tools/archiso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Optionally sign the squashfs files with gpg and add the gpg key to the initramfs

Browse source 
A new option -g <keyid> is added to build.sh set the key id. If it is set, the squashfs files will be signed
by gpg and the gpg key will be added to archiso.img. In order to use this option, a gpg agent must be running.
Since build.sh is executed as root, it may be necessary to set the GNUPGHOME environment variable, for
example

$ su -c "GNUPGHOME=/home/youruser/.gnupg /path/to/build.sh -g yourkeyid"
This commit is contained in:
Thomas Bächler 2016-02-13 10:08:38 +01:00 committed by Gerardo Exequiel Pozzi
parent b644d3e923
commit e36e63b8f1
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
configs/releng/build.sh
View file

@ -79,7 +79,15 @@ make_setup_mkinitcpio() {
cp /usr/lib/initcpio/install/archiso_kms ${work_dir}/${arch}/airootfs/etc/initcpio/install
cp /usr/lib/initcpio/archiso_shutdown ${work_dir}/${arch}/airootfs/etc/initcpio
cp ${script_path}/mkinitcpio.conf ${work_dir}/${arch}/airootfs/etc/mkinitcpio-archiso.conf
setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${work_dir}/pacman.conf" -D "${install_dir}" -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run
gnupg_fd=
if [[ ${gpg_key} ]]; then
gpg --export ${gpg_key} >${work_dir}/gpgkey
exec 17<>${work_dir}/gpgkey
fi
ARCHISO_GNUPG_FD=${gpg_key:+17} setarch ${arch} mkarchiso ${verbose} -w "${work_dir}/${arch}" -C "${work_dir}/pacman.conf" -D "${install_dir}" -r 'mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img' run
if [[ ${gpg_key} ]]; then
exec 17<&-
fi
}
# Customize installation (airootfs)
@ -197,7 +205,7 @@ make_efiboot() {
make_prepare() {
cp -a -l -f ${work_dir}/${arch}/airootfs ${work_dir}
setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" pkglist
setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" prepare
setarch ${arch} mkarchiso ${verbose} -w "${work_dir}" -D "${install_dir}" ${gpg_key:+-g ${gpg_key}} prepare
rm -rf ${work_dir}/airootfs
# rm -rf ${work_dir}/${arch}/airootfs (if low space, this helps)
}
@ -217,7 +225,7 @@ if [[ ${arch} != x86_64 ]]; then
_usage 1
fi
while getopts 'N:V:L:D:w:o:vh' arg; do
while getopts 'N:V:L:D:w:o:g:vh' arg; do
case "${arg}" in
N) iso_name="${OPTARG}" ;;
V) iso_version="${OPTARG}" ;;
@ -225,6 +233,7 @@ while getopts 'N:V:L:D:w:o:vh' arg; do
D) install_dir="${OPTARG}" ;;
w) work_dir="${OPTARG}" ;;
o) out_dir="${OPTARG}" ;;
g) gpg_key="${OPTARG}" ;;
v) verbose="-v" ;;
h) _usage 0 ;;
*)