From 26c512e57e97fdb90f219553148356c02a365ddb Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Tue, 8 Jun 2021 11:11:27 +0200
Subject: [PATCH] Getting and verifying ISO image

---
 bin/get-centos8-streams-boot | 123 ++++++++++++++++++++++++++++++++++-
 1 file changed, 120 insertions(+), 3 deletions(-)

diff --git a/bin/get-centos8-streams-boot b/bin/get-centos8-streams-boot
index e5de2cc..415cab1 100755
--- a/bin/get-centos8-streams-boot
+++ b/bin/get-centos8-streams-boot
@@ -8,7 +8,7 @@ DEBUG="n"
 QUIET='n'
 SIMULATE="n"
 
-VERSION="0.3.0"
+VERSION="0.3.1"
 
 BASE_NAME="$(basename ${0})"
 BASE_DIR="$(dirname ${0})"
@@ -44,6 +44,8 @@ LAST_TSTAMP="0"
 LOGFILE=
 LOG_ROOTDIR="/var/log"
 LOG_BASENAME="update-centos8-streams-boot.log"
+ISO_IMAGE_DIR="/var/tmp/isos"
+ISO_IMAGE=
 
 HAS_TTY='y'
 
@@ -432,6 +434,23 @@ check_preferences() {
 
     check_for_root
 
+    local -a tools=('rsync' 'curl' 'sha256sum')
+    local tool=
+
+    for tool in "${tools[@]}" ; do
+        debug "Checking for '${CYAN}${tool}${NORMAL}' ..."
+        if type -p ${tool} >/dev/null ; then
+            :
+        else
+            all_ok="n"
+            error "Did not found '${RED}${tool}${NORMAL}'. Maybe not installed?"
+        fi
+    done
+
+    if [[ "${all_ok}" != "y" ]] ; then
+        exit 5
+    fi
+
 }
 
 #------------------------------------------------------------------------------
@@ -454,7 +473,7 @@ check_dirs() {
         exit 5
     fi
 
-    for dir in "${MOUNTPOINT_ROOT}" ; do
+    for dir in "${MOUNTPOINT_ROOT}" "${ISO_IMAGE_DIR}" ; do
         debug "Checking '${CYAN}${dir}${NORMAL}' ..."
         if [[ ! -d "${dir}" ]] ; then
             MKDIR -p "${dir}"
@@ -491,6 +510,78 @@ create_urls() {
     return 0
 }
 
+#------------------------------------------------------------------------------
+cleanup_image() {
+
+    info "Cleaning up mounts and images"
+
+    if [[ -n "${ISO_IMAGE}" && -f "${ISO_IMAGE}" ]] ; then
+        purge "${ISO_IMAGE}"*
+    fi
+
+}
+
+#------------------------------------------------------------------------------
+download_image() {
+
+    local src="$1"
+    local tgt="$2"
+
+    debug "Downloading '${CYAN}${src}${NORMAL}' => '${CYAN}${tgt}${NORMAL}' ..."
+    local cmd="curl"
+    if [[ "${VERBOSE}" != "y" ]] ; then
+        cmd+=" --silent --show-error"
+    fi
+    cmd+=" --location --output \"${tgt}\" \"${src}\""
+
+    if [[ "${SIMULATE}" == "y" ]] ; then
+        info "Executing: ${cmd}"
+        return 0
+    fi
+    debug "Executing: ${cmd}"
+    eval ${cmd} 2>&1 | tee -a "${LOGFILE}" || true
+
+    if [[ ! -s "${tgt}" ]] ; then
+        warn "Image got from '${YELLOW}${src}${NORMAL}' was empty."
+        return 5
+    fi
+    debug "Got image:\n$( ls -l "${tgt}" )"
+    return 0
+}
+
+#------------------------------------------------------------------------------
+verify_image() {
+
+    local iso_image="$1"
+    local method="$2"
+    local checksum="$3"
+
+    info "Checking ${CYAN}${method}${NORMAL} checksum of '${CYAN}${iso_image}${NORMAL}' ..."
+
+    local checksum_file="${iso_image}.${method}"
+    if [[ "${SIMULATE}" == "y" ]] ; then
+        info "Simulating checking '${CYAN}${iso_image}${NORMAL}' for '${CYAN}${method}${NORMAL}' ..."
+        return 0
+    fi
+
+    cat > "${checksum_file}" <<-EOF
+	${checksum}  ${iso_image}
+	EOF
+
+    debug "Checksum file '${CYAN}${checksum_file}${NORMAL}':\n$( cat "${checksum_file}" )"
+
+    local cmd="${method}sum --quiet -c \"${checksum_file}\""
+    debug "Executing: ${cmd}"
+    if eval ${cmd} 2>&1 | tee -a "${LOGFILE}" ; then
+        debug "Checksum ok."
+        return 0
+    fi
+
+    info "${YELLOW}${method}${NORMAL} checksum of '${YELLOW}${iso_image}${NORMAL}' was incorrect."
+    return 6
+
+}
+
 #------------------------------------------------------------------------------
 perform_mirror() {
 
@@ -509,9 +600,10 @@ perform_mirror() {
     local checksum=$( echo "${line}" | sed -e "s/.*=[ 	]*//" | tr '[:upper:]' '[:lower:]' )
     local image_url="${mirror}8-stream/isos/x86_64/${base_name}"
     local tstamp=$( echo "${base_name}" | sed -e 's/CentOS-Stream-8-x86_64-\([0-9][0-9]*\)-.*/\1/i' )
+    local iso_base=$( basename "${base_name}" ".iso" )
 
     if [[ "${tstamp}" -le "${LAST_TSTAMP}" ]] ; then
-        info "Timestamp '${CYAN}${tstamp}${NORMAL}' of mirror '${CYAN}${mirror}${NORMAL}'is too old."
+        info "Timestamp '${CYAN}${tstamp}${NORMAL}' of mirror '${CYAN}${mirror}${NORMAL}' is too old."
         return 1
     fi
 
@@ -525,6 +617,31 @@ perform_mirror() {
     info "${out}"
     empty_line
 
+    ISO_IMAGE=$( mktemp "${ISO_IMAGE_DIR}/${iso_base}.XXXXXXXX.iso" )
+    debug "Local ISO image is '${CYAN}${ISO_IMAGE}${NORMAL}'."
+
+    trap cleanup_image INT TERM EXIT ABRT
+
+    if download_image "${image_url}" "${ISO_IMAGE}" ; then
+        :
+    else
+        info "Download from '${CYAN}${mirror}${NORMAL}' not successful."
+        trap - INT TERM EXIT ABRT
+        cleanup_image
+        return 1
+    fi
+
+    if verify_image "${ISO_IMAGE}" "${check_method}" "${checksum}" ; then
+        :
+    else
+        trap - INT TERM EXIT ABRT
+        cleanup_image
+        return 1
+    fi
+
+    trap - INT TERM EXIT ABRT
+    cleanup_image
+
     return 0
 
 }
-- 
2.39.5