#1072144 when set BOOT_TIMEOUT, md5sum of ./boot/grub/grub.cfg not match md5sum.txt which in iso

Package:
simple-cdd
Source:
simple-cdd
Submitter:
xiao sheng wen
Date:
2024-05-29 03:42:03 UTC
Severity:
normal
Tags:
#1072144#5
Date:
2024-05-29 03:39:31 UTC
From:
To:
Hi,

   When I run md5sum -c md5sum.txt in a mounted iso create by simple-cdd,
I get the following errors:

md5sum -c md5sum.txt
......
md5sum: WARNING: 1 computed checksum did NOT match

then run:

md5sum -c md5sum.txt |grep -v OK
./boot/grub/grub.cfg: FAILED
md5sum: WARNING: 1 computed checksum did NOT match

I find ./boot/grub/grub.cfg is changed.

The last line of ./boot/grub/grub.cfg is:

set timeout=3

The checksum will match after remove this line in ./boot/grub/grub.cfg file.

I had set BOOT_TIMEOUT=3 in my build.conf.

I search simple-cdd source code repo, in tools/build/debian-cd file from line 118:

grubcfg="$TDIR/$CODENAME/CD1/boot/grub/grub.cfg"
if [ -f "$grubcfg" ]; then
    if [ -n "$BOOT_TIMEOUT" ]; then
        SEC_TIMEOUT=$(( $BOOT_TIMEOUT / 10 ))
        echo "set timeout=$SEC_TIMEOUT" >> $grubcfg
    fi

The "set timeout=3" line is appended to grub.cfg when BOOT_TIMEOUT is set.

IMHO, the grub.cfg checksum in md5sum.txt should computed again.

This is a little affect about security to iso.

I hope this bug can been fix.

Thanks!