diff --git a/bin/buildiso.in b/bin/buildiso.in index 6842b0d..63767ba 100755 --- a/bin/buildiso.in +++ b/bin/buildiso.in @@ -82,6 +82,7 @@ display_settings(){ msg2 "chroots_iso: %s" "${chroots_iso}" msg2 "initsys: %s" "${initsys}" msg2 "kernel: %s" "${kernel}" + [[ -n ${gpgkey} ]] && msg2 "gpgkey: %s" "${gpgkey}" msg "ARGS:" msg2 "clean_first: %s" "${clean_first}" @@ -134,6 +135,8 @@ usage() { echo " [default: ${kernel}]" echo ' -i Init system to use' echo " [default: ${initsys}]" + echo ' -g The gpg key for sfs signing' + echo " [default: ${gpgkey}]" echo ' -m Set SquashFS image mode to persistence' echo ' -c Disable clean work dir' echo ' -x Build images only' @@ -149,7 +152,7 @@ usage() { orig_argv=("$@") -opts='p:a:b:r:t:k:i:czxmvqh' +opts='p:a:b:r:t:k:i:g:czxmvqh' while getopts "${opts}" arg; do case "${arg}" in @@ -160,6 +163,7 @@ while getopts "${opts}" arg; do t) cache_dir_iso="$OPTARG" ;; k) kernel="$OPTARG" ;; i) initsys="$OPTARG" ;; + g) gpgkey="$OPTARG" ;; c) clean_first=false ;; x) images_only=true ;; z) iso_only=true ;; diff --git a/data/manjaro-tools.conf b/data/manjaro-tools.conf index 319b725..3a75b25 100644 --- a/data/manjaro-tools.conf +++ b/data/manjaro-tools.conf @@ -71,6 +71,9 @@ # requires minimum 4.0 kernel on the build host and on iso in profile.conf # use_overlayfs="false" +# gpg key; leave empty or commented to skip sfs signing +# gpgkey="" + ################ deployiso ################ # the server user diff --git a/lib/util-iso-boot.sh b/lib/util-iso-boot.sh index a617855..d4bddfb 100644 --- a/lib/util-iso-boot.sh +++ b/lib/util-iso-boot.sh @@ -46,10 +46,19 @@ prepare_initramfs(){ cp $1/mkinitcpio.conf $2/etc/mkinitcpio-${iso_name}.conf set_mkinicpio_hooks "$2/etc/mkinitcpio-${iso_name}.conf" local _kernver=$(cat $2/usr/lib/modules/*/version) - chroot-run $2 \ + if [[ -n ${gpgkey} ]]; then + su ${OWNER} -c "gpg --export ${gpgkey} >${USERCONFDIR}/gpgkey" + exec 17<>${USERCONFDIR}/gpgkey + fi + MISO_GNUPG_FD=${gpgkey:+17} chroot-run $2 \ /usr/bin/mkinitcpio -k ${_kernver} \ -c /etc/mkinitcpio-${iso_name}.conf \ -g /boot/initramfs.img + + if [[ -n ${gpgkey} ]]; then + exec 17<&- + fi + rm ${USERCONFDIR}/gpgkey } prepare_boot_extras(){ diff --git a/lib/util-iso.sh b/lib/util-iso.sh index 06d0518..30b0c3a 100644 --- a/lib/util-iso.sh +++ b/lib/util-iso.sh @@ -71,7 +71,9 @@ trap_exit() { make_sig () { msg2 "Creating signature file..." cd "$1" - gpg --detach-sign --default-key ${gpg_key} $2.sfs + user_own "$1" + su ${OWNER} -c "gpg --detach-sign --default-key ${gpgkey} $2.sfs" + chown -R root "$1" cd ${OLDPWD} } @@ -150,6 +152,10 @@ make_sfs() { make_checksum "${dest}" "${name}" ${persist} && rm "${src}.img" + if [[ -n ${gpgkey} ]];then + make_sig "${dest}" "${name}" + fi + show_elapsed_time "${FUNCNAME}" "${timer_start}" } @@ -351,19 +357,8 @@ make_image_boot() { fi prepare_initcpio "${path}" - -# if [[ ${gpg_key} ]]; then -# gpg --export ${gpg_key} >${work_dir}/gpgkey -# exec 17<>${work_dir}/gpgkey -# fi -# MISO_GNUPG_FD=${gpg_key:+17} - prepare_initramfs "${profile_dir}" "${path}" -# if [[ ${gpg_key} ]]; then -# exec 17<&- -# fi - mv ${path}/boot/initramfs.img ${boot}/${target_arch}/initramfs.img prepare_boot_extras "${path}" "${boot}" diff --git a/lib/util.sh b/lib/util.sh index 97c55ad..9fc69d7 100644 --- a/lib/util.sh +++ b/lib/util.sh @@ -297,6 +297,8 @@ init_buildiso(){ [[ -z ${profile_repo} ]] && profile_repo='iso-profiles' + [[ -z ${gpgkey} ]] && gpgkey='' + mhwd_repo="/opt/pkg" }