summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorDaniel Baumann <mail@daniel-baumann.ch>2013-11-04 13:34:43 +0100
committerDaniel Baumann <mail@daniel-baumann.ch>2013-11-04 13:34:43 +0100
commit83dacd9b39fdfd3053fcbc2c80fc3151525ed42d (patch)
treeb92a200d463973b8acf96d27ba078e04762a6059 /scripts
parent35919637afca7890c183930418f1d0580361f5dc (diff)
downloadvyos-live-build-83dacd9b39fdfd3053fcbc2c80fc3151525ed42d.tar.gz
vyos-live-build-83dacd9b39fdfd3053fcbc2c80fc3151525ed42d.zip
Stuffing bootstrapping of archive-keys for derivatives into lb_config, it's not a runtime thing and its logic should not be embedded in live-build but the config directory.
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/build/bootstrap1
-rwxr-xr-xscripts/build/bootstrap_archive-keys115
-rwxr-xr-xscripts/build/config86
3 files changed, 86 insertions, 116 deletions
diff --git a/scripts/build/bootstrap b/scripts/build/bootstrap
index 5c7080fb8..b50cd49b0 100755
--- a/scripts/build/bootstrap
+++ b/scripts/build/bootstrap
@@ -53,7 +53,6 @@ lb chroot_resolv install ${@}
lb chroot_hostname install ${@}
lb chroot_apt install ${@}
-lb bootstrap_archive-keys ${@}
lb bootstrap_archives binary ${@}
lb bootstrap_hooks ${@}
diff --git a/scripts/build/bootstrap_archive-keys b/scripts/build/bootstrap_archive-keys
deleted file mode 100755
index 842f4bf47..000000000
--- a/scripts/build/bootstrap_archive-keys
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/bin/sh
-
-## live-build(7) - System Build Scripts
-## Copyright (C) 2006-2013 Daniel Baumann <mail@daniel-baumann.ch>
-##
-## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
-## This is free software, and you are welcome to redistribute it
-## under certain conditions; see COPYING for details.
-
-
-set -e
-
-# Including common functions
-[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh
-
-# Setting static variables
-DESCRIPTION="$(Echo 'bootstrap non-Debian archive-signing-keys')"
-HELP=""
-USAGE="${PROGRAM} [--force]"
-
-Arguments "${@}"
-
-# Reading configuration files
-Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
-Set_defaults
-
-# TODO: allow verification against user-specified keyring
-# For now, we'll only validate against debian-keyring
-
-# TODO2: use chrooted validation rather than host system based one
-
-case "${LB_MODE}" in
- progress-linux)
- case "${LB_DISTRIBUTION}" in
- artax)
- _KEYS="1-artax"
- ;;
-
- artax-backports)
- _KEYS="1-artax 1+-artax-backports"
- ;;
-
- baureo)
- _KEYS="2-baureo"
- ;;
-
- baureo-backports)
- _KEYS="2-baureo 2+-baureo-backports"
- ;;
-
- chairon)
- _KEYS="3-chairon"
- ;;
-
- chairon-backports)
- _KEYS="3-chairon 3+-chairon-backports"
- ;;
- esac
-
- _URL="${LB_MIRROR_CHROOT}/project/keys"
- ;;
-esac
-
-for _KEY in ${_KEYS}
-do
- Echo_message "Fetching archive-key ${_KEY}..."
-
- wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc" -O chroot/key.asc
- wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc.sig" -O chroot/key.asc.sig
-
- if [ -e /usr/bin/gpgv ]
- then
- if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ]
- then
- _KEY_VALID=""
-
- for _KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg
- do
- if [ -e "${_KEYRING}" ]
- then
- Echo_message "Verifying archive-key ${_KEY} against $(basename ${_KEYRING} .gpg | sed -e 's|-keyring||') keyring..."
-
- set +e
- /usr/bin/gpgv --quiet --keyring ${_KEYRING} chroot/key.asc.sig chroot/key.asc > /dev/null 2>&1 && _KEY_VALID="true" && break
- set -e
- fi
- done
-
- case "${_KEY_VALID}" in
- true)
- Echo_message "Verifying ${_KEY} signature successful."
- ;;
-
- *)
- Echo_error "Verifying ${_KEY} signature failed."
- return 1
- ;;
- esac
- else
- Echo_warning "Skipping archive-key ${_KEY} verification, debian-keyring not available..."
- fi
- else
- Echo_warning "Skipping archive-key ${_KEY} verification, gpgv not available..."
- fi
-
- Echo_message "Importing archive-key ${_KEY}..."
-
- Chroot chroot "apt-key add key.asc"
- rm -f chroot/key.asc chroot/key.asc.sig
-done
-
-Chroot chroot "apt-get update"
-
-# Creating stage file
-Create_stagefile .build/bootstrap_archive-keys
diff --git a/scripts/build/config b/scripts/build/config
index 5f8012edb..080d2db25 100755
--- a/scripts/build/config
+++ b/scripts/build/config
@@ -1357,6 +1357,8 @@ then
Echo_warning "Make sure you are using the newest version at all times."
fi
+Echo_message "Symlinking hooks..."
+
for _HOOK in "${LIVE_BUILD}"/share/hooks/*.hook* /usr/share/live/build/hooks/*.hook*
do
if [ -e "${_HOOK}" ] && [ ! -e "config/hooks/$(basename ${_HOOK})" ]
@@ -1393,5 +1395,89 @@ Name: ${LIVE_IMAGE_NAME}
Type: ${LIVE_IMAGE_TYPE}
EOF
+# TODO: allow verification against user-specified keyring
+# For now, we'll only validate against debian-keyring
+
+# TODO2: use chrooted validation rather than host system based one
+
+case "${LB_MODE}" in
+ progress-linux)
+ case "${LB_DISTRIBUTION}" in
+ artax)
+ _KEYS="1-artax"
+ ;;
+
+ artax-backports)
+ _KEYS="1-artax 1+-artax-backports"
+ ;;
+
+ baureo)
+ _KEYS="2-baureo"
+ ;;
+
+ baureo-backports)
+ _KEYS="2-baureo 2+-baureo-backports"
+ ;;
+
+ chairon)
+ _KEYS="3-chairon"
+ ;;
+
+ chairon-backports)
+ _KEYS="3-chairon 3+-chairon-backports"
+ ;;
+ esac
+
+ _URL="${LB_MIRROR_CHROOT}/project/keys"
+ ;;
+
+ *)
+ _KEYS=""
+ ;;
+esac
+
+for _KEY in ${_KEYS}
+do
+ Echo_message "Fetching archive-key ${_KEY}..."
+
+ wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc" -O config/archives/${LB_MODE}.bootstrap.key
+ wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc.sig" -O config/archives/${LB_MODE}.bootstrap.key.sig
+
+ if [ -e /usr/bin/gpgv ]
+ then
+ if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ]
+ then
+ _KEY_VALID=""
+
+ for _KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg
+ do
+ if [ -e "${_KEYRING}" ]
+ then
+ Echo_message "Verifying archive-key ${_KEY} against $(basename ${_KEYRING} .gpg | sed -e 's|-keyring||') keyring..."
+
+ set +e
+ /usr/bin/gpgv --quiet --keyring ${_KEYRING} config/archives/${LB_MODE}.key.sig config/archives/${LB_MODE}.key > /dev/null 2>&1 && _KEY_VALID="true" && break
+ set -e
+ fi
+ done
+
+ case "${_KEY_VALID}" in
+ true)
+ Echo_message "Verifying ${_KEY} signature successful."
+ ;;
+
+ *)
+ Echo_error "Verifying ${_KEY} signature failed."
+ return 1
+ ;;
+ esac
+ else
+ Echo_warning "Skipping archive-key ${_KEY} verification, debian-keyring not available..."
+ fi
+ else
+ Echo_warning "Skipping archive-key ${_KEY} verification, gpgv not available..."
+ fi
+done
+
# Creating stage file
Create_stagefile .build/config