Package: simple-cdd Version: 0.6.9 Severity: minor Tags: security X-Debbugs-Cc: atzli...@sina.com
Hi, When I run md5sum -c md5sum.txt in a mounted iso create by simple-cdd, I get the following errors: md5sum -c md5sum.txt ...... md5sum: WARNING: 1 computed checksum did NOT match then run: md5sum -c md5sum.txt |grep -v OK ./boot/grub/grub.cfg: FAILED md5sum: WARNING: 1 computed checksum did NOT match I find ./boot/grub/grub.cfg is changed. The last line of ./boot/grub/grub.cfg is: set timeout=3 The checksum will match after remove this line in ./boot/grub/grub.cfg file. I had set BOOT_TIMEOUT=3 in my build.conf. I search simple-cdd source code repo, in tools/build/debian-cd file from line 118: grubcfg="$TDIR/$CODENAME/CD1/boot/grub/grub.cfg" if [ -f "$grubcfg" ]; then if [ -n "$BOOT_TIMEOUT" ]; then SEC_TIMEOUT=$(( $BOOT_TIMEOUT / 10 )) echo "set timeout=$SEC_TIMEOUT" >> $grubcfg fi The "set timeout=3" line is appended to grub.cfg when BOOT_TIMEOUT is set. IMHO, the grub.cfg checksum in md5sum.txt should computed again. This is a little affect about security to iso. I hope this bug can been fix. Thanks! -- System Information: Release: 12.5.2 Codename: bookworm Architecture: x86_64 Kernel: Linux 6.8.11-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE=zh_CN:zh Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages simple-cdd depends on: ii dctrl-tools 2.24-3+b1 ii debian-cd 3.2.1+deb12u1 ii lsb-release 12.0-1 ii python3 3.11.2-1+b1 ii python3-simple-cdd 0.6.9 ii reprepro 5.3.1-1+deb12u1 ii rsync 3.2.7-1 ii wget 1.21.3-1+b2 Versions of packages simple-cdd recommends: ii dose-distcheck 7.0.0-1+b2 Versions of packages simple-cdd suggests: pn qemu-system | qemu-kvm <none> -- no debconf information