build/(release|sign): repair signing regression after image sig change
While here also add support fort the (re)sign(ing) of the release set.
This commit is contained in:
parent
32db5e9a0b
commit
b5841642fd
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 2015-2021 Franco Fichtner <franco@opnsense.org>
|
||||
# Copyright (c) 2015-2024 Franco Fichtner <franco@opnsense.org>
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
|
@ -60,11 +60,14 @@ done
|
|||
echo -n ">>> Checksumming images for ${PRODUCT_RELEASE}... "
|
||||
|
||||
(cd ${STAGEDIR} && sha256 ${PRODUCT_RELEASE}-*) > ${STAGEDIR}/checksums
|
||||
mv ${STAGEDIR}/checksums \
|
||||
${STAGEDIR}/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.sha256
|
||||
|
||||
CHECKSUM=${STAGEDIR}/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.sha256
|
||||
mv ${STAGEDIR}/checksums ${CHECKSUM}
|
||||
|
||||
echo "done"
|
||||
|
||||
sign_image ${CHECKSUM}
|
||||
|
||||
for IMAGE in $(find ${IMAGESDIR} -name "${PRODUCT_NAME}-*-${PRODUCT_ARCH}.*.sig"); do
|
||||
cp ${IMAGE} ${STAGEDIR}
|
||||
done
|
||||
|
@ -72,8 +75,10 @@ done
|
|||
if [ -f "${PRODUCT_PRIVKEY}" ]; then
|
||||
# checked for private key, but want the public key to
|
||||
# be able to verify the images on the mirror later on
|
||||
cp "${PRODUCT_PUBKEY}" \
|
||||
"${STAGEDIR}/${PRODUCT_NAME}${PRODUCT_SUFFIX}-${PRODUCT_SETTINGS}.pub"
|
||||
|
||||
PUBKEY="${STAGEDIR}/${PRODUCT_NAME}${PRODUCT_SUFFIX}-${PRODUCT_SETTINGS}.pub"
|
||||
cp ${PRODUCT_PUBKEY} ${PUBKEY}
|
||||
sign_image ${PUBKEY}
|
||||
fi
|
||||
|
||||
echo -n ">>> Bundling images for ${PRODUCT_RELEASE}... "
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 2016-2021 Franco Fichtner <franco@opnsense.org>
|
||||
# Copyright (c) 2016-2024 Franco Fichtner <franco@opnsense.org>
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
|
@ -65,5 +65,17 @@ for ARG in ${@}; do
|
|||
bundle_packages ${STAGEDIR}
|
||||
fi
|
||||
;;
|
||||
release)
|
||||
RELEASESET=$(find_set release)
|
||||
if [ -f "${RELEASESET}" ]; then
|
||||
setup_stage ${STAGEDIR}
|
||||
setup_set ${STAGEDIR} ${RELEASESET}
|
||||
for FILE in $(find ${STAGEDIR} -name "*.sha256" -o \
|
||||
-name "*.pub"); do
|
||||
sign_image ${FILE}
|
||||
done
|
||||
rm ${RELEASESET}
|
||||
tar -C ${STAGEDIR} -cf ${RELEASESET} .
|
||||
fi
|
||||
esac
|
||||
done
|
||||
|
|
Loading…
Reference in New Issue