Verification for downloaded kernel and initramdisk
-
As we see trouble with corrupt bzImage/init.xz files quite often I wonder if we can add some kind of verification. Debugging this kind of error takes a lot of asking questions forth and back and causes a lot of confusion on both sides.
I haven’t really come up with a good idea yet. One way could be to download a checksum file with the kernel images and verify those checksums once in the installation process. Or we could calculate checksums every time a client requests bootmenu.class.php (probably slows down the bootup which is not good I think).
Any ideas on this?
-
Done.
I created a checksum checker. We call https://fogproject.org/inits/index.php or https://fogproject.org/kernels/index.php and a generated sha512 sum of the files is returned back. In the installer I download these files in bin/checksum_init/checksums and bin/checksum_kernel/checksums. It only gives us a checksum of the init{,_32}.xz and bzImage{,32} files.
Hopefully this will help.
-
You are the man Tom!! Hopefully this can prevent some of the kernel/init issues in the future.
Let me know if I can add something to it as well.
-
@Tom-Elliott Amazing. I’ve been wanting this for a while.
Now, if the check sums don’t match, does it re-attempt the downloads? What about checksums for the new client?
-
@Wayne-Workman I’m not doing client checksums. This is because we’re not keeping the client downloads on the server, and I don’t know if github has a dynamically generated hash to work from. I imagine they do but I’m not familiar with the api to call for.
-
Just stumbled upon this by accident: http://ipxe.org/cmd/imgverify
-
@Sebastian-Roth I guess that would be to verify that the kernel and inits are transferred from the fog server to the network booting computer correctly?
-
Exactly. Possibly this could be of help on those weird UEFI devices which blow up with a kernel panic right after iPXE handed off to the kernel but I am not sure yet. I even don’t really know how this works at all. How to generate the signature…?! Well found some information, looks complicated: http://ipxe.org/crypto
-
While I don’t think it will help anything, the only thing I can think of causing the issue is the init=/sbin/init flag that’s being passed. I’ve now only made it so that this flag will only send if the platform is bios, and maybe this will help out?
-
Why init= only on BIOS machines? Did I miss something here? Is this known to cause issues on UEFI?
-
@Sebastian-Roth the only reason I’m thinking that is because it’s the only thing I added that I can think of that could be giving the bad sector. I don’t know if it causes issues or not and I’m leaning more that it likely isn’t. But just seeing if maybe it will work?