From c3cdea15d949ed9e3612807947164fcad72e70ae Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Fri, 9 Mar 2018 22:11:06 -0600 Subject: adelie-build-cd: change the way signing on-disc indexes works Now we just use abuild-sign like normal people instead of reinventing the wheel. This will help when the index signature type changes in the future. --- adelie-build-cd | 40 ++++++++++++++++++++-------------------- adelie-build-cd.8 | 16 +++++++++++----- 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/adelie-build-cd b/adelie-build-cd index d939db7..1690c65 100755 --- a/adelie-build-cd +++ b/adelie-build-cd @@ -76,18 +76,22 @@ while [ -n "$1" ]; do usage exit ;; - -f | --full) - shift - declare -r DO_FULL=full - ;; - -p | --phase) - shift - declare -r MY_PHASE=$1 - ;; - -v | --version) - shift - declare -r MY_VER=$1 - ;; + -f | --full) + shift + declare -r DO_FULL=full + ;; + -p | --phase) + shift + declare -r MY_PHASE=$1 + ;; + -s | --sign) + shift + declare -r SIGN=yes + ;; + -v | --version) + shift + declare -r MY_VER=$1 + ;; *) usage >&2 exit -1 @@ -150,7 +154,7 @@ make_structure() { mkdir -p squashroot-$ARCH/home/live mkdir squashroot-$ARCH/target mkdir -p squashroot-$ARCH/media/live - mkdir -p squashroot-$ARCH/etc/runlevels/{sysinit,boot} + mkdir -p squashroot-$ARCH/etc/runlevels/{sysinit,boot,default,shutdown} echo 'adelie-live' > squashroot-$ARCH/etc/hostname echo 'mtab_is_file=no' > squashroot-$ARCH/etc/conf.d/mtab @@ -206,13 +210,9 @@ make_structure() { declare -r PACKAGES_DIR=squashroot-$ARCH/packages/$ARCH mkdir -p $PACKAGES_DIR apk --arch $ARCH --root squashroot-$ARCH fetch -o $PACKAGES_DIR $(apk --root squashroot-$ARCH info) - if test -n "${SIGNING_KEY+use_key}"; then - apk index -o .tmp.APKINDEX.unsigned.tar.gz $PACKAGES_DIR/*.apk - openssl dgst -sha256 -sign $SIGNING_KEY -out .SIGN.RSA.packages\@adelielinux.org.pub .tmp.APKINDEX.unsigned.tar.gz - tar cf .tmp.signature.tar .SIGN.RSA.packages\@adelielinux.org.pub - cat .tmp.signature.tar | abuild-tar --cut | gzip -9 > .tmp.signature.tar.gz - cat .tmp.signature.tar.gz .tmp.APKINDEX.unsigned.tar.gz > .tmp.APKINDEX.tar.gz - rm .tmp.APKINDEX.unsigned.tar.gz .tmp.signature.tar.gz .tmp.signature.tar .SIGN.RSA.packages\@adelielinux.org.pub + if test -n "${SIGN+doit}"; then + apk index --description "$VERSION/$ARCH Live CD" -o .tmp.APKINDEX.tar.gz $PACKAGES_DIR/*.apk + abuild-sign -q .tmp.APKINDEX.tar.gz mv .tmp.APKINDEX.tar.gz $PACKAGES_DIR/APKINDEX.tar.gz fi fi diff --git a/adelie-build-cd.8 b/adelie-build-cd.8 index 41b4be2..f174caf 100644 --- a/adelie-build-cd.8 +++ b/adelie-build-cd.8 @@ -13,6 +13,7 @@ .Op Fl a Ar ARCH .Op Fl f .Op Fl p Ar PHASE +.Op Fl s .Op Fl v Ar VERSION @@ -43,6 +44,16 @@ this flag is not specified, a live image will be created instead. Specifies the phase of image creation to make as specified in the .Sy Phases section. +.It Fl s +If you specify +.Fl f +and +.Fl s , +the created package index will be signed using the same key configured in +.Xr abuild.conf 5 . +This requires the +.Xr abuild 1 +suite of utilities to be available. .It Fl v Ar VERSION Specifies the version of Adélie Linux to use for the created ISO. .El @@ -93,11 +104,6 @@ ld-musl-powerpc.so.1), you may specify the name of the ld architecture as For architectures that have subarchitectures (such as x86 with i486 and i525), you may specify the extra mirror directory to use as .Ev EXTRA_MIRROR . -.It Ev Sy SIGNING_KEY -If you specify -.Fl f -you may sign the created package index by pointing to your private key in -.Ev SIGNING_KEY . .El -- cgit v1.2.3-70-g09d2