a/Makefile.config +++ b/Makefile.config @@ -18,11 +18,7 @@ DIR_EXPORT ?= $(DIR_BUILD)/03_export DIR_PACKER ?= $(DIR_BUILD)/_packer # create them if not present -$(shell \ - mkdir -p ${DIR_BASE} \ - mkdir -p ${DIR_INSTALL} \ - mkdir -p ${DIR_EXPORT} \ -) +$(shell mkdir -p ${DIR_BASE} ${DIR_INSTALL}) # # don't delete downloaded or installed images .SECONDARY: $(patsubst %, $(DIR_BASE)/%.img, $(DISTROS)) @@ -59,6 +55,7 @@ QEMU_BINARY ?= $(shell \ # logging func INFO=sh -c 'if [ $(VERBOSE) = 1 ]; then echo [INFO] $$1; fi' INFO +ERROR=sh -c 'echo [ERROR] $$1; exit 1;' ERROR # export all variables export diff --git a/Makefile.distros b/Makefile.distros index 248f4b79..debc7dc4 100644 --- a/Makefile.distros +++ b/Makefile.distros @@ -17,7 +17,7 @@ URL_alpine316 := https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64 URL_alpine317 := https://dl-cdn.alpinelinux.org/alpine/v3.17/releases/x86_64/alpine-virt-3.17.5-x86_64.iso URL_alt9 := https://mirror.yandex.ru/altlinux/p9/images/cloud/x86_64/alt-p9-cloud-x86_64.qcow2 URL_alt10 := https://mirror.yandex.ru/altlinux/p10/images/cloud/x86_64/alt-p10-cloud-x86_64.qcow2 -URL_debian10 := https://cdimage.debian.org/cdimage/openstack/current-10/debian-10-openstack-arm64.qcow2 +URL_debian10 := https://cdimage.debian.org/cdimage/openstack/current-10/debian-10-openstack-amd64.qcow2 URL_debian11 := https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 URL_debian12 := https://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 URL_devuan3 := https://files.devuan.org/devuan_beowulf/installer-iso/devuan_beowulf_3.1.1_amd64_server.iso @@ -29,9 +29,35 @@ URL_freebsd13 := https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-I URL_ol8 := https://yum.oracle.com/templates/OracleLinux/OL8/u7/x86_64/OL8U7_x86_64-kvm-b148.qcow URL_ol9 := https://yum.oracle.com/templates/OracleLinux/OL9/u1/x86_64/OL9U1_x86_64-kvm-b158.qcow URL_opensuse15 := https://download.opensuse.org/distribution/leap/15.5/appliances/openSUSE-Leap-15.5-Minimal-VM.x86_64-Cloud.qcow2 -URL_rocky := https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-boot.iso -URL_rocky := https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-boot.iso +URL_rocky8 := https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-boot.iso +URL_rocky9 := https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-boot.iso URL_ubuntu2004 := https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img URL_ubuntu2004min := https://cloud-images.ubuntu.com/minimal/releases/focal/release/ubuntu-20.04-minimal-cloudimg-amd64.img URL_ubuntu2204 := https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img URL_ubuntu2204min := https://cloud-images.ubuntu.com/minimal/releases/jammy/release/ubuntu-22.04-minimal-cloudimg-amd64.img + +# SHA256 +SHA256_alma8 := cff37f240c3d62cf0930e4e1bfbcf7048e80d36e08eafd4ece7a05eb0306c902 +SHA256_alma9 := c3d2ea8fbe1e33415897a9b1351c2cdb9eb56778d11f327ed6966622c830ae09 +SHA256_alpine316 := 6b447e9b2e2ca561c01b03a7b21b6839c718ed85323d2d100ff2e10ea5191470 +SHA256_alpine317 := d3aec585da8327095edb37b4b7b5eed4623a993196edf12e74641ee5f16291f6 +SHA256_alt9 := f3837a01518003f4ecaeca4148c3a1c5904a4657f72d9b55d6e8bd0903ca270f +SHA256_alt10 := c20730ca87b8cb026ced7dd254abce05cd0deb33f60f4dab6c17968f8bc968d5 +SHA256_debian10 := beabb9bfdb70850ef839ccaff8b79cf3fce87a6bf3aefe893fbc83c875b3d65a +SHA512_debian11 := 78fe9e9a71fa2d63715a2e156939964b45cfaa5c91b634af1b5a06fa359dd612f027332f65319ec08d4aa204672df95a75812d7a6a016659112b931b4d94f6b6 +SHA512_debian12 := b2ddc01e8d13dabbcfde6661541aae92219be2d442653950f0e44613ddebaeb80dc7a83e0202c5509c5e72f4bd1f4edee4c83f35191f2562b3f31e20e9e87ec2 +SHA256_devuan3 := e6e3fc1bdbf626a871d8c27608129c4788623121c8ea059f60607a93c30892de +SHA256_devuan4 := b2c0d159e9d7219422ef9e40673c3126aee118b57df79484384e7995abd2ba0f +SHA256_fedora37 := b5b9bec91eee65489a5745f6ee620573b23337cbb1eb4501ce200b157a01f3a0 +SHA256_fedora38 := d334670401ff3d5b4129fcc662cf64f5a6e568228af59076cc449a4945318482 +SHA256_freebsd12 := 606435637b76991f96df68f561badf03266f3d5452e9f72ed9b130d96b188800 +SHA256_freebsd13 := b76ab084e339ee05f59be81354c8cb7dfadf9518e0548f88017d2759a910f17c +SHA256_ol8 := 72cd18d63f2fee35d7c590da35a61470a77798b567c6ee87528a185ea9c546f1 +SHA256_ol9 := 9a57fa5590646454f89ad465015ae7a1b3b2856142b3f960aa6b36263ec36acd +SHA256_opensuse15 := c596e6f78d7be8a6b3fad894ccbe9c316321288fa7d7761e0a91c20d24000b5b +SHA256_rocky8 := 96c9d96c33ebacc8e909dcf8abf067b6bb30588c0c940a9c21bb9b83f3c99868 +SHA256_rocky9 := 11e42da96a7b336de04e60d05e54a22999c4d7f3e92c19ebf31f9c71298f5b42 +SHA256_ubuntu2004 := bfa805bde8f2d199b8e4a306a3a5823e18b1547833b90d60d8a689e7270e43ff +SHA256_ubuntu2004min := 46cec7bfb7c45bbbecfe167032485a1eea30c7c5408e6f8f4ee9ed454c0119e7 +SHA256_ubuntu2204 := cec51cde3fde0b6c0107bc5c6a0b3a5f44d52ad99373aa9a8386f1d782c07c51 +SHA256_ubuntu2204min := 646511fab9d51933ff88cafa079dd2f2eb74564131927561b538825033ed9ded diff --git a/Makefile.distros-nonfree b/Makefile.distros-nonfree index aa1982aa..822cb993 100644 --- a/Makefile.distros-nonfree +++ b/Makefile.distros-nonfree @@ -1,6 +1,10 @@ #ifeq (${NONFREE}, yes) -include Makefile.secrets -DISTROS += rhel8 rhel9 -URL_rhel8 := http://storage/images/base/rhel8.qcow2 -URL_rhel9 := http://storage/images/base/rhel9.qcow2 +DISTROS += rhel8 rhel9 + +URL_rhel8 := http://storage/images/base/rhel8.qcow2 +URL_rhel9 := http://storage/images/base/rhel9.qcow2 + +SHA256_rhel8 := 02cf0181020c7fa4beb45b62b66bb39940b78f6fb2a301cde2e9131aea1490fb +SHA256_rhel9 := 53d341fdf6327ac4f12c2a84d6130fea3c9070bbc6919266dca7763820af3cac #endif