buildiso: implement sfs signing
This commit is contained in:
parent
e4abc96f89
commit
6dcf66076c
5 changed files with 27 additions and 14 deletions
|
@ -82,6 +82,7 @@ display_settings(){
|
||||||
msg2 "chroots_iso: %s" "${chroots_iso}"
|
msg2 "chroots_iso: %s" "${chroots_iso}"
|
||||||
msg2 "initsys: %s" "${initsys}"
|
msg2 "initsys: %s" "${initsys}"
|
||||||
msg2 "kernel: %s" "${kernel}"
|
msg2 "kernel: %s" "${kernel}"
|
||||||
|
[[ -n ${gpgkey} ]] && msg2 "gpgkey: %s" "${gpgkey}"
|
||||||
|
|
||||||
msg "ARGS:"
|
msg "ARGS:"
|
||||||
msg2 "clean_first: %s" "${clean_first}"
|
msg2 "clean_first: %s" "${clean_first}"
|
||||||
|
@ -134,6 +135,8 @@ usage() {
|
||||||
echo " [default: ${kernel}]"
|
echo " [default: ${kernel}]"
|
||||||
echo ' -i <name> Init system to use'
|
echo ' -i <name> Init system to use'
|
||||||
echo " [default: ${initsys}]"
|
echo " [default: ${initsys}]"
|
||||||
|
echo ' -g <key> The gpg key for sfs signing'
|
||||||
|
echo " [default: ${gpgkey}]"
|
||||||
echo ' -m Set SquashFS image mode to persistence'
|
echo ' -m Set SquashFS image mode to persistence'
|
||||||
echo ' -c Disable clean work dir'
|
echo ' -c Disable clean work dir'
|
||||||
echo ' -x Build images only'
|
echo ' -x Build images only'
|
||||||
|
@ -149,7 +152,7 @@ usage() {
|
||||||
|
|
||||||
orig_argv=("$@")
|
orig_argv=("$@")
|
||||||
|
|
||||||
opts='p:a:b:r:t:k:i:czxmvqh'
|
opts='p:a:b:r:t:k:i:g:czxmvqh'
|
||||||
|
|
||||||
while getopts "${opts}" arg; do
|
while getopts "${opts}" arg; do
|
||||||
case "${arg}" in
|
case "${arg}" in
|
||||||
|
@ -160,6 +163,7 @@ while getopts "${opts}" arg; do
|
||||||
t) cache_dir_iso="$OPTARG" ;;
|
t) cache_dir_iso="$OPTARG" ;;
|
||||||
k) kernel="$OPTARG" ;;
|
k) kernel="$OPTARG" ;;
|
||||||
i) initsys="$OPTARG" ;;
|
i) initsys="$OPTARG" ;;
|
||||||
|
g) gpgkey="$OPTARG" ;;
|
||||||
c) clean_first=false ;;
|
c) clean_first=false ;;
|
||||||
x) images_only=true ;;
|
x) images_only=true ;;
|
||||||
z) iso_only=true ;;
|
z) iso_only=true ;;
|
||||||
|
|
|
@ -71,6 +71,9 @@
|
||||||
# requires minimum 4.0 kernel on the build host and on iso in profile.conf
|
# requires minimum 4.0 kernel on the build host and on iso in profile.conf
|
||||||
# use_overlayfs="false"
|
# use_overlayfs="false"
|
||||||
|
|
||||||
|
# gpg key; leave empty or commented to skip sfs signing
|
||||||
|
# gpgkey=""
|
||||||
|
|
||||||
################ deployiso ################
|
################ deployiso ################
|
||||||
|
|
||||||
# the server user
|
# the server user
|
||||||
|
|
|
@ -46,10 +46,19 @@ prepare_initramfs(){
|
||||||
cp $1/mkinitcpio.conf $2/etc/mkinitcpio-${iso_name}.conf
|
cp $1/mkinitcpio.conf $2/etc/mkinitcpio-${iso_name}.conf
|
||||||
set_mkinicpio_hooks "$2/etc/mkinitcpio-${iso_name}.conf"
|
set_mkinicpio_hooks "$2/etc/mkinitcpio-${iso_name}.conf"
|
||||||
local _kernver=$(cat $2/usr/lib/modules/*/version)
|
local _kernver=$(cat $2/usr/lib/modules/*/version)
|
||||||
chroot-run $2 \
|
if [[ -n ${gpgkey} ]]; then
|
||||||
|
su ${OWNER} -c "gpg --export ${gpgkey} >${USERCONFDIR}/gpgkey"
|
||||||
|
exec 17<>${USERCONFDIR}/gpgkey
|
||||||
|
fi
|
||||||
|
MISO_GNUPG_FD=${gpgkey:+17} chroot-run $2 \
|
||||||
/usr/bin/mkinitcpio -k ${_kernver} \
|
/usr/bin/mkinitcpio -k ${_kernver} \
|
||||||
-c /etc/mkinitcpio-${iso_name}.conf \
|
-c /etc/mkinitcpio-${iso_name}.conf \
|
||||||
-g /boot/initramfs.img
|
-g /boot/initramfs.img
|
||||||
|
|
||||||
|
if [[ -n ${gpgkey} ]]; then
|
||||||
|
exec 17<&-
|
||||||
|
fi
|
||||||
|
rm ${USERCONFDIR}/gpgkey
|
||||||
}
|
}
|
||||||
|
|
||||||
prepare_boot_extras(){
|
prepare_boot_extras(){
|
||||||
|
|
|
@ -71,7 +71,9 @@ trap_exit() {
|
||||||
make_sig () {
|
make_sig () {
|
||||||
msg2 "Creating signature file..."
|
msg2 "Creating signature file..."
|
||||||
cd "$1"
|
cd "$1"
|
||||||
gpg --detach-sign --default-key ${gpg_key} $2.sfs
|
user_own "$1"
|
||||||
|
su ${OWNER} -c "gpg --detach-sign --default-key ${gpgkey} $2.sfs"
|
||||||
|
chown -R root "$1"
|
||||||
cd ${OLDPWD}
|
cd ${OLDPWD}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -150,6 +152,10 @@ make_sfs() {
|
||||||
make_checksum "${dest}" "${name}"
|
make_checksum "${dest}" "${name}"
|
||||||
${persist} && rm "${src}.img"
|
${persist} && rm "${src}.img"
|
||||||
|
|
||||||
|
if [[ -n ${gpgkey} ]];then
|
||||||
|
make_sig "${dest}" "${name}"
|
||||||
|
fi
|
||||||
|
|
||||||
show_elapsed_time "${FUNCNAME}" "${timer_start}"
|
show_elapsed_time "${FUNCNAME}" "${timer_start}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -351,19 +357,8 @@ make_image_boot() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
prepare_initcpio "${path}"
|
prepare_initcpio "${path}"
|
||||||
|
|
||||||
# if [[ ${gpg_key} ]]; then
|
|
||||||
# gpg --export ${gpg_key} >${work_dir}/gpgkey
|
|
||||||
# exec 17<>${work_dir}/gpgkey
|
|
||||||
# fi
|
|
||||||
# MISO_GNUPG_FD=${gpg_key:+17}
|
|
||||||
|
|
||||||
prepare_initramfs "${profile_dir}" "${path}"
|
prepare_initramfs "${profile_dir}" "${path}"
|
||||||
|
|
||||||
# if [[ ${gpg_key} ]]; then
|
|
||||||
# exec 17<&-
|
|
||||||
# fi
|
|
||||||
|
|
||||||
mv ${path}/boot/initramfs.img ${boot}/${target_arch}/initramfs.img
|
mv ${path}/boot/initramfs.img ${boot}/${target_arch}/initramfs.img
|
||||||
prepare_boot_extras "${path}" "${boot}"
|
prepare_boot_extras "${path}" "${boot}"
|
||||||
|
|
||||||
|
|
|
@ -297,6 +297,8 @@ init_buildiso(){
|
||||||
|
|
||||||
[[ -z ${profile_repo} ]] && profile_repo='iso-profiles'
|
[[ -z ${profile_repo} ]] && profile_repo='iso-profiles'
|
||||||
|
|
||||||
|
[[ -z ${gpgkey} ]] && gpgkey=''
|
||||||
|
|
||||||
mhwd_repo="/opt/pkg"
|
mhwd_repo="/opt/pkg"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue