Merge pull request #80 from antonym/external_sigs

Adding image signature checking phase one

src/centos.ipxe

@@ -9,7 +9,7 @@ goto ${menu} ||
 clear osversion
 set os CentOS
 set ksdevice eth0
-menu ${os} ${arch}
+menu ${os} - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
 item 7.2.1511 ${os} 7.2
 item 7.1.1503 ${os} 7.1
 item 7 ${os} 7.0
@@ -65,6 +65,18 @@ goto boottype
 imgfree
 kernel http://${mirror}/${dir}/images/pxeboot/vmlinuz repo=${repo} ${params} ${netcfg}
 initrd http://${mirror}/${dir}/images/pxeboot/initrd.img
+echo
+echo MD5sums:
+md5sum vmlinuz initrd.img
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz ${sigs}${dir}/images/pxeboot/vmlinuz.sig || goto error
+imgverify initrd.img ${sigs}${dir}/images/pxeboot/initrd.img.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
 boot
 goto linux_menu
 

src/debian.ipxe

@@ -8,7 +8,7 @@ goto ${menu}
 :debian
 set os Debian
 
-menu ${os} - ${arch_a}
+menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
 item jessie ${os} 8.0 (jessie)
 item wheezy ${os} 7.0 (wheezy)
 item squeeze ${os} 6.0 (squeeze)
@@ -58,6 +58,18 @@ imgfree
 echo Boot parameters: ${install_params} -- quiet ${params}
 kernel http://${mirror}/${dir}/linux ${install_params} ${netcfg} ${mirrorcfg} -- quiet ${params} initrd=initrd.gz
 initrd http://${mirror}/${dir}/initrd.gz
+echo
+echo MD5sums:
+md5sum linux initrd.gz
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${dir}/linux.sig || goto error
+imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
 boot
 
 :debian_exit

src/fedora.ipxe

@@ -10,7 +10,7 @@ clear osversion
 clear sku_type
 clear ova
 set os Fedora
-menu Fedora ${arch}
+menu Fedora - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
 item 23 ${os} 23
 item 22 ${os} 22
 item 21 ${os} 21
@@ -53,6 +53,18 @@ goto boot
 imgfree
 kernel http://${mirror}/${dir}/images/pxeboot/vmlinuz repo=http://${mirror}/${dir} ${params}
 initrd http://${mirror}/${dir}/images/pxeboot/initrd.img
+echo
+echo MD5sums:
+md5sum vmlinuz initrd.img
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz ${sigs}${dir}/images/pxeboot/vmlinuz.sig || goto error
+imgverify initrd.img ${sigs}${dir}/images/pxeboot/initrd.img.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
 boot
 goto linux_menu
 

src/kali.ipxe

@@ -7,7 +7,7 @@ goto ${menu} ||
 
 :kali
 set os Kali Linux
-menu ${os} ${arch_a}
+menu ${os} - ${arch_a} 
 item rolling ${os} Rolling Edition (2016.1)
 choose version || goto kali_exit
 
@@ -28,6 +28,9 @@ goto deb_boot
 imgfree
 kernel http://repo.kali.org/${dir}/linux vga=788 -- quiet
 initrd http://repo.kali.org/${dir}/initrd.gz
+echo
+echo MD5sums:
+md5sum linux initrd.gz
 boot
 
 :kali_exit

src/mageia.ipxe

@@ -7,7 +7,7 @@ goto ${menu} ||
 
 :mageia
 set os Mageia
-menu Mageia Installers ${arch}
+menu Mageia - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
 item 5 ${os} 5
 item 4 ${os} 4
 item cauldron ${os} cauldron
@@ -24,6 +24,18 @@ imgfree
 kernel ${mirror}/${dir}/vmlinuz
 initrd ${mirror}/${dir}/all.rdz
 imgargs vmlinuz automatic=${automatic} vga=788 splash=silent
+echo
+echo MD5sums:
+md5sum vmlinuz all.rdz
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify vmlinuz ${sigs}${dir}/vmlinuz.sig || goto error
+imgverify all.rdz ${sigs}${dir}/all.rdz.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
 boot || goto mageia
 
 :mageia_exit

src/opensuse.ipxe

@@ -3,7 +3,7 @@
 # OpenSUSE Operating System
 # http://opensuse.org
 
-menu openSUSE ${arch}
+menu openSUSE - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
 item 42.1 openSUSE 42.1 (leap)
 item 13.2 openSUSE 13.2
 item 13.1 openSUSE 13.1
@@ -20,6 +20,19 @@ imgfree
 kernel http://${mirror}/${dir}/boot/${arch}/loader/linux
 initrd http://${mirror}/${dir}/boot/${arch}/loader/initrd
 imgargs linux netsetup=dhcp install=http://${mirror}/${dir} ${params} ${netcfg}
+echo
+echo MD5sums:
+md5sum linux initrd
+iseq ${img_sigs_enabled} true && iseq ${version} tumbleweed && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${dir}/boot/${arch}/loader/linux.sig || goto error
+imgverify initrd ${sigs}${dir}/boot/${arch}/loader/initrd.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
 boot
 
 :opensuse_exit

src/ubuntu.ipxe

@@ -9,7 +9,7 @@ goto ${menu}
 set os Ubuntu
 clear ubuntu_version
 set ubuntu_mirror ${mirror}
-menu ${os} Installers - ${arch_a}
+menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
 item --gap Latest Releases
 item wily ${space} ${os} 15.10 Wily Werewolf
 item vivid ${space} ${os} 15.04 Vivid Vervet 
@@ -22,6 +22,7 @@ iseq ${ubuntu_version} older_release && goto older_release ||
 goto mirrorcfg
 
 :older_release
+set older_release true
 set ubuntu_mirror old-releases.ubuntu.com
 echo Setting mirror to ${ubuntu_mirror}
 clear ubuntu_version
@@ -63,6 +64,19 @@ set dir ${dir}${menu}-installer/${arch_a}
 imgfree
 kernel http://${ubuntu_mirror}/${dir}/linux ${install_params} ${netcfg} ${mirrorcfg} -- quiet ${params}
 initrd http://${ubuntu_mirror}/${dir}/initrd.gz
+echo
+echo MD5sums:
+md5sum linux initrd.gz
+iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
+iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
+:verify_sigs
+echo
+echo Checking signatures...
+imgverify linux ${sigs}${dir}/linux.sig || goto error
+imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
+echo Signatures verified!
+echo
+:skip_sigs
 boot
 
 :ubuntu_exit