diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2019-02-02 10:00:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2019-02-02 10:00:00 +0000 |
commit | 32322960234c8ec91e0d42835a3ec5ee63305070 (patch) | |
tree | 71d79574de0193778ad6cc6c96dfd4f74fa6bbbb /system-build/scripts/build/bootstrap_archive-keys | |
parent | Initial commit. (diff) | |
download | open-infrastructure-system-tools-32322960234c8ec91e0d42835a3ec5ee63305070.tar.xz open-infrastructure-system-tools-32322960234c8ec91e0d42835a3ec5ee63305070.zip |
Adding upstream version 20190202.upstream/20190202
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'system-build/scripts/build/bootstrap_archive-keys')
-rwxr-xr-x | system-build/scripts/build/bootstrap_archive-keys | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/system-build/scripts/build/bootstrap_archive-keys b/system-build/scripts/build/bootstrap_archive-keys new file mode 100755 index 0000000..3f4fd45 --- /dev/null +++ b/system-build/scripts/build/bootstrap_archive-keys @@ -0,0 +1,77 @@ +#!/bin/sh + +## live-build(7) - System Build Scripts +## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch> +## +## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +## This is free software, and you are welcome to redistribute it +## under certain conditions; see COPYING for details. + + +set -e + +# Including common functions +[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh + +# Setting static variables +DESCRIPTION="$(Echo 'bootstrap non-Debian archive-signing-keys')" +HELP="" +USAGE="${PROGRAM} [--force]" + +Arguments "${@}" + +# Reading configuration files +Read_conffiles config/all config/common config/bootstrap config/system config/binary config/source +Set_defaults + +# TODO: allow verification against user-specified keyring +# For now, we'll only validate against debian-keyring + +# TODO2: use chrooted validation rather than host system based one + +case "${LB_MODE}" in + progress-linux) + case "${LB_DISTRIBUTION}" in + artax*) + _KEYS="artax artax-backports" + ;; + + baureo*) + _KEYS="baureo baureo-backports" + ;; + + cairon*) + _KEYS="cairon cairon-backports" + ;; + esac + + _URL="${LB_MIRROR_CHROOT}/project/pgp" + ;; +esac + +for _KEY in ${_KEYS} +do + Echo_message "Fetching archive-key ${_KEY}..." + + wget -q "${_URL}/archive-key-${_KEY}.asc" -O chroot/key.asc + wget -q "${_URL}/archive-key-${_KEY}.asc.sig" -O chroot/key.asc.sig + + if [ -e /usr/bin/gpgv ] && [ -e /usr/share/keyrings/debian-keyring.gpg ] + then + Echo_message "Verifying archive-key ${_KEY} against debian-keyring..." + + /usr/bin/gpgv --quiet --keyring /usr/share/keyrings/debian-keyring.gpg chroot/key.asc.sig chroot/key.asc > /dev/null 2>&1 || { Echo_error "archive-key ${_KEY} has invalid signature."; return 1;} + else + Echo_warning "Skipping archive-key ${_KEY} verification, either gpgv or debian-keyring not available on host system..." + fi + + Echo_message "Importing archive-key ${_KEY}..." + + Chroot chroot "apt-key add key.asc" + rm -f chroot/key.asc chroot/key.asc.sig +done + +Chroot chroot "apt-get update" + +# Creating stage file +Create_stagefile .build/bootstrap_archive-keys |