summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2013-04-10 14:00:09 +0200
committerDaniel Baumann <mail@daniel-baumann.ch>2013-05-06 14:50:08 +0200
commit02ebd3f0c244c2cb7f297869901136e0a2984b3e (patch)
tree2f86c664c533e3abf612b90b65af5dd64d35d3b2 /scripts
parentac29b324706801ae689d5d5256b85c9594a9c762 (diff)
downloadvyos-live-build-02ebd3f0c244c2cb7f297869901136e0a2984b3e.tar.gz
vyos-live-build-02ebd3f0c244c2cb7f297869901136e0a2984b3e.zip
Updating derivatives archive-key signature validiation to look by default at both debian and debian-maintainers keyrings.
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/build/bootstrap_archive-keys60
1 files changed, 49 insertions, 11 deletions
diff --git a/scripts/build/bootstrap_archive-keys b/scripts/build/bootstrap_archive-keys
index 4f02f5365..2b4cb403b 100755
--- a/scripts/build/bootstrap_archive-keys
+++ b/scripts/build/bootstrap_archive-keys
@@ -32,16 +32,28 @@ Set_defaults
case "${LB_MODE}" in
progress-linux)
case "${LB_DISTRIBUTION}" in
- artax*)
- _KEYS="1.0-artax 1.0-artax-packages"
+ artax)
+ _KEYS="1.0-artax"
;;
- baureo*)
- _KEYS="2.0-baureo 2.0-baureo-packages"
+ artax-backports)
+ _KEYS="1.0-artax 1.9-artax-backports"
;;
- chairon*)
- _KEYS="3.0-chairon 3.0-chairon-packages"
+ baureo)
+ _KEYS="2.0-baureo"
+ ;;
+
+ baureo-backports)
+ _KEYS="2.0-baureo 2.9-baureo-backports"
+ ;;
+
+ chairon)
+ _KEYS="3.0-chairon"
+ ;;
+
+ chairon-backports)
+ _KEYS="3.0-chairon 3.9-chairon-backports"
;;
esac
@@ -56,13 +68,39 @@ do
wget -q "${_URL}/archive-key-${_KEY}.asc" -O chroot/key.asc
wget -q "${_URL}/archive-key-${_KEY}.asc.sig" -O chroot/key.asc.sig
- if [ -e /usr/bin/gpgv ] && [ -e /usr/share/keyrings/debian-keyring.gpg ]
+ if [ -e /usr/bin/gpgv ]
then
- Echo_message "Verifying archive-key ${_KEY} against debian-keyring..."
-
- /usr/bin/gpgv --quiet --keyring /usr/share/keyrings/debian-keyring.gpg chroot/key.asc.sig chroot/key.asc > /dev/null 2>&1 || { Echo_error "archive-key ${_KEY} has invalid signature."; return 1;}
+ if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ]
+ then
+ _KEY_VALID=""
+
+ for _KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg
+ do
+ if [ -e "${_KEYRING}" ]
+ then
+ Echo_message "Verifying archive-key ${_KEY} against $(basename ${_KEYRING} .gpg | sed -e 's|-keyring||') keyring..."
+
+ set +e
+ /usr/bin/gpgv --quiet --keyring ${_KEYRING} chroot/key.asc.sig chroot/key.asc > /dev/null 2>&1 && _KEY_VALID="true" && break
+ set -e
+ fi
+ done
+
+ case "${_KEY_VALID}" in
+ true)
+ Echo_message "Verifying ${_KEY} signature successful."
+ ;;
+
+ *)
+ Echo_error "Verifying ${_KEY} signature failed."
+ return 1
+ ;;
+ esac
+ else
+ Echo_warning "Skipping archive-key ${_KEY} verification, debian-keyring not available..."
+ fi
else
- Echo_warning "Skipping archive-key ${_KEY} verification, either gpgv or debian-keyring not available on host system..."
+ Echo_warning "Skipping archive-key ${_KEY} verification, gpgv not available..."
fi
Echo_message "Importing archive-key ${_KEY}..."