build: add package signing glue
This commit is contained in:
parent
ad6a0d13b8
commit
b49aececeb
|
@ -44,8 +44,14 @@ cp ${PACKAGESDIR}/${ARCH}/* ${STAGEDIR}/All
|
|||
# needed bootstrap glue when no packages are on the system
|
||||
cd ${STAGEDIR}/Latest && ln -s ../All/pkg-*.txz pkg.txz
|
||||
|
||||
SIGNARGS=
|
||||
if [ -n "$(${TOOLSDIR}/scripts/pkg_fingerprint.sh)" ]; then
|
||||
# XXX check if fingerprint is in core.git
|
||||
SIGNARGS="signing_command: ${TOOLSDIR}/scripts/pkg_sign.sh"
|
||||
fi
|
||||
|
||||
# generate index files
|
||||
cd ${STAGEDIR} && pkg repo .
|
||||
cd ${STAGEDIR} && pkg repo . ${SIGNARGS}
|
||||
|
||||
echo -n ">>> Creating packages set... "
|
||||
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ -f /root/repo.pub ]; then
|
||||
echo "function: \"sha256\""
|
||||
echo "fingerprint: \"$(sha256 -q /root/repo.pub)\""
|
||||
fi
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
read -t 2 SUM
|
||||
[ -z "${SUM}" ] && exit 1
|
||||
echo SIGNATURE
|
||||
echo -n ${SUM} | openssl dgst -sign /root/repo.key -sha256 -binary
|
||||
echo
|
||||
echo CERT
|
||||
cat /root/repo.pub
|
||||
echo END
|
Loading…
Reference in New Issue