diff options
| author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-03-09 22:11:06 -0600 |
|---|---|---|
| committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-03-09 22:11:06 -0600 |
| commit | c3cdea15d949ed9e3612807947164fcad72e70ae (patch) | |
| tree | 5e089f8f9e8cfc58501913416e389e8501eba227 | |
| parent | 5ab69adb03b7b8cc7f7bb0c4d853f23b58350626 (diff) | |
| download | image-c3cdea15d949ed9e3612807947164fcad72e70ae.tar.gz image-c3cdea15d949ed9e3612807947164fcad72e70ae.tar.bz2 image-c3cdea15d949ed9e3612807947164fcad72e70ae.tar.xz image-c3cdea15d949ed9e3612807947164fcad72e70ae.zip | |
adelie-build-cd: change the way signing on-disc indexes works
Now we just use abuild-sign like normal people instead of
reinventing the wheel. This will help when the index signature
type changes in the future.
| -rwxr-xr-x | adelie-build-cd | 40 | ||||
| -rw-r--r-- | adelie-build-cd.8 | 16 |
2 files changed, 31 insertions, 25 deletions
diff --git a/adelie-build-cd b/adelie-build-cd index d939db7..1690c65 100755 --- a/adelie-build-cd +++ b/adelie-build-cd @@ -76,18 +76,22 @@ while [ -n "$1" ]; do usage exit ;; - -f | --full) - shift - declare -r DO_FULL=full - ;; - -p | --phase) - shift - declare -r MY_PHASE=$1 - ;; - -v | --version) - shift - declare -r MY_VER=$1 - ;; + -f | --full) + shift + declare -r DO_FULL=full + ;; + -p | --phase) + shift + declare -r MY_PHASE=$1 + ;; + -s | --sign) + shift + declare -r SIGN=yes + ;; + -v | --version) + shift + declare -r MY_VER=$1 + ;; *) usage >&2 exit -1 @@ -150,7 +154,7 @@ make_structure() { mkdir -p squashroot-$ARCH/home/live mkdir squashroot-$ARCH/target mkdir -p squashroot-$ARCH/media/live - mkdir -p squashroot-$ARCH/etc/runlevels/{sysinit,boot} + mkdir -p squashroot-$ARCH/etc/runlevels/{sysinit,boot,default,shutdown} echo 'adelie-live' > squashroot-$ARCH/etc/hostname echo 'mtab_is_file=no' > squashroot-$ARCH/etc/conf.d/mtab @@ -206,13 +210,9 @@ make_structure() { declare -r PACKAGES_DIR=squashroot-$ARCH/packages/$ARCH mkdir -p $PACKAGES_DIR apk --arch $ARCH --root squashroot-$ARCH fetch -o $PACKAGES_DIR $(apk --root squashroot-$ARCH info) - if test -n "${SIGNING_KEY+use_key}"; then - apk index -o .tmp.APKINDEX.unsigned.tar.gz $PACKAGES_DIR/*.apk - openssl dgst -sha256 -sign $SIGNING_KEY -out .SIGN.RSA.packages\@adelielinux.org.pub .tmp.APKINDEX.unsigned.tar.gz - tar cf .tmp.signature.tar .SIGN.RSA.packages\@adelielinux.org.pub - cat .tmp.signature.tar | abuild-tar --cut | gzip -9 > .tmp.signature.tar.gz - cat .tmp.signature.tar.gz .tmp.APKINDEX.unsigned.tar.gz > .tmp.APKINDEX.tar.gz - rm .tmp.APKINDEX.unsigned.tar.gz .tmp.signature.tar.gz .tmp.signature.tar .SIGN.RSA.packages\@adelielinux.org.pub + if test -n "${SIGN+doit}"; then + apk index --description "$VERSION/$ARCH Live CD" -o .tmp.APKINDEX.tar.gz $PACKAGES_DIR/*.apk + abuild-sign -q .tmp.APKINDEX.tar.gz mv .tmp.APKINDEX.tar.gz $PACKAGES_DIR/APKINDEX.tar.gz fi fi diff --git a/adelie-build-cd.8 b/adelie-build-cd.8 index 41b4be2..f174caf 100644 --- a/adelie-build-cd.8 +++ b/adelie-build-cd.8 @@ -13,6 +13,7 @@ .Op Fl a Ar ARCH .Op Fl f .Op Fl p Ar PHASE +.Op Fl s .Op Fl v Ar VERSION @@ -43,6 +44,16 @@ this flag is not specified, a live image will be created instead. Specifies the phase of image creation to make as specified in the .Sy Phases section. +.It Fl s +If you specify +.Fl f +and +.Fl s , +the created package index will be signed using the same key configured in +.Xr abuild.conf 5 . +This requires the +.Xr abuild 1 +suite of utilities to be available. .It Fl v Ar VERSION Specifies the version of Adélie Linux to use for the created ISO. .El @@ -93,11 +104,6 @@ ld-musl-powerpc.so.1), you may specify the name of the ld architecture as For architectures that have subarchitectures (such as x86 with i486 and i525), you may specify the extra mirror directory to use as .Ev EXTRA_MIRROR . -.It Ev Sy SIGNING_KEY -If you specify -.Fl f -you may sign the created package index by pointing to your private key in -.Ev SIGNING_KEY . .El |