diff options
| author | Daniel Baumann <mail@daniel-baumann.ch> | 2013-11-05 12:32:59 +0100 |
|---|---|---|
| committer | Daniel Baumann <mail@daniel-baumann.ch> | 2013-11-06 08:16:31 +0100 |
| commit | 038b1fa8f627bb83c060f17db3e100b541de8df7 (patch) | |
| tree | 142186cad476d8caa8733965c6d4f53690075175 /scripts | |
| parent | 9f37451f92ae0b32561f028844fa0cf051375576 (diff) | |
| download | vyos-live-build-038b1fa8f627bb83c060f17db3e100b541de8df7.tar.gz vyos-live-build-038b1fa8f627bb83c060f17db3e100b541de8df7.zip | |
Moving bootstrapping of derivative archive-keys from config to init.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/build/config | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/scripts/build/config b/scripts/build/config index 7610d5e83..822e265b0 100755 --- a/scripts/build/config +++ b/scripts/build/config @@ -1378,89 +1378,5 @@ Name: ${LIVE_IMAGE_NAME} Type: ${LIVE_IMAGE_TYPE} EOF -# TODO: allow verification against user-specified keyring -# For now, we'll only validate against debian-keyring - -# TODO2: use chrooted validation rather than host system based one - -case "${LB_MODE}" in - progress-linux) - case "${LB_DISTRIBUTION}" in - artax) - _KEYS="1-artax" - ;; - - artax-backports) - _KEYS="1-artax 1+-artax-backports" - ;; - - baureo) - _KEYS="2-baureo" - ;; - - baureo-backports) - _KEYS="2-baureo 2+-baureo-backports" - ;; - - chairon) - _KEYS="3-chairon" - ;; - - chairon-backports) - _KEYS="3-chairon 3+-chairon-backports" - ;; - esac - - _URL="${LB_MIRROR_CHROOT}/project/keys" - ;; - - *) - _KEYS="" - ;; -esac - -for _KEY in ${_KEYS} -do - Echo_message "Fetching archive-key ${_KEY}..." - - wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc" -O config/archives/${LB_MODE}.bootstrap.key - wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc.sig" -O config/archives/${LB_MODE}.bootstrap.key.sig - - if [ -e /usr/bin/gpgv ] - then - if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ] - then - _KEY_VALID="" - - for _KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg - do - if [ -e "${_KEYRING}" ] - then - Echo_message "Verifying archive-key ${_KEY} against $(basename ${_KEYRING} .gpg | sed -e 's|-keyring||') keyring..." - - set +e - /usr/bin/gpgv --quiet --keyring ${_KEYRING} config/archives/${LB_MODE}.key.sig config/archives/${LB_MODE}.key > /dev/null 2>&1 && _KEY_VALID="true" && break - set -e - fi - done - - case "${_KEY_VALID}" in - true) - Echo_message "Verifying ${_KEY} signature successful." - ;; - - *) - Echo_error "Verifying ${_KEY} signature failed." - return 1 - ;; - esac - else - Echo_warning "Skipping archive-key ${_KEY} verification, debian-keyring not available..." - fi - else - Echo_warning "Skipping archive-key ${_KEY} verification, gpgv not available..." - fi -done - # Creating stage file Create_stagefile .build/config |