Browse Source

build/sign: use args and regenerate mtree signature as well

tags/19.7.10^0
Franco Fichtner 8 months ago
parent
commit
a32ec5c46b
3 changed files with 38 additions and 18 deletions
  1. +1
    -1
      LICENSE
  2. +1
    -1
      README.md
  3. +36
    -16
      build/sign.sh

+ 1
- 1
LICENSE View File

@@ -1,4 +1,4 @@
Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org>
Copyright (c) 2014-2020 Franco Fichtner <franco@opnsense.org>
Copyright (c) 2015-2017 The FreeBSD Foundation
Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com>
All rights reserved.


+ 1
- 1
README.md View File

@@ -246,7 +246,7 @@ Using signatures to verify integrity
Signing for all sets can be redone or applied to a previous run
that did not sign by invoking:

# make sign
# make sign-base,kernel,packages

A verification of all available set signatures is done via:



+ 36
- 16
build/sign.sh View File

@@ -1,6 +1,6 @@
#!/bin/sh

# Copyright (c) 2016-2019 Franco Fichtner <franco@opnsense.org>
# Copyright (c) 2016-2020 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@@ -31,19 +31,39 @@ SELF=sign

. ./common.sh

BASE_SET=$(find ${SETSDIR} -name "base-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
if [ -f "${BASE_SET}" ]; then
generate_signature ${BASE_SET}
fi
VERSIONDIR="/usr/local/opnsense/version"

KERNEL_SET=$(find ${SETSDIR} -name "kernel-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
if [ -f "${KERNEL_SET}" ]; then
generate_signature ${KERNEL_SET}
fi

PKGS_SET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_FLAVOUR}-${PRODUCT_ARCH}.tar")
if [ -f "${PKGS_SET}" ]; then
setup_stage ${STAGEDIR}
extract_packages ${STAGEDIR}
bundle_packages ${STAGEDIR} ${SELF}
fi
for ARG in ${@}; do
case ${ARG} in
base)
BASE_SET=$(find ${SETSDIR} -name "base-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
if [ -f "${BASE_SET}" ]; then
setup_stage ${STAGEDIR}
setup_set ${STAGEDIR} ${BASE_SET}
generate_signature ${STAGEDIR}${VERSIONDIR}/base.mtree
rm ${BASE_SET}
generate_set ${STAGEDIR} ${BASE_SET}
generate_signature ${BASE_SET}
fi
;;
kernel)
KERNEL_SET=$(find ${SETSDIR} -name "kernel-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
if [ -f "${KERNEL_SET}" ]; then
setup_stage ${STAGEDIR}
setup_set ${STAGEDIR} ${KERNEL_SET}
generate_signature ${STAGEDIR}${VERSIONDIR}/kernel.mtree
rm ${KERNEL_SET}
generate_set ${STAGEDIR} ${KERNEL_SET}
generate_signature ${KERNEL_SET}
fi
;;
packages)
PKGS_SET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_FLAVOUR}-${PRODUCT_ARCH}.tar")
if [ -f "${PKGS_SET}" ]; then
setup_stage ${STAGEDIR}
extract_packages ${STAGEDIR}
bundle_packages ${STAGEDIR} ${SELF}
fi
;;
esac
done

Loading…
Cancel
Save