opensourcemirror
/
opnsense-tools
mirror of https://github.com/opnsense/tools.git
1
0
Fork 0
Code Issues Releases Wiki Activity

build/(release|sign): repair signing regression after image sig change 

While here also add support fort the (re)sign(ing) of the release set.
This commit is contained in:
Franco Fichtner 2024-01-30 09:58:34 +01:00
parent 32db5e9a0b
commit b5841642fd
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
build/release.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
# Copyright (c) 2015-2021 Franco Fichtner <franco@opnsense.org>
# Copyright (c) 2015-2024 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@ -60,11 +60,14 @@ done
echo -n ">>> Checksumming images for ${PRODUCT_RELEASE}... "
(cd ${STAGEDIR} && sha256 ${PRODUCT_RELEASE}-*) > ${STAGEDIR}/checksums
mv ${STAGEDIR}/checksums \
${STAGEDIR}/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.sha256
CHECKSUM=${STAGEDIR}/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.sha256
mv ${STAGEDIR}/checksums ${CHECKSUM}
echo "done"
sign_image ${CHECKSUM}
for IMAGE in $(find ${IMAGESDIR} -name "${PRODUCT_NAME}-*-${PRODUCT_ARCH}.*.sig"); do
cp ${IMAGE} ${STAGEDIR}
done
@ -72,8 +75,10 @@ done
if [ -f "${PRODUCT_PRIVKEY}" ]; then
# checked for private key, but want the public key to
# be able to verify the images on the mirror later on
cp "${PRODUCT_PUBKEY}" \
"${STAGEDIR}/${PRODUCT_NAME}${PRODUCT_SUFFIX}-${PRODUCT_SETTINGS}.pub"
PUBKEY="${STAGEDIR}/${PRODUCT_NAME}${PRODUCT_SUFFIX}-${PRODUCT_SETTINGS}.pub"
cp ${PRODUCT_PUBKEY} ${PUBKEY}
sign_image ${PUBKEY}
fi
echo -n ">>> Bundling images for ${PRODUCT_RELEASE}... "

14
build/sign.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
# Copyright (c) 2016-2021 Franco Fichtner <franco@opnsense.org>
# Copyright (c) 2016-2024 Franco Fichtner <franco@opnsense.org>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@ -65,5 +65,17 @@ for ARG in ${@}; do
bundle_packages ${STAGEDIR}
fi
;;
release)
RELEASESET=$(find_set release)
if [ -f "${RELEASESET}" ]; then
setup_stage ${STAGEDIR}
setup_set ${STAGEDIR} ${RELEASESET}
for FILE in $(find ${STAGEDIR} -name "*.sha256" -o \
-name "*.pub"); do
sign_image ${FILE}
done
rm ${RELEASESET}
tar -C ${STAGEDIR} -cf ${RELEASESET} .
fi
esac
done