From 038b1fa8f627bb83c060f17db3e100b541de8df7 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 5 Nov 2013 12:32:59 +0100 Subject: Moving bootstrapping of derivative archive-keys from config to init. --- scripts/build/config | 84 ---------------------------------------------------- 1 file changed, 84 deletions(-) (limited to 'scripts/build/config') diff --git a/scripts/build/config b/scripts/build/config index 7610d5e83..822e265b0 100755 --- a/scripts/build/config +++ b/scripts/build/config @@ -1378,89 +1378,5 @@ Name: ${LIVE_IMAGE_NAME} Type: ${LIVE_IMAGE_TYPE} EOF -# TODO: allow verification against user-specified keyring -# For now, we'll only validate against debian-keyring - -# TODO2: use chrooted validation rather than host system based one - -case "${LB_MODE}" in - progress-linux) - case "${LB_DISTRIBUTION}" in - artax) - _KEYS="1-artax" - ;; - - artax-backports) - _KEYS="1-artax 1+-artax-backports" - ;; - - baureo) - _KEYS="2-baureo" - ;; - - baureo-backports) - _KEYS="2-baureo 2+-baureo-backports" - ;; - - chairon) - _KEYS="3-chairon" - ;; - - chairon-backports) - _KEYS="3-chairon 3+-chairon-backports" - ;; - esac - - _URL="${LB_MIRROR_CHROOT}/project/keys" - ;; - - *) - _KEYS="" - ;; -esac - -for _KEY in ${_KEYS} -do - Echo_message "Fetching archive-key ${_KEY}..." - - wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc" -O config/archives/${LB_MODE}.bootstrap.key - wget ${WGET_OPTIONS} "${_URL}/archive-key-${_KEY}.asc.sig" -O config/archives/${LB_MODE}.bootstrap.key.sig - - if [ -e /usr/bin/gpgv ] - then - if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ] - then - _KEY_VALID="" - - for _KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg - do - if [ -e "${_KEYRING}" ] - then - Echo_message "Verifying archive-key ${_KEY} against $(basename ${_KEYRING} .gpg | sed -e 's|-keyring||') keyring..." - - set +e - /usr/bin/gpgv --quiet --keyring ${_KEYRING} config/archives/${LB_MODE}.key.sig config/archives/${LB_MODE}.key > /dev/null 2>&1 && _KEY_VALID="true" && break - set -e - fi - done - - case "${_KEY_VALID}" in - true) - Echo_message "Verifying ${_KEY} signature successful." - ;; - - *) - Echo_error "Verifying ${_KEY} signature failed." - return 1 - ;; - esac - else - Echo_warning "Skipping archive-key ${_KEY} verification, debian-keyring not available..." - fi - else - Echo_warning "Skipping archive-key ${_KEY} verification, gpgv not available..." - fi -done - # Creating stage file Create_stagefile .build/config -- cgit v1.2.3