update to remain compatible with https://lists.archlinux.org/pipermail/arch-releng/2017-October/003796.html

bdisk/bdisk.py

@@ -1,4 +1,6 @@
 #!/bin/env python3
+
+import argparse
 import host
 import prep
 import bchroot
@@ -10,15 +12,15 @@ import bsync
 import bGPG
 import os
 
-# we need to:
-# we also need to figure out how to implement "mentos" (old bdisk) like functionality, letting us reuse an existing chroot install if possible to save time for future builds.
-#   if not, though, it's no big deal.
-# still on the todo: iPXE
-if __name__ == '__main__':
+
+def bdisk(args):
+    # we also need to figure out how to implement "mentos" (old bdisk) like functionality, letting us reuse an
+    # existing chroot install if possible to save time for future builds.
+    # if not, though, it's no big deal.
     if os.getuid() != 0:
         exit('{0}: ERROR: BDisk *must* be run as the root user or with sudo!'.format(datetime.datetime.now()))
     print('{0}: Starting.'.format(datetime.datetime.now()))
-    conf = host.parseConfig(host.getConfig())[1]
+    conf = host.parseConfig(host.getConfig(conf_file = args['buildini']))[1]
     prep.dirChk(conf)
     conf['gpgobj'] = bGPG.genGPG(conf)
     prep.buildChroot(conf, keep = False)
@@ -50,3 +52,20 @@ if __name__ == '__main__':
     bsync.git(conf)
     bsync.rsync(conf)
     print('{0}: Finish.'.format(datetime.datetime.now()))
+
+def parseArgs():
+    args = argparse.ArgumentParser(description = 'BDisk - a tool for building live/rescue media.',
+                                   epilog = 'brent s. || 2017 || https://bdisk.square-r00t.net')
+    args.add_argument('buildini',
+                      metavar = '/path/to/build.ini',
+                      default = '/etc/bdisk/build.ini',
+                      nargs = '?',
+                      help = 'The full/absolute path to the build.ini to use for this run. The default is /etc/bdisk/build.ini, but see https://bdisk.square-r00t.net/#the_code_build_ini_code_file.')
+    return(args)
+
+def main():
+    args = vars(parseArgs().parse_args())
+    bdisk(args)
+
+if __name__ == '__main__':
+    main()

bdisk/bsync.py

@@ -32,7 +32,7 @@ def http(conf):
                                                     datetime.datetime.now(),
                                                     httpdir))
         for a in arch:
-            for i in ('md5', 'sfs', 'sha256'):
+            for i in ('md5', 'sfs', 'sha256', 'sha512'):
                 httpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
         httpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
         if 'x86_64' in arch:
@@ -81,7 +81,7 @@ def tftp(conf):
                                                 datetime.datetime.now(),
                                                 tftpdir))
         for a in arch:
-            for i in ('md5', 'sfs', 'sha256'):
+            for i in ('md5', 'sfs', 'sha256', 'sha512'):
                 tftpfiles['{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)] = '{0}/{1}/airootfs.{2}'.format(bdisk['name'], a, i)
         tftpfiles['VERSION_INFO.txt'] = 'VERSION_INFO.txt'
         if 'x86_64' in arch:

bdisk/build.py

@@ -21,6 +21,7 @@ def genImg(conf):
     basedir = build['basedir']
     prepdir = build['prepdir']
     hashes = {}
+    hashes['sha512'] = {}
     hashes['sha256'] = {}
     hashes['md5'] = {}
     squashfses = []
@@ -52,9 +53,10 @@ def genImg(conf):
                                             humanize.naturalsize(
                                                 os.path.getsize(squashimg))))
         # Generate the checksum files
-        print("{0}: [BUILD] Generating SHA256, MD5 checksums ({1})...".format(
+        print("{0}: [BUILD] Generating SHA512 SHA256, MD5 checksums ({1})...".format(
                                                                 datetime.datetime.now(),
                                                 squashimg))
+        hashes['sha512'][a] = hashlib.sha512()
         hashes['sha256'][a] = hashlib.sha256()
         hashes['md5'][a] = hashlib.md5()
         with open(squashimg, 'rb') as f:
@@ -63,8 +65,11 @@ def genImg(conf):
                 if not stream:
                     break
                 # NOTE: these items are hashlib objects, NOT strings!
+                hashes['sha512'][a].update(stream)
                 hashes['sha256'][a].update(stream)
                 hashes['md5'][a].update(stream)
+        with open(airoot + 'airootfs.sha512', 'w+') as f:
+            f.write("{0}  airootfs.sfs\n".format(hashes['sha512'][a].hexdigest()))
         with open(airoot + 'airootfs.sha256', 'w+') as f:
             f.write("{0}  airootfs.sfs\n".format(hashes['sha256'][a].hexdigest()))
         with open(airoot + 'airootfs.md5', 'w+') as f:

bdisk/ipxe.py

@@ -21,7 +21,8 @@ def buildIPXE(conf):
     srcdir = build['srcdir']
     embedscript = build['dlpath'] + '/EMBED'
     ipxe_src = srcdir + '/ipxe'
-    ipxe_git_uri = 'git://git.ipxe.org/ipxe.git'
+    #ipxe_git_uri = 'git://git.ipxe.org/ipxe.git'
+    ipxe_git_uri = 'http://git.ipxe.org/ipxe.git'
     print('{0}: [IPXE] Prep/fetch sources...'.format(
                                         datetime.datetime.now()))
     # Get the source

docs/TODO

@@ -1,6 +1,6 @@
 -investigate weird signing issue- if you specify a key to sign with, it appears that the squashed images (at least in the http dir) doesn't have a sig/asc. do they need to copy it over? or is it not even signing them?
+-switch from python-pygpgme to python-gpgme for better performance. also clean up bGPG in general; reference KANT.
 
-## Missing v2.x functionality ##
 -i_am_a_racecar optimizations
 - different distro guests (debian, etc.)- https://stackoverflow.com/questions/2349991/python-how-to-import-other-python-files/20749411#20749411
 -incorporate this into the manual?

docs/manual/HEAD.adoc

@@ -1,6 +1,6 @@
 = BDisk User and Developer Manual
 Brent Saner <bts@square-r00t.net>
-v1.2, 2017-05-11
+v1.3, 2017-08-20
 :doctype: book
 :data-uri:
 :imagesdir: images

docs/manual/user/BUILDINI.adoc

@@ -3,7 +3,7 @@ This file is where you can specify some of the very basics of BDisk building. It
 
 It's single-level, but divided into "sections". This is unfortunately a limitation of ConfigParser, but it should be easy enough to follow.
 
-Blank lines are ignored, as well as any lines beginning with `#` and `;`. There are some restrictions and recommendations for some values, so be sure to note them when they occur. Variables referencing other values in the `build.ini` are allowed in the format of `${value}` if it's in the same section; otherwise, `${section:value}` can be used.
+Blank lines are ignored, as well as any lines beginning with `#` and `;`. There are some restrictions and recommendations for some values, so be sure to note them when they occur. Variables referencing other values in the `build.ini` are allowed in the format of `${keyname}` if it's in the same section; otherwise, `${section:keyname}` can be used.
 
 If you want to use your own `build.ini` file (and you should!), the following paths are searched in order. The first one found will be used.
 

docs/manual/user/GETTING_STARTED.adoc

@@ -64,6 +64,8 @@ While not strictly necessary, these will greatly enhance your BDisk usage. I've
 
 NOTE: If you do not wish to install any of these or cannot install them, be sure to disable the relevant options in the `build.ini` file (we'll talk about that later). The default `extra/dist.build.ini` should be sane enough to not require any of these.
 
+* http://cdrtools.sourceforge.net/private/cdrecord.html[cdrtools^]
+** Needed for building iPXE.
 * http://gcc.gnu.org[gcc (multilib)^] (>=6.x)
 ** Needed for building iPXE.
 * http://gcc.gnu.org[gcc-libs (multilib)^] (>=6.x)

docs/manual/user/advanced/SSH.adoc

@@ -17,7 +17,7 @@ First, create a file: `<basedir>/overlay/etc/ssh/sshd_config` using the followin
  Subsystem	sftp	/usr/lib/ssh/sftp-server
  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
- MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
 We'll also want to implement a more secure `ssh_config` file to avoid possible leaks. The following is `<basedir>/overlay/etc/ssh/ssh_config`:
 
@@ -28,7 +28,7 @@ We'll also want to implement a more secure `ssh_config` file to avoid possible l
      PubkeyAuthentication yes
      HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
      Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
 We'll want to create our own moduli. This can take a long time, but only needs to be done once -- it doesn't need to be done for every build. The following commands should be run in `<basedir>/overlay/etc/ssh/`:
 

extra/pre-build.d/etc/systemd/scripts/livecd.fix.sh

@@ -1,5 +1,7 @@
 #/bin/sh -
 
+locale-gen
+
 #chmod 4755 /opt/google/chrome-beta/chrome-sandbox
 chmod 4755 /usr/bin/sudo
 

extra/pre-build.d/root/packages.both

@@ -198,7 +198,7 @@ net-snmp
 netselect
 nettle
 networkmanager-pptp
-nginx-devel
+nginx-mainline
 ngrep
 nmap
 nmon