Merge pull request #515 from netbootxyz/image_sig_checking

Removes external image signature checking

roles/netbootxyz/defaults/main.yml

@@ -10,7 +10,6 @@ time_server: "0.pool.ntp.org"
 # signature checking
 sigs_menu: false
 sigs_enabled: false
-img_sigs_enabled: false
 
 # helper app locations
 memdisk_location: "http://${boot_domain}/memdisk"

roles/netbootxyz/templates/menu/alpinelinux.ipxe.j2

@@ -11,7 +11,7 @@ goto ${menu}
 clear alpine_version
 set os {{ releases.alpinelinux.name }}
 iseq ${arch} x86_64 && set bootarch x86_64 || set bootarch x86
-menu ${os} [${bootarch}] - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} [${bootarch}]
 item --gap Releases
 {% for item in releases.alpinelinux.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
@@ -29,15 +29,6 @@ initrd ${base-url}/${dir}/initramfs-lts
 echo
 echo MD5sums:
 md5sum vmlinuz-lts initramfs-lts
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify vmlinuz-lts ${sigs}${dir}/vmlinuz-lts.sig || goto error
-imgverify initramfs-lts ${sigs}${dir}/initramfs-lts.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 
 :alpine_exit

roles/netbootxyz/templates/menu/archlinux.ipxe.j2

@@ -43,4 +43,4 @@ goto archlinux_exit
 
 :archlinux_exit
 clear menu
-exit 0
+exit 0

roles/netbootxyz/templates/menu/boot.cfg.j2

@@ -16,9 +16,6 @@ set live_endpoint {{ live_endpoint }}
 # signature check enabled?
 set sigs_enabled {{ sigs_enabled | default(false) | bool | lower }}
 
-# image signatures check enabled?
-set img_sigs_enabled {{ img_sigs_enabled | default(false) | bool | lower }}
-
 # set location of signatures for sources
 set sigs {{ sigs_location }}
 

roles/netbootxyz/templates/menu/centos.ipxe.j2

@@ -11,7 +11,7 @@ goto ${menu} ||
 :centos
 clear osversion
 set os {{ releases.centos.name }}
-menu ${os} - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} - ${arch}
 {% for item in releases.centos.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
 {% endfor %}
@@ -65,16 +65,6 @@ initrd ${centos_mirror}/${dir}/images/pxeboot/initrd.img
 echo
 echo MD5sums:
 md5sum vmlinuz initrd.img
-iseq ${osversion} 8-stream && echo Rolling release, skipping sig checks && goto skip_sigs ||
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify vmlinuz ${sigs}${dir}/images/pxeboot/vmlinuz.sig || goto error
-imgverify initrd.img ${sigs}${dir}/images/pxeboot/initrd.img.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 goto linux_menu
 

roles/netbootxyz/templates/menu/debian.ipxe.j2

@@ -9,7 +9,7 @@ goto ${menu}
 set os Debian
 clear debian_version
 clear older_release
-menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} - ${arch_a}
 item --gap Latest Releases
 {% for item in releases.debian.versions.stable %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
@@ -82,16 +82,6 @@ initrd ${debian_mirror}/${dir}/initrd.gz
 echo
 echo MD5sums:
 md5sum linux initrd.gz
-iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify linux ${sigs}${dir}/linux.sig || goto error
-imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 
 :debian_exit

roles/netbootxyz/templates/menu/devuan.ipxe.j2

@@ -9,7 +9,7 @@ goto ${menu}
 set os Devuan
 clear devuan_version
 clear older_release
-menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} - ${arch_a}
 item --gap Latest Releases
 {% for item in releases.devuan.versions.stable %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
@@ -69,16 +69,6 @@ initrd ${devuan_mirror}/${dir}/initrd.gz
 echo
 echo MD5sums:
 md5sum linux initrd.gz
-iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify linux ${sigs}${dir}/linux.sig || goto error
-imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 
 :devuan_exit

roles/netbootxyz/templates/menu/fedora.ipxe.j2

@@ -13,7 +13,7 @@ clear osversion
 clear sku_type
 clear ova
 set os {{ releases.fedora.name }}
-menu ${os} - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} - ${arch}
 item --gap Latest Releases
 {% for item in releases.fedora.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
@@ -67,16 +67,6 @@ initrd ${fedora_mirror}/${dir}/images/pxeboot/initrd.img
 echo
 echo MD5sums:
 md5sum vmlinuz initrd.img
-iseq ${osversion} rawhide && goto skip_sigs ||
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify vmlinuz ${sigs}${dir}/images/pxeboot/vmlinuz.sig || goto error
-imgverify initrd.img ${sigs}${dir}/images/pxeboot/initrd.img.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 goto linux_menu
 

roles/netbootxyz/templates/menu/ipfire.ipxe.j2

@@ -8,7 +8,7 @@ goto ${menu} ||
 :ipfire
 clear osversion
 set os {{ releases.ipfire.name }}
-menu ${os} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os}
 {% for item in releases.ipfire.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
 {% endfor %}
@@ -24,15 +24,6 @@ initrd ${ipfire_mirror}/${dir}/instroot
 echo
 echo MD5sums:
 md5sum vmlinuz instroot
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify vmlinuz ${sigs}ipfire/${dir}/vmlinuz.sig || goto error
-imgverify instroot ${sigs}ipfire/${dir}/instroot.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 
 :ipfire_exit

roles/netbootxyz/templates/menu/mageia.ipxe.j2

@@ -10,7 +10,7 @@ goto ${menu} ||
 
 :mageia
 set os {{ releases.mageia.name }}
-menu ${os} - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} - ${arch}
 {% for item in releases.mageia.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
 {% endfor %}
@@ -28,15 +28,6 @@ imgargs vmlinuz automatic=${automatic} vga=788 splash=silent ${console} initrd=a
 echo
 echo MD5sums:
 md5sum vmlinuz all.rdz
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify vmlinuz ${sigs}${dir}/${dir2}/vmlinuz.sig || goto error
-imgverify all.rdz ${sigs}${dir}/${dir2}/all.rdz.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot || goto mageia
 
 :mageia_exit

roles/netbootxyz/templates/menu/menu.ipxe.j2

@@ -64,9 +64,6 @@ item --gap Signature Checks:
 {% if sigs_enabled | bool %}
 item sig_check ${space} {{ site_name }} [ enabled: ${sigs_enabled} ]
 {% endif %}
-{% if img_sigs_enabled | bool %}
-item img_sigs_check ${space} Images [ enabled: ${img_sigs_enabled} ]
-{% endif %}
 {% endif %}
 {% if custom_github_menus | bool %}
 isset ${github_user} && item --gap Custom Github Menu: ||
@@ -113,10 +110,6 @@ goto main_menu
 iseq ${sigs_enabled} true && set sigs_enabled false || set sigs_enabled true
 goto main_menu
 
-:img_sigs_check
-iseq ${img_sigs_enabled} true && set img_sigs_enabled false || set img_sigs_enabled true
-goto main_menu
-
 :about
 chain https://boot.netboot.xyz/about.ipxe || chain about.ipxe 
 goto main_menu

roles/netbootxyz/templates/menu/opensuse.ipxe.j2

@@ -57,7 +57,7 @@ set netsetup netsetup=hostip,gateway,nameserver hostip=${ip}/${prefix} gateway=$
 set netsetup ${netsetup} BOOTIF=${netX/mac}
 
 set distro opensuse
-menu openSUSE - ${arch} - Image Sig Checks: [${img_sigs_enabled}]
+menu openSUSE - ${arch}
 {% for item in releases.opensuse.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
 {% endfor %}
@@ -72,16 +72,6 @@ imgargs linux ${netsetup} install=${opensuse_mirror}/${dir} ${params} ${console}
 echo
 echo MD5sums:
 md5sum linux initrd
-iseq ${img_sigs_enabled} true && iseq ${version} tumbleweed && goto skip_sigs ||
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify linux ${sigs}${distro}/${dir}/boot/x86_64/loader/linux.sig || goto error
-imgverify initrd ${sigs}${distro}/${dir}/boot/x86_64/loader/initrd.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 
 :opensuse_exit

roles/netbootxyz/templates/menu/ubuntu.ipxe.j2

@@ -8,7 +8,7 @@ goto ${menu}
 :ubuntu
 set os Ubuntu
 clear ubuntu_version
-menu ${os} - ${arch_a} - Image Sig Checks: [${img_sigs_enabled}]
+menu ${os} - ${arch_a}
 item --gap Latest Releases
 {% for item in releases.ubuntu.versions %}
 item {{ item.code_name }} ${space} ${os} {{ item.name }}
@@ -66,16 +66,6 @@ initrd ${ubuntu_mirror}/${dir}/initrd.gz
 echo
 echo MD5sums:
 md5sum linux initrd.gz
-iseq ${img_sigs_enabled} true && iseq ${older_release} true && goto skip_sigs ||
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify linux ${sigs}${dir}/linux.sig || goto error
-imgverify initrd.gz ${sigs}${dir}/initrd.gz.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 
 :ubuntu_exit

roles/netbootxyz/templates/menu/utils-efi.ipxe.j2

@@ -1,6 +1,6 @@
 #!ipxe
 
-menu Utilities - Image Sig Checks: [${img_sigs_enabled}]
+menu Utilities
 item --gap Utilities:
 {% for key, value in utilitiesefi.items() | sort(attribute='1.name') %}
 {% if value.enabled %}

roles/netbootxyz/templates/menu/utils-pcbios.ipxe.j2

@@ -1,6 +1,6 @@
 #!ipxe
 
-menu Utilities - Image Sig Checks: [${img_sigs_enabled}]
+menu Utilities
 item --gap Utilities:
 {% for key, value in utilitiespcbios.items() | sort(attribute='1.name') %}
 {% if value.enabled %}
@@ -46,15 +46,6 @@ initrd --name ${util_file} ${util_path}
 echo
 echo MD5sums:
 md5sum memdisk ${util_file}
-iseq ${img_sigs_enabled} true && goto verify_sigs || goto skip_sigs
-:verify_sigs
-echo
-echo Checking signatures...
-imgverify memdisk ${sigs}memdisk.sig || goto error
-imgverify ${util_file} ${sigs}${menu}/${util_file}.sig || goto error
-echo Signatures verified!
-echo
-:skip_sigs
 boot
 goto utils_exit
 

script/netbootxyz-overrides.yml

@@ -1,7 +1,6 @@
 ---
 sigs_menu: true
 sigs_enabled: true
-img_sigs_enabled: false
 generate_disks_arm: true
 generate_version_file: true
 bootloader_multiple: true