From 6c00be225ffd1018d8556be65b35fbcf483b2d98 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 5 Jul 2016 08:55:27 +0200 Subject: [PATCH] build: allow signing keys to exist in CONFIGDIR --- .gitignore | 2 ++ Makefile | 6 ++---- build/common.sh | 22 +++++++++++++--------- 3 files changed, 17 insertions(+), 13 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..83d17c6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/config/*/repo.key +/config/*/repo.pub diff --git a/Makefile b/Makefile index bf3ab25..056a770 100644 --- a/Makefile +++ b/Makefile @@ -35,8 +35,6 @@ MIRRORS?= https://opnsense.c0urier.net \ http://mirror.ams1.nl.leaseweb.net/opnsense _VERSION!= date '+%Y%m%d%H%M' VERSION?= ${_VERSION} -PRIVKEY?= /root/repo.key -PUBKEY?= /root/repo.pub STAGEDIRPREFIX?=/usr/obj PORTSREFDIR?= /usr/freebsd-ports PLUGINSDIR?= /usr/plugins @@ -78,8 +76,8 @@ ${STEP}: lint @cd ${.CURDIR}/build && sh ${VERBOSE_FLAGS} ./${.TARGET}.sh \ -f ${FLAVOUR} -n ${NAME} -v ${VERSION} -s ${SETTINGS} \ -S ${SRCDIR} -P ${PORTSDIR} -p ${PLUGINSDIR} -T ${TOOLSDIR} \ - -C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} -k ${PRIVKEY} \ - -K ${PUBKEY} -l "${SIGNCHK}" -L "${SIGNCMD}" -d ${DEVICE} \ + -C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} -k "${PRIVKEY}" \ + -K "${PUBKEY}" -l "${SIGNCHK}" -L "${SIGNCMD}" -d ${DEVICE} \ -m ${MIRRORS:Ox:[1]} -o "${STAGEDIRPREFIX}" -c ${SPEED} \ ${${STEP}_ARGS} .endfor diff --git a/build/common.sh b/build/common.sh index 81732f6..1d4266a 100644 --- a/build/common.sh +++ b/build/common.sh @@ -59,11 +59,15 @@ while getopts C:c:d:f:K:k:L:l:m:n:o:P:p:R:S:s:T:t:v: OPT; do SCRUB_ARGS=${SCRUB_ARGS};shift;shift ;; K) - export PRODUCT_PUBKEY=${OPTARG} + if [ -n "${OPTARG}" ]; then + export PRODUCT_PUBKEY=${OPTARG} + fi SCRUB_ARGS=${SCRUB_ARGS};shift;shift ;; k) - export PRODUCT_PRIVKEY=${OPTARG} + if [ -n "${OPTARG}" ]; then + export PRODUCT_PRIVKEY=${OPTARG} + fi SCRUB_ARGS=${SCRUB_ARGS};shift;shift ;; L) @@ -136,8 +140,6 @@ if [ -z "${PRODUCT_NAME}" -o \ -z "${PRODUCT_VERSION}" -o \ -z "${PRODUCT_SETTINGS}" -o \ -z "${PRODUCT_MIRROR}" -o \ - -z "${PRODUCT_PRIVKEY}" -o \ - -z "${PRODUCT_PUBKEY}" -o \ -z "${PRODUCT_DEVICE}" -o \ -z "${PRODUCT_SPEED}" -o \ -z "${TOOLSDIR}" -o \ @@ -149,11 +151,6 @@ if [ -z "${PRODUCT_NAME}" -o \ usage fi -# automatically expanded product stuff -export PRODUCT_SIGNCMD=${PRODUCT_SIGNCMD:-"${TOOLSDIR}/scripts/pkg_sign.sh ${PRODUCT_PUBKEY} ${PRODUCT_PRIVKEY}"} -export PRODUCT_SIGNCHK=${PRODUCT_SIGNCHK:-"${TOOLSDIR}/scripts/pkg_fingerprint.sh ${PRODUCT_PUBKEY}"} -export PRODUCT_RELEASE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${PRODUCT_FLAVOUR}" - # misc. foo export CONFIG_PKG="/usr/local/etc/pkg/repos/origin.conf" export CPUS=$(sysctl kern.smp.cpus | awk '{ print $2 }') @@ -174,6 +171,13 @@ export IMAGESDIR="/tmp/images" export SETSDIR="/tmp/sets" mkdir -p ${IMAGESDIR} ${SETSDIR} +# automatically expanded product stuff +export PRODUCT_PRIVKEY=${PRODUCT_PRIVKEY:-"${CONFIGDIR}/repo.key"} +export PRODUCT_PUBKEY=${PRODUCT_PUBKEY:-"${CONFIGDIR}/repo.pub"} +export PRODUCT_SIGNCMD=${PRODUCT_SIGNCMD:-"${TOOLSDIR}/scripts/pkg_sign.sh ${PRODUCT_PUBKEY} ${PRODUCT_PRIVKEY}"} +export PRODUCT_SIGNCHK=${PRODUCT_SIGNCHK:-"${TOOLSDIR}/scripts/pkg_fingerprint.sh ${PRODUCT_PUBKEY}"} +export PRODUCT_RELEASE="${PRODUCT_NAME}-${PRODUCT_VERSION}-${PRODUCT_FLAVOUR}" + # print environment to showcase all of our variables env | sort