summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Lamb <chris@chris-lamb.co.uk>2008-07-05 00:40:20 +0100
committerDaniel Baumann <daniel@debian.org>2011-03-09 19:03:36 +0100
commitbb528d9f195becdb3b7739171e99db9cfbebe916 (patch)
tree903a4b1badeaebcdcb0714608038ad140c915ac0
parentad5c5bc2c726983992c61f681e2394b38000cb18 (diff)
downloadvyos-live-build-bb528d9f195becdb3b7739171e99db9cfbebe916.tar.gz
vyos-live-build-bb528d9f195becdb3b7739171e99db9cfbebe916.zip
Use a temporary apt key when installing local packages (Closes: #488257)
This patch also allows preferring locally provided packages by preferencing repositories with the label 'local-packages' in chroot_apt/preferences.
-rwxr-xr-xhelpers/lh_chroot_sources78
1 files changed, 76 insertions, 2 deletions
diff --git a/helpers/lh_chroot_sources b/helpers/lh_chroot_sources
index 42b92eaf6..d0fc8168b 100755
--- a/helpers/lh_chroot_sources
+++ b/helpers/lh_chroot_sources
@@ -31,6 +31,8 @@ Set_defaults
# Requiring stage file
Require_stagefile .stage/bootstrap
+_LH_DUMMY_KEY_EMAIL="live-helper-local-key@dummy"
+
case "${1}" in
install)
Echo_message "Configuring file /etc/apt/sources.list"
@@ -105,9 +107,75 @@ case "${1}" in
# Installing depends
Install_package
- # Generate Packages.gz
+ # Generate Packages and Packages.gz
echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot sh
- gzip -9 chroot/root/local-packages/Packages
+ gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz
+
+ if [ "${LH_APT_SECURE}" = "enabled" ]
+ then
+ # Generate Release
+ echo "cd /root/local-packages && apt-ftparchive \
+ -o APT::FTPArchive::Release::Label=local-packages \
+ release . > Release" | Chroot sh
+
+ _LH_DOTGNUPG_EXISTED=0
+ if [ -d chroot/root/.gnupg ]
+ then
+ _LH_DOTGNUPG_EXISTED=1
+ fi
+
+ if ls cache/local-package-keyring.* >/dev/null 2>&1
+ then
+ cp cache/local-package-keyring.* chroot/root
+ else
+ # Generate temporary key
+ echo "Key-Type: RSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: live-helper local packages key
+ Name-Email: ${_LH_DUMMY_KEY_EMAIL}
+ Expire-Date: 0
+ %secring /root/local-package-keyring.sec
+ %pubring /root/local-package-keyring.pub
+ %commit" | Chroot "gpg --batch --gen-key" || _LH_RET=${?}
+
+ case "${_LH_RET}" in
+ ""|2)
+ # Gnupg sometimes seems to return with a status of 2 when there was not
+ # enough entropy (and key creation blocks temporarily) even if the
+ # operation was ultimately successful.
+ ;;
+ *)
+ Echo_error "GPG exited with error status ${_LH_RET}"
+ exit ${_LH_RET}
+ ;;
+ esac
+
+ # Save keyrings to avoid regeneration
+ cp chroot/root/local-package-keyring.* cache/
+ fi
+
+ # Sign release
+ Chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
+ --keyring /root/local-package-keyring.pub -abs -o \
+ /root/local-packages/Release.gpg /root/local-packages/Release"
+
+ # Import key
+ Chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
+ --keyring /root/local-package-keyring.pub --armor \
+ --export ${_LH_DUMMY_KEY_EMAIL}" | Chroot "apt-key add -"
+
+ # Remove temporary keyrings
+ rm chroot/root/local-package-keyring.pub
+ rm chroot/root/local-package-keyring.sec
+
+ # Remove /root/.gnupg if we created it during the signing process
+ if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ]
+ then
+ rm -rf chroot/root/.gnupg
+ fi
+ fi
# Add to sources.list
echo "" >> chroot/etc/apt/sources.list
@@ -317,6 +385,12 @@ case "${1}" in
# Remove local package repository
rm -rf chroot/root/local-packages
+ # Remove local packages key if it exists
+ if apt-key list | grep -q ${_LH_DUMMY_KEY_EMAIL}
+ then
+ apt-key del ${_LH_DUMMY_KEY_EMAIL}
+ fi
+
# Removing stage file
rm -f .stage/chroot_sources
;;