root/nix-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' of github.com:manjaro/manjaro-tools into stable-0.14.x

Browse source
This commit is contained in:
udeved 2017-02-15 20:09:38 +01:00
commit 90a9f635f4
10 changed files with 87 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -122,6 +122,9 @@ overriding
# requires minimum 4.0 kernel on the build host and on iso in profile.conf
# use_overlayfs="false"
# gpg key; leave empty or commented to skip sfs signing
# gpgkey=""
################ deployiso ################
# the server user
@ -225,10 +228,12 @@ Usage: buildiso [options]
-t <dir> Target directory
[default: /var/cache/manjaro-tools/iso]
-k <name> Kernel to use
[default: linux44]
[default: linux49]
-i <name> Init system to use
[default: systemd]
-s Sign the iso
-g <key> The gpg key for sfs signing
[default: empty]
-m Set SquashFS image mode to persistence
-c Disable clean work dir
-x Build images only
-z Generate iso only

6
bin/buildiso.in
View file

@ -82,6 +82,7 @@ display_settings(){
msg2 "chroots_iso: %s" "${chroots_iso}"
msg2 "initsys: %s" "${initsys}"
msg2 "kernel: %s" "${kernel}"
[[ -n ${gpgkey} ]] && msg2 "gpgkey: %s" "${gpgkey}"
msg "ARGS:"
msg2 "clean_first: %s" "${clean_first}"
@ -134,6 +135,8 @@ usage() {
echo " [default: ${kernel}]"
echo ' -i <name> Init system to use'
echo " [default: ${initsys}]"
echo ' -g <key> The gpg key for sfs signing'
echo " [default: ${gpgkey}]"
echo ' -m Set SquashFS image mode to persistence'
echo ' -c Disable clean work dir'
echo ' -x Build images only'
@ -149,7 +152,7 @@ usage() {
orig_argv=("$@")
opts='p:a:b:r:t:k:i:czxmvqh'
opts='p:a:b:r:t:k:i:g:czxmvqh'
while getopts "${opts}" arg; do
case "${arg}" in
@ -160,6 +163,7 @@ while getopts "${opts}" arg; do
t) cache_dir_iso="$OPTARG" ;;
k) kernel="$OPTARG" ;;
i) initsys="$OPTARG" ;;
g) gpgkey="$OPTARG" ;;
c) clean_first=false ;;
x) images_only=true ;;
z) iso_only=true ;;

3
data/manjaro-tools.conf
View file

@ -71,6 +71,9 @@
# requires minimum 4.0 kernel on the build host and on iso in profile.conf
# use_overlayfs="false"
# gpg key; leave empty or commented to skip sfs signing
# gpgkey=""
################ deployiso ################
# the server user

6
docbook/buildiso.xml
View file

@ -75,7 +75,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
<term><option>-p PROFILE...</option></term>
<listitem><para>Name of the build list or name of the directory
you will build. It needs to cantains a existing build list or a
you will build. It needs to contain an existing build list or a
folder with a valid profile.</para></listitem>
</varlistentry>
@ -110,9 +110,9 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
</varlistentry>
<varlistentry>
<term><option>-s</option></term>
<term><option>-g KEY</option></term>
<listitem><para>Sign the iso.</para></listitem>
<listitem><para>The GPG key to use to sign the sfs images.</para></listitem>
</varlistentry>
<varlistentry>

8
docbook/manjaro-tools.conf.xml
View file

@ -241,6 +241,14 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>gpgkey=</varname></term>
<listitem><para>If the gpgkey is supplied, the sfs images on iso will be signed.
If the key is left empty or commented, signing will be skipped.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>initsys=</varname></term>

38
initcpio/hooks/miso
View file

@ -158,35 +158,39 @@ miso_mount_handler() {
if [[ "${checksum}" == "y" ]]; then
for fs in rootfs desktopfs mhwdfs livefs;do
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.md5" ]]; then
msg -n ":: Self-test requested, please wait..."
if _verify_checksum "${fs}"; then
msg "done. Checksum is OK, continue booting."
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs" ]]; then
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.md5" ]]; then
msg -n ":: Self-test requested, please wait..."
if _verify_checksum "${fs}"; then
msg "done. Checksum is OK, continue booting."
else
echo "ERROR: one or more files are corrupted"
echo "see /tmp/checksum.log for details"
launch_interactive_shell
fi
else
echo "ERROR: one or more files are corrupted"
echo "see /tmp/checksum.log for details"
echo "ERROR: checksum=y option specified but ${misobasedir}/${arch}/${fs}.md5 not found"
launch_interactive_shell
fi
else
echo "ERROR: checksum=y option specified but ${misobasedir}/${arch}/${fs}.md5 not found"
launch_interactive_shell
fi
done
fi
if [[ "${verify}" == "y" ]]; then
for fs in rootfs desktopfs mhwdfs livefs;do
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs.sig" ]]; then
msg -n ":: Signature verification requested, please wait..."
if _verify_signature "${fs}"; then
msg "done. Signature is OK, continue booting."
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs" ]]; then
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs.sig" ]]; then
msg -n ":: Signature verification requested, please wait..."
if _verify_signature "${fs}"; then
msg "done. Signature is OK, continue booting."
else
echo "ERROR: one or more files are corrupted"
launch_interactive_shell
fi
else
echo "ERROR: one or more files are corrupted"
echo "ERROR: verify=y option specified but ${misobasedir}/${arch}/${fs}.sfs.sig not found"
launch_interactive_shell
fi
else
echo "ERROR: verify=y option specified but ${misobasedir}/${arch}/${fs}.sfs.sig not found"
launch_interactive_shell
fi
done
fi

38
initcpio/hooks/miso_aufs
View file

@ -163,35 +163,39 @@ miso_mount_handler() {
if [[ "${checksum}" == "y" ]]; then
for fs in rootfs desktopfs mhwdfs livefs;do
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.md5" ]]; then
msg -n ":: Self-test requested, please wait..."
if _verify_checksum "${fs}"; then
msg "done. Checksum is OK, continue booting."
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs" ]]; then
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.md5" ]]; then
msg -n ":: Self-test requested, please wait..."
if _verify_checksum "${fs}"; then
msg "done. Checksum is OK, continue booting."
else
echo "ERROR: one or more files are corrupted"
echo "see /tmp/checksum.log for details"
launch_interactive_shell
fi
else
echo "ERROR: one or more files are corrupted"
echo "see /tmp/checksum.log for details"
echo "ERROR: checksum=y option specified but ${misobasedir}/${arch}/${fs}.md5 not found"
launch_interactive_shell
fi
else
echo "ERROR: checksum=y option specified but ${misobasedir}/${arch}/${fs}.md5 not found"
launch_interactive_shell
fi
done
fi
if [[ "${verify}" == "y" ]]; then
for fs in rootfs desktopfs mhwdfs livefs;do
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs.sig" ]]; then
msg -n ":: Signature verification requested, please wait..."
if _verify_signature "${fs}"; then
msg "done. Signature is OK, continue booting."
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs" ]]; then
if [[ -f "/run/miso/bootmnt/${misobasedir}/${arch}/${fs}.sfs.sig" ]]; then
msg -n ":: Signature verification requested, please wait..."
if _verify_signature "${fs}"; then
msg "done. Signature is OK, continue booting."
else
echo "ERROR: one or more files are corrupted"
launch_interactive_shell
fi
else
echo "ERROR: one or more files are corrupted"
echo "ERROR: verify=y option specified but ${misobasedir}/${arch}/${fs}.sfs.sig not found"
launch_interactive_shell
fi
else
echo "ERROR: verify=y option specified but ${misobasedir}/${arch}/${fs}.sfs.sig not found"
launch_interactive_shell
fi
done
fi

11
lib/util-iso-boot.sh
View file

@ -46,10 +46,19 @@ prepare_initramfs(){
cp $1/mkinitcpio.conf $2/etc/mkinitcpio-${iso_name}.conf
set_mkinicpio_hooks "$2/etc/mkinitcpio-${iso_name}.conf"
local _kernver=$(cat $2/usr/lib/modules/*/version)
chroot-run $2 \
if [[ -n ${gpgkey} ]]; then
su ${OWNER} -c "gpg --export ${gpgkey} >${USERCONFDIR}/gpgkey"
exec 17<>${USERCONFDIR}/gpgkey
fi
MISO_GNUPG_FD=${gpgkey:+17} chroot-run $2 \
/usr/bin/mkinitcpio -k ${_kernver} \
-c /etc/mkinitcpio-${iso_name}.conf \
-g /boot/initramfs.img
if [[ -n ${gpgkey} ]]; then
exec 17<&-
fi
rm ${USERCONFDIR}/gpgkey
}
prepare_boot_extras(){

19
lib/util-iso.sh
View file

@ -71,7 +71,9 @@ trap_exit() {
make_sig () {
msg2 "Creating signature file..."
cd "$1"
gpg --detach-sign --default-key ${gpg_key} $2.sfs
user_own "$1"
su ${OWNER} -c "gpg --detach-sign --default-key ${gpgkey} $2.sfs"
chown -R root "$1"
cd ${OLDPWD}
}
@ -150,6 +152,10 @@ make_sfs() {
make_checksum "${dest}" "${name}"
${persist} && rm "${src}.img"
if [[ -n ${gpgkey} ]];then
make_sig "${dest}" "${name}"
fi
show_elapsed_time "${FUNCNAME}" "${timer_start}"
}
@ -351,19 +357,8 @@ make_image_boot() {
fi
prepare_initcpio "${path}"
# if [[ ${gpg_key} ]]; then
# gpg --export ${gpg_key} >${work_dir}/gpgkey
# exec 17<>${work_dir}/gpgkey
# fi
# MISO_GNUPG_FD=${gpg_key:+17}
prepare_initramfs "${profile_dir}" "${path}"
# if [[ ${gpg_key} ]]; then
# exec 17<&-
# fi
mv ${path}/boot/initramfs.img ${boot}/${target_arch}/initramfs.img
prepare_boot_extras "${path}" "${boot}"

2
lib/util.sh
View file

@ -297,6 +297,8 @@ init_buildiso(){
[[ -z ${profile_repo} ]] && profile_repo='iso-profiles'
[[ -z ${gpgkey} ]] && gpgkey=''
mhwd_repo="/opt/pkg"
}