build/sign: use args and regenerate mtree signature as well
This commit is contained in:
parent
f40de61925
commit
a32ec5c46b
2
LICENSE
2
LICENSE
|
@ -1,4 +1,4 @@
|
||||||
Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org>
|
Copyright (c) 2014-2020 Franco Fichtner <franco@opnsense.org>
|
||||||
Copyright (c) 2015-2017 The FreeBSD Foundation
|
Copyright (c) 2015-2017 The FreeBSD Foundation
|
||||||
Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com>
|
Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com>
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
|
@ -246,7 +246,7 @@ Using signatures to verify integrity
|
||||||
Signing for all sets can be redone or applied to a previous run
|
Signing for all sets can be redone or applied to a previous run
|
||||||
that did not sign by invoking:
|
that did not sign by invoking:
|
||||||
|
|
||||||
# make sign
|
# make sign-base,kernel,packages
|
||||||
|
|
||||||
A verification of all available set signatures is done via:
|
A verification of all available set signatures is done via:
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2016-2019 Franco Fichtner <franco@opnsense.org>
|
# Copyright (c) 2016-2020 Franco Fichtner <franco@opnsense.org>
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
# modification, are permitted provided that the following conditions
|
# modification, are permitted provided that the following conditions
|
||||||
|
@ -31,19 +31,39 @@ SELF=sign
|
||||||
|
|
||||||
. ./common.sh
|
. ./common.sh
|
||||||
|
|
||||||
BASE_SET=$(find ${SETSDIR} -name "base-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
|
VERSIONDIR="/usr/local/opnsense/version"
|
||||||
if [ -f "${BASE_SET}" ]; then
|
|
||||||
generate_signature ${BASE_SET}
|
|
||||||
fi
|
|
||||||
|
|
||||||
KERNEL_SET=$(find ${SETSDIR} -name "kernel-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
|
for ARG in ${@}; do
|
||||||
if [ -f "${KERNEL_SET}" ]; then
|
case ${ARG} in
|
||||||
generate_signature ${KERNEL_SET}
|
base)
|
||||||
fi
|
BASE_SET=$(find ${SETSDIR} -name "base-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
|
||||||
|
if [ -f "${BASE_SET}" ]; then
|
||||||
PKGS_SET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_FLAVOUR}-${PRODUCT_ARCH}.tar")
|
setup_stage ${STAGEDIR}
|
||||||
if [ -f "${PKGS_SET}" ]; then
|
setup_set ${STAGEDIR} ${BASE_SET}
|
||||||
setup_stage ${STAGEDIR}
|
generate_signature ${STAGEDIR}${VERSIONDIR}/base.mtree
|
||||||
extract_packages ${STAGEDIR}
|
rm ${BASE_SET}
|
||||||
bundle_packages ${STAGEDIR} ${SELF}
|
generate_set ${STAGEDIR} ${BASE_SET}
|
||||||
fi
|
generate_signature ${BASE_SET}
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
kernel)
|
||||||
|
KERNEL_SET=$(find ${SETSDIR} -name "kernel-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
|
||||||
|
if [ -f "${KERNEL_SET}" ]; then
|
||||||
|
setup_stage ${STAGEDIR}
|
||||||
|
setup_set ${STAGEDIR} ${KERNEL_SET}
|
||||||
|
generate_signature ${STAGEDIR}${VERSIONDIR}/kernel.mtree
|
||||||
|
rm ${KERNEL_SET}
|
||||||
|
generate_set ${STAGEDIR} ${KERNEL_SET}
|
||||||
|
generate_signature ${KERNEL_SET}
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
packages)
|
||||||
|
PKGS_SET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_FLAVOUR}-${PRODUCT_ARCH}.tar")
|
||||||
|
if [ -f "${PKGS_SET}" ]; then
|
||||||
|
setup_stage ${STAGEDIR}
|
||||||
|
extract_packages ${STAGEDIR}
|
||||||
|
bundle_packages ${STAGEDIR} ${SELF}
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
Loading…
Reference in New Issue