buildiso: implement sfs signing
This commit is contained in:
parent
e4abc96f89
commit
6dcf66076c
5 changed files with 27 additions and 14 deletions
|
@ -82,6 +82,7 @@ display_settings(){
|
|||
msg2 "chroots_iso: %s" "${chroots_iso}"
|
||||
msg2 "initsys: %s" "${initsys}"
|
||||
msg2 "kernel: %s" "${kernel}"
|
||||
[[ -n ${gpgkey} ]] && msg2 "gpgkey: %s" "${gpgkey}"
|
||||
|
||||
msg "ARGS:"
|
||||
msg2 "clean_first: %s" "${clean_first}"
|
||||
|
@ -134,6 +135,8 @@ usage() {
|
|||
echo " [default: ${kernel}]"
|
||||
echo ' -i <name> Init system to use'
|
||||
echo " [default: ${initsys}]"
|
||||
echo ' -g <key> The gpg key for sfs signing'
|
||||
echo " [default: ${gpgkey}]"
|
||||
echo ' -m Set SquashFS image mode to persistence'
|
||||
echo ' -c Disable clean work dir'
|
||||
echo ' -x Build images only'
|
||||
|
@ -149,7 +152,7 @@ usage() {
|
|||
|
||||
orig_argv=("$@")
|
||||
|
||||
opts='p:a:b:r:t:k:i:czxmvqh'
|
||||
opts='p:a:b:r:t:k:i:g:czxmvqh'
|
||||
|
||||
while getopts "${opts}" arg; do
|
||||
case "${arg}" in
|
||||
|
@ -160,6 +163,7 @@ while getopts "${opts}" arg; do
|
|||
t) cache_dir_iso="$OPTARG" ;;
|
||||
k) kernel="$OPTARG" ;;
|
||||
i) initsys="$OPTARG" ;;
|
||||
g) gpgkey="$OPTARG" ;;
|
||||
c) clean_first=false ;;
|
||||
x) images_only=true ;;
|
||||
z) iso_only=true ;;
|
||||
|
|
|
@ -71,6 +71,9 @@
|
|||
# requires minimum 4.0 kernel on the build host and on iso in profile.conf
|
||||
# use_overlayfs="false"
|
||||
|
||||
# gpg key; leave empty or commented to skip sfs signing
|
||||
# gpgkey=""
|
||||
|
||||
################ deployiso ################
|
||||
|
||||
# the server user
|
||||
|
|
|
@ -46,10 +46,19 @@ prepare_initramfs(){
|
|||
cp $1/mkinitcpio.conf $2/etc/mkinitcpio-${iso_name}.conf
|
||||
set_mkinicpio_hooks "$2/etc/mkinitcpio-${iso_name}.conf"
|
||||
local _kernver=$(cat $2/usr/lib/modules/*/version)
|
||||
chroot-run $2 \
|
||||
if [[ -n ${gpgkey} ]]; then
|
||||
su ${OWNER} -c "gpg --export ${gpgkey} >${USERCONFDIR}/gpgkey"
|
||||
exec 17<>${USERCONFDIR}/gpgkey
|
||||
fi
|
||||
MISO_GNUPG_FD=${gpgkey:+17} chroot-run $2 \
|
||||
/usr/bin/mkinitcpio -k ${_kernver} \
|
||||
-c /etc/mkinitcpio-${iso_name}.conf \
|
||||
-g /boot/initramfs.img
|
||||
|
||||
if [[ -n ${gpgkey} ]]; then
|
||||
exec 17<&-
|
||||
fi
|
||||
rm ${USERCONFDIR}/gpgkey
|
||||
}
|
||||
|
||||
prepare_boot_extras(){
|
||||
|
|
|
@ -71,7 +71,9 @@ trap_exit() {
|
|||
make_sig () {
|
||||
msg2 "Creating signature file..."
|
||||
cd "$1"
|
||||
gpg --detach-sign --default-key ${gpg_key} $2.sfs
|
||||
user_own "$1"
|
||||
su ${OWNER} -c "gpg --detach-sign --default-key ${gpgkey} $2.sfs"
|
||||
chown -R root "$1"
|
||||
cd ${OLDPWD}
|
||||
}
|
||||
|
||||
|
@ -150,6 +152,10 @@ make_sfs() {
|
|||
make_checksum "${dest}" "${name}"
|
||||
${persist} && rm "${src}.img"
|
||||
|
||||
if [[ -n ${gpgkey} ]];then
|
||||
make_sig "${dest}" "${name}"
|
||||
fi
|
||||
|
||||
show_elapsed_time "${FUNCNAME}" "${timer_start}"
|
||||
}
|
||||
|
||||
|
@ -351,19 +357,8 @@ make_image_boot() {
|
|||
fi
|
||||
|
||||
prepare_initcpio "${path}"
|
||||
|
||||
# if [[ ${gpg_key} ]]; then
|
||||
# gpg --export ${gpg_key} >${work_dir}/gpgkey
|
||||
# exec 17<>${work_dir}/gpgkey
|
||||
# fi
|
||||
# MISO_GNUPG_FD=${gpg_key:+17}
|
||||
|
||||
prepare_initramfs "${profile_dir}" "${path}"
|
||||
|
||||
# if [[ ${gpg_key} ]]; then
|
||||
# exec 17<&-
|
||||
# fi
|
||||
|
||||
mv ${path}/boot/initramfs.img ${boot}/${target_arch}/initramfs.img
|
||||
prepare_boot_extras "${path}" "${boot}"
|
||||
|
||||
|
|
|
@ -297,6 +297,8 @@ init_buildiso(){
|
|||
|
||||
[[ -z ${profile_repo} ]] && profile_repo='iso-profiles'
|
||||
|
||||
[[ -z ${gpgkey} ]] && gpgkey=''
|
||||
|
||||
mhwd_repo="/opt/pkg"
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue