blob: a02f5776ff5dcc5d7c891357496d12f060a241a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/bin/sh
## live-build(7) - System Build Scripts
## Copyright (C) 2006-2013 Daniel Baumann <daniel@debian.org>
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.
set -e
# Including common functions
[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'bootstrap non-Debian archive-signing-keys')"
HELP=""
USAGE="${PROGRAM} [--force]"
Arguments "${@}"
# Reading configuration files
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
Set_defaults
# TODO: allow verification against user-specified keyring
# For now, we'll only validate against debian-keyring
# TODO2: use chrooted validation rather than host system based one
case "${LB_MODE}" in
progress-linux)
case "${LB_DISTRIBUTION}" in
artax)
_KEYS="1.0-artax"
;;
artax-backports)
_KEYS="1.0-artax 1.9-artax-backports"
;;
baureo)
_KEYS="2.0-baureo"
;;
baureo-backports)
_KEYS="2.0-baureo 2.9-baureo-backports"
;;
chairon)
_KEYS="3.0-chairon"
;;
chairon-backports)
_KEYS="3.0-chairon 3.9-chairon-backports"
;;
esac
_URL="${LB_MIRROR_CHROOT}/project/keys"
;;
esac
for _KEY in ${_KEYS}
do
Echo_message "Fetching archive-key ${_KEY}..."
wget -q "${_URL}/archive-key-${_KEY}.asc" -O chroot/key.asc
wget -q "${_URL}/archive-key-${_KEY}.asc.sig" -O chroot/key.asc.sig
if [ -e /usr/bin/gpgv ]
then
if [ -e /usr/share/keyrings/debian-keyring.gpg ] || [ -e /usr/share/keyrings/debian-maintainers.gpg ]
then
_KEY_VALID=""
for _KEYRING in /usr/share/keyrings/debian-keyring.gpg /usr/share/keyrings/debian-maintainers.gpg
do
if [ -e "${_KEYRING}" ]
then
Echo_message "Verifying archive-key ${_KEY} against $(basename ${_KEYRING} .gpg | sed -e 's|-keyring||') keyring..."
set +e
/usr/bin/gpgv --quiet --keyring ${_KEYRING} chroot/key.asc.sig chroot/key.asc > /dev/null 2>&1 && _KEY_VALID="true" && break
set -e
fi
done
case "${_KEY_VALID}" in
true)
Echo_message "Verifying ${_KEY} signature successful."
;;
*)
Echo_error "Verifying ${_KEY} signature failed."
return 1
;;
esac
else
Echo_warning "Skipping archive-key ${_KEY} verification, debian-keyring not available..."
fi
else
Echo_warning "Skipping archive-key ${_KEY} verification, gpgv not available..."
fi
Echo_message "Importing archive-key ${_KEY}..."
Chroot chroot "apt-key add key.asc"
rm -f chroot/key.asc chroot/key.asc.sig
done
Chroot chroot "apt-get update"
# Creating stage file
Create_stagefile .build/bootstrap_archive-keys
|