build: let compress sign images and add new list helper; closes #223

Makefile

@@ -24,8 +24,8 @@
 # SUCH DAMAGE.
 
 STEPS=		audit arm base boot chroot clean clone compress confirm core \
-		distfiles download dvd fingerprint info kernel make.conf nano \
-		packages plugins ports prefetch print rebase release \
+		distfiles download dvd fingerprint info kernel list make.conf \
+		nano packages plugins ports prefetch print rebase release \
 		rename rewind serial sign skim test update upload verify \
 		vga vm xtools
 SCRIPTS=	batch hotfix nightly

build/common.sh

@@ -283,7 +283,7 @@ if [ -n "${*}" ]; then
 fi
 
 case "${SELF}" in
-confirm|fingerprint|info|make\.conf|print)
+confirm|fingerprint|info|list|make\.conf|print)
 	;;
 *)
 	if [ -z "${PRINT_ENV_SKIP}" ]; then
@@ -674,11 +674,11 @@ sign_image()
 	echo -n ">>> Creating ${PRODUCT_SETTINGS} signature for ${1}: "
 
 	openssl dgst -sha256 -sign "${PRODUCT_PRIVKEY}" "${1}" | \
-	    openssl base64 > "${2}"
-	openssl base64 -d -in "${2}" > "${2}.tmp"
+	    openssl base64 > "${1}".sig
+	openssl base64 -d -in "${1}".sig > "${1}.sig.tmp"
 	openssl dgst -sha256 -verify "${PRODUCT_PUBKEY}" \
-	    -signature "${2}.tmp" "${1}"
-	rm "${2}.tmp"
+	    -signature "${1}.sig.tmp" "${1}"
+	rm "${1}.sig.tmp"
 }
 
 check_image()

build/compress.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2018 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2018-2021 Franco Fichtner <franco@opnsense.org>
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -35,10 +35,13 @@ for ARG in ${@}; do
 	case ${ARG} in
 	arm|dvd|nano|serial|vga|vm)
 		for IMAGE in $(find ${IMAGESDIR} -name \
-		    "*-${PRODUCT_FLAVOUR}-${ARG}-*" \! -name "*.bz2"); do
+		    "*-${PRODUCT_FLAVOUR}-${ARG}-*" \! -name "*.bz2" \
+		    \! -name "*.sig"); do
 			echo -n ">>> Compressing ${ARG} image... "
 			bzip2 ${IMAGE}
 			echo "done"
+
+			sign_image ${IMAGE}.bz2
 		done
 		;;
 	esac

build/list.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# Copyright (c) 2021 Franco Fichtner <franco@opnsense.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+set -e
+
+SELF=list
+
+. ./common.sh
+
+for ARG in ${*}; do
+	ls -lah ${TARGETDIR}/"${ARG}"
+done

build/release.sh

@@ -51,12 +51,12 @@ fi
 
 sh ./clean.sh ${SELF}
 
-setup_stage ${STAGEDIR} tmp work
+setup_stage ${STAGEDIR}
 
 echo -n ">>> Compressing images for ${PRODUCT_RELEASE}... "
 
-mv ${IMAGESDIR}/${PRODUCT_NAME}-*-${PRODUCT_ARCH}.* ${STAGEDIR}/work
-for IMAGE in $(find ${STAGEDIR}/work -type f); do
+mv ${IMAGESDIR}/${PRODUCT_NAME}-*-${PRODUCT_ARCH}.* ${STAGEDIR}
+for IMAGE in $(find ${STAGEDIR} -type f); do
 	bzip2 ${IMAGE} &
 done
 wait
@@ -65,24 +65,22 @@ echo "done"
 
 echo -n ">>> Checksumming images for ${PRODUCT_RELEASE}... "
 
-(cd ${STAGEDIR}/work && sha256 ${PRODUCT_RELEASE}-*) \
-    > ${STAGEDIR}/tmp/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.sha256
+(cd ${STAGEDIR} && sha256 ${PRODUCT_RELEASE}-*) \
+    > ${STAGEDIR}/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.sha256
 
 echo "done"
 
-for IMAGE in $(find ${STAGEDIR}/work -name "${PRODUCT_RELEASE}-*"); do
-	sign_image ${IMAGE} ${STAGEDIR}/tmp/$(basename ${IMAGE}).sig
-done
-
-mv ${STAGEDIR}/tmp/* ${STAGEDIR}/work/
-
 if [ -f "${PRODUCT_PRIVKEY}" ]; then
 	# checked for private key, but want the public key to
 	# be able to verify the images on the mirror later on
 	cp "${PRODUCT_PUBKEY}" \
-	    "${STAGEDIR}/work/${PRODUCT_NAME}${PRODUCT_SUFFIX}-${PRODUCT_SETTINGS}.pub"
+	    "${STAGEDIR}/${PRODUCT_NAME}${PRODUCT_SUFFIX}-${PRODUCT_SETTINGS}.pub"
 fi
 
+for IMAGE in $(find ${STAGEDIR} -name "${PRODUCT_RELEASE}-*"); do
+	sign_image ${IMAGE}
+done
+
 echo -n ">>> Bundling images for ${PRODUCT_RELEASE}... "
-tar -C ${STAGEDIR}/work -cf ${RELEASE_SET} .
+tar -C ${STAGEDIR} -cf ${RELEASE_SET} .
 echo "done"