From d8dd960dd57df4e28e40b570830e6eb34ff28aeb Mon Sep 17 00:00:00 2001 From: Sam Ebstein Date: Thu, 19 Sep 2024 12:52:39 -0700 Subject: [PATCH] rootfs/usr/local/bin/autorun: adding autorun checks on new fat32 formatted USER partition --- Makefile | 2 +- rootfs/usr/local/bin/autorun | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 87223db..bf3948e 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,7 @@ vm-efi: out/airgap.iso -drive id=external,if=none,format=raw,file=out/sdcard.img \ -display gtk,show-menubar=off,zoom-to-fit=on \ -device usb-storage,drive=usbdrive \ - -drive id=usbdrive,if=none,format=raw,file=airgap.iso \ + -drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \ -boot order=c ## Signing, Verification, and Release Targets diff --git a/rootfs/usr/local/bin/autorun b/rootfs/usr/local/bin/autorun index 89a8db2..c811d6a 100755 --- a/rootfs/usr/local/bin/autorun +++ b/rootfs/usr/local/bin/autorun @@ -4,7 +4,17 @@ source /etc/profile folder=${1?} -if [ -f "${folder}/autorun.sh.asc" ]; then +if [ "$folder" == "/media/USER" ] && [ -f "${folder}/autorun.sh" ]; then + if touch "${folder}/.write_test" 2>/dev/null; then + echo "!! Autorun: Read-only verification failed for /media/USER" >/dev/console + exit 1; + else + echo "" >/dev/console + echo "++ Autorun: Found /media/USER/autorun.sh" >/dev/console; + echo "** Autorun: Executing /media/USER/autorun.sh" >/dev/console + /bin/bash "/media/USER/autorun.sh" >/dev/console + fi +elif [ -f "${folder}/autorun.sh.asc" ]; then echo "" >/dev/console echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console; gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {