Browse Source

build: allow signing keys to exist in CONFIGDIR

tags/16.1.19
Franco Fichtner 4 years ago
parent
commit
6c00be225f
3 changed files with 17 additions and 13 deletions
  1. +2
    -0
      .gitignore
  2. +2
    -4
      Makefile
  3. +13
    -9
      build/common.sh

+ 2
- 0
.gitignore View File

@@ -0,0 +1,2 @@
/config/*/repo.key
/config/*/repo.pub

+ 2
- 4
Makefile View File

@@ -35,8 +35,6 @@ MIRRORS?= https://opnsense.c0urier.net \
http://mirror.ams1.nl.leaseweb.net/opnsense
_VERSION!= date '+%Y%m%d%H%M'
VERSION?= ${_VERSION}
PRIVKEY?= /root/repo.key
PUBKEY?= /root/repo.pub
STAGEDIRPREFIX?=/usr/obj
PORTSREFDIR?= /usr/freebsd-ports
PLUGINSDIR?= /usr/plugins
@@ -78,8 +76,8 @@ ${STEP}: lint
@cd ${.CURDIR}/build && sh ${VERBOSE_FLAGS} ./${.TARGET}.sh \
-f ${FLAVOUR} -n ${NAME} -v ${VERSION} -s ${SETTINGS} \
-S ${SRCDIR} -P ${PORTSDIR} -p ${PLUGINSDIR} -T ${TOOLSDIR} \
-C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} -k ${PRIVKEY} \
-K ${PUBKEY} -l "${SIGNCHK}" -L "${SIGNCMD}" -d ${DEVICE} \
-C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} -k "${PRIVKEY}" \
-K "${PUBKEY}" -l "${SIGNCHK}" -L "${SIGNCMD}" -d ${DEVICE} \
-m ${MIRRORS:Ox:[1]} -o "${STAGEDIRPREFIX}" -c ${SPEED} \
${${STEP}_ARGS}
.endfor

+ 13
- 9
build/common.sh View File

@@ -59,11 +59,15 @@ while getopts C:c:d:f:K:k:L:l:m:n:o:P:p:R:S:s:T:t:v: OPT; do
SCRUB_ARGS=${SCRUB_ARGS};shift;shift
;;
K)
export PRODUCT_PUBKEY=${OPTARG}
if [ -n "${OPTARG}" ]; then
export PRODUCT_PUBKEY=${OPTARG}
fi
SCRUB_ARGS=${SCRUB_ARGS};shift;shift
;;
k)
export PRODUCT_PRIVKEY=${OPTARG}
if [ -n "${OPTARG}" ]; then
export PRODUCT_PRIVKEY=${OPTARG}
fi
SCRUB_ARGS=${SCRUB_ARGS};shift;shift
;;
L)
@@ -136,8 +140,6 @@ if [ -z "${PRODUCT_NAME}" -o \
-z "${PRODUCT_VERSION}" -o \
-z "${PRODUCT_SETTINGS}" -o \
-z "${PRODUCT_MIRROR}" -o \
-z "${PRODUCT_PRIVKEY}" -o \
-z "${PRODUCT_PUBKEY}" -o \
-z "${PRODUCT_DEVICE}" -o \
-z "${PRODUCT_SPEED}" -o \
-z "${TOOLSDIR}" -o \
@@ -149,11 +151,6 @@ if [ -z "${PRODUCT_NAME}" -o \
usage
fi

# automatically expanded product stuff
export PRODUCT_SIGNCMD=${PRODUCT_SIGNCMD:-"${TOOLSDIR}/scripts/pkg_sign.sh ${PRODUCT_PUBKEY} ${PRODUCT_PRIVKEY}"}
export PRODUCT_SIGNCHK=${PRODUCT_SIGNCHK:-"${TOOLSDIR}/scripts/pkg_fingerprint.sh ${PRODUCT_PUBKEY}"}
export PRODUCT_RELEASE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${PRODUCT_FLAVOUR}"

# misc. foo
export CONFIG_PKG="/usr/local/etc/pkg/repos/origin.conf"
export CPUS=$(sysctl kern.smp.cpus | awk '{ print $2 }')
@@ -174,6 +171,13 @@ export IMAGESDIR="/tmp/images"
export SETSDIR="/tmp/sets"
mkdir -p ${IMAGESDIR} ${SETSDIR}

# automatically expanded product stuff
export PRODUCT_PRIVKEY=${PRODUCT_PRIVKEY:-"${CONFIGDIR}/repo.key"}
export PRODUCT_PUBKEY=${PRODUCT_PUBKEY:-"${CONFIGDIR}/repo.pub"}
export PRODUCT_SIGNCMD=${PRODUCT_SIGNCMD:-"${TOOLSDIR}/scripts/pkg_sign.sh ${PRODUCT_PUBKEY} ${PRODUCT_PRIVKEY}"}
export PRODUCT_SIGNCHK=${PRODUCT_SIGNCHK:-"${TOOLSDIR}/scripts/pkg_fingerprint.sh ${PRODUCT_PUBKEY}"}
export PRODUCT_RELEASE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${PRODUCT_FLAVOUR}"

# print environment to showcase all of our variables
env | sort



Loading…
Cancel
Save