diff options
| author | Thomas Bächler <thomas@archlinux.org> | 2016-02-13 10:08:38 +0100 |
|---|---|---|
| committer | Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> | 2016-02-28 17:09:08 -0300 |
| commit | e36e63b8f1b3d7324e7e3706fd11fdff4ec24358 (patch) | |
| tree | 65990ed00176a1d00b50ed20586bea8671978d9f | |
| parent | b644d3e92396e50e54fd66a634e183338f39bea8 (diff) | |
| download | archiso32-e36e63b8f1b3d7324e7e3706fd11fdff4ec24358.tar.xz | |
Optionally sign the squashfs files with gpg and add the gpg key to the initramfs
A new option -g <keyid> is added to build.sh set the key id. If it is set, the squashfs files will be signed
by gpg and the gpg key will be added to archiso.img. In order to use this option, a gpg agent must be running.
Since build.sh is executed as root, it may be necessary to set the GNUPGHOME environment variable, for
example
$ su -c "GNUPGHOME=/home/youruser/.gnupg /path/to/build.sh -g yourkeyid"
| -rwxr-xr-x | configs/releng/build.sh | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index b0306cc..ad2f994 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -79,7 +79,15 @@ make_setup_mkinitcpio() { cp /usr/lib/initcpio/install/archiso_kms ${work_dir}/${arch}/airootfs/etc/initcpio/install cp /usr/lib/initcpio/archiso_shutdown ${work_dir}/${arch}/airootfs/etc/initcpio cp ${script_path}/mkinitcpio.conf ${work_dir}/${arch}/airootfs/etc/mkinitcpio-archiso.conf - setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${work_dir}/pacman.conf" -D "${install_dir}" -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run + gnupg_fd= + if [[ ${gpg_key} ]]; then + gpg --export ${gpg_key} >${work_dir}/gpgkey + exec 17<>${work_dir}/gpgkey + fi + ARCHISO_GNUPG_FD=${gpg_key:+17} setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${work_dir}/pacman.conf" -D "${install_dir}" -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run + if [[ ${gpg_key} ]]; then + exec 17<&- + fi } # Customize installation (airootfs) @@ -197,7 +205,7 @@ make_efiboot() { make_prepare() { cp -a -l -f ${work_dir}/${arch}/airootfs ${work_dir} setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" pkglist - setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" prepare + setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" ${gpg_key:+-g ${gpg_key}} prepare rm -rf ${work_dir}/airootfs # rm -rf ${work_dir}/${arch}/airootfs (if low space, this helps) } @@ -217,7 +225,7 @@ if [[ ${arch} != x86_64 ]]; then _usage 1 fi -while getopts 'N:V:L:D:w:o:vh' arg; do +while getopts 'N:V:L:D:w:o:g:vh' arg; do case "${arg}" in N) iso_name="${OPTARG}" ;; V) iso_version="${OPTARG}" ;; @@ -225,6 +233,7 @@ while getopts 'N:V:L:D:w:o:vh' arg; do D) install_dir="${OPTARG}" ;; w) work_dir="${OPTARG}" ;; o) out_dir="${OPTARG}" ;; + g) gpg_key="${OPTARG}" ;; v) verbose="-v" ;; h) _usage 0 ;; *) |