Add a configure option for OVF signing key.

2 files changed, 13 insertions, 8 deletions

diff --git a/scripts/build-config b/scripts/build-config
index d35bc66e..617166c3 100755
--- a/scripts/build-config
+++ b/scripts/build-config
@@ -71,7 +71,8 @@ options = {
    'pbuilder-debian-mirror': ('Debian repository mirror for pbuilder env bootstrap', lambda: build_defaults['debian_mirror'], None),
    'vyos-mirror': ('VyOS package mirror', lambda: build_defaults["vyos_mirror"], None),
    'build-type': ('Build type, release or development', lambda: 'development', lambda x: x in ['release', 'development']),
-   'version': ('Version number (release builds only)', None, None)
+   'version': ('Version number (release builds only)', None, None),
+   'ova-signing-key': ('Private key file for OVA signing', None, lambda f: os.path.exists(f))
 }
 
 # Create the option parser
diff --git a/scripts/build-vmware-image b/scripts/build-vmware-image
index 5ad6615a..2ce276e3 100755
--- a/scripts/build-vmware-image
+++ b/scripts/build-vmware-image
@@ -30,6 +30,15 @@ else
    echo "Your system has ovftool."
 fi
 
+private_key=$(../scripts/query-json build-config.json ova_signing_key)
+if [ ! -f $private_key ]; then
+   echo "OVA signing key $private_key not found!"
+   echo "Please generate a key and run ./configure --ova-signing-key <absolute path to the key> ..."
+   exit 1
+fi
+
+exit 1
+
 lb bootstrap
 
 lb chroot
@@ -196,15 +205,10 @@ openssl sha1 *.vmdk *.ovf > vyos_vmware_image.mf
 
 # Convert the OVF to signed OVA...
 echo 'Converting the OVF to signed OVA...'
-private_key=${PRIVATE_KEY_PATH:-"../../key/privatekey.pem"}
-if [ ! -f ${private_key} ]; then
-  echo 'Please put your key to "key/privatekey.pem" in repository root, or set PRIVATE_KEY_PATH to environment variables.'
-  exit 1
-fi
-ovftool --privateKey=${PRIVATE_KEY_PATH} vyos_vmware_image.ovf vyos_vmware_image-signed.ova
+ovftool --privateKey=$private_key vyos_vmware_image.ovf vyos_vmware_image-signed.ova
 #ovftool vyos_vmware_image.ovf vyos_vmware_image-signed.ova
 
 # Convert the OVF to signed OVF...
 echo 'Converting the OVF to signed OVF...'
-ovftool --privateKey=${PRIVATE_KEY_PATH} vyos_vmware_image.ovf vyos_vmware_image-signed.ovf
+ovftool --privateKey=$private_key vyos_vmware_image.ovf vyos_vmware_image-signed.ovf
 #ovftool vyos_vmware_image.ovf vyos_vmware_image-signed.ovf