build/sign: use args and regenerate mtree signature as well

This commit is contained in:
Franco Fichtner 2020-01-22 22:20:54 +01:00
parent f40de61925
commit a32ec5c46b
3 changed files with 38 additions and 18 deletions

View File

@ -1,4 +1,4 @@
Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org> Copyright (c) 2014-2020 Franco Fichtner <franco@opnsense.org>
Copyright (c) 2015-2017 The FreeBSD Foundation Copyright (c) 2015-2017 The FreeBSD Foundation
Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com> Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com>
All rights reserved. All rights reserved.

View File

@ -246,7 +246,7 @@ Using signatures to verify integrity
Signing for all sets can be redone or applied to a previous run Signing for all sets can be redone or applied to a previous run
that did not sign by invoking: that did not sign by invoking:
# make sign # make sign-base,kernel,packages
A verification of all available set signatures is done via: A verification of all available set signatures is done via:

View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# Copyright (c) 2016-2019 Franco Fichtner <franco@opnsense.org> # Copyright (c) 2016-2020 Franco Fichtner <franco@opnsense.org>
# #
# Redistribution and use in source and binary forms, with or without # Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions # modification, are permitted provided that the following conditions
@ -31,19 +31,39 @@ SELF=sign
. ./common.sh . ./common.sh
BASE_SET=$(find ${SETSDIR} -name "base-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz") VERSIONDIR="/usr/local/opnsense/version"
if [ -f "${BASE_SET}" ]; then
generate_signature ${BASE_SET}
fi
KERNEL_SET=$(find ${SETSDIR} -name "kernel-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz") for ARG in ${@}; do
if [ -f "${KERNEL_SET}" ]; then case ${ARG} in
generate_signature ${KERNEL_SET} base)
fi BASE_SET=$(find ${SETSDIR} -name "base-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
if [ -f "${BASE_SET}" ]; then
PKGS_SET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_FLAVOUR}-${PRODUCT_ARCH}.tar") setup_stage ${STAGEDIR}
if [ -f "${PKGS_SET}" ]; then setup_set ${STAGEDIR} ${BASE_SET}
setup_stage ${STAGEDIR} generate_signature ${STAGEDIR}${VERSIONDIR}/base.mtree
extract_packages ${STAGEDIR} rm ${BASE_SET}
bundle_packages ${STAGEDIR} ${SELF} generate_set ${STAGEDIR} ${BASE_SET}
fi generate_signature ${BASE_SET}
fi
;;
kernel)
KERNEL_SET=$(find ${SETSDIR} -name "kernel-*-${PRODUCT_ARCH}${PRODUCT_DEVICE+"-${PRODUCT_DEVICE}"}.txz")
if [ -f "${KERNEL_SET}" ]; then
setup_stage ${STAGEDIR}
setup_set ${STAGEDIR} ${KERNEL_SET}
generate_signature ${STAGEDIR}${VERSIONDIR}/kernel.mtree
rm ${KERNEL_SET}
generate_set ${STAGEDIR} ${KERNEL_SET}
generate_signature ${KERNEL_SET}
fi
;;
packages)
PKGS_SET=$(find ${SETSDIR} -name "packages-*-${PRODUCT_FLAVOUR}-${PRODUCT_ARCH}.tar")
if [ -f "${PKGS_SET}" ]; then
setup_stage ${STAGEDIR}
extract_packages ${STAGEDIR}
bundle_packages ${STAGEDIR} ${SELF}
fi
;;
esac
done