build: add image signatures via openssl digest
This commit is contained in:
parent
25549dc7fb
commit
d78e69138a
|
@ -450,7 +450,23 @@ generate_signature()
|
|||
fi
|
||||
}
|
||||
|
||||
check_images()
|
||||
sign_image()
|
||||
{
|
||||
if [ ! -f "${PRODUCT_PRIVKEY}" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n ">>> Creating signature for ${1}: "
|
||||
|
||||
openssl dgst -sha256 -sign "${PRODUCT_PRIVKEY}" "${1}" | \
|
||||
openssl base64 > "${2}"
|
||||
openssl base64 -d -in "${2}" > "${2}.tmp"
|
||||
openssl dgst -sha256 -verify "${PRODUCT_PUBKEY}" \
|
||||
-signature "${2}.tmp" "${1}"
|
||||
rm "${2}.tmp"
|
||||
}
|
||||
|
||||
check_image()
|
||||
{
|
||||
SELF=${1}
|
||||
SKIP=${2}
|
||||
|
|
|
@ -31,7 +31,7 @@ SELF=dvd
|
|||
|
||||
. ./common.sh
|
||||
|
||||
check_images ${SELF} ${@}
|
||||
check_image ${SELF} ${@}
|
||||
|
||||
DVD="${IMAGESDIR}/${PRODUCT_RELEASE}-dvd-${PRODUCT_ARCH}.iso"
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ SELF=nano
|
|||
|
||||
. ./common.sh
|
||||
|
||||
check_images ${SELF} ${@}
|
||||
check_image ${SELF} ${@}
|
||||
|
||||
NANOSIZE="3G"
|
||||
|
||||
|
|
|
@ -63,8 +63,18 @@ echo -n ">>> Checksumming images for ${PRODUCT_RELEASE}... "
|
|||
(cd ${STAGEDIR}/work && md5 ${PRODUCT_RELEASE}-*) \
|
||||
> ${STAGEDIR}/tmp/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.md5
|
||||
|
||||
for IMAGE in $(find ${STAGEDIR}/work -name "${PRODUCT_RELEASE}-*"); do
|
||||
sign_image ${IMAGE} ${STAGEDIR}/tmp/$(basename ${IMAGE}).sig
|
||||
done
|
||||
|
||||
mv ${STAGEDIR}/tmp/* ${STAGEDIR}/work/
|
||||
|
||||
if [ -f "${PRODUCT_PRIVKEY}" ]; then
|
||||
# checked for private key, but want the public key to
|
||||
# be able to verify the images on the mirror later on
|
||||
cp "${PRODUCT_PUBKEY}" ${STAGEDIR}/work/${PRODUCT_RELEASE}.pub
|
||||
fi
|
||||
|
||||
echo "done"
|
||||
|
||||
echo -n ">>> Bundling images for ${PRODUCT_RELEASE}... "
|
||||
|
|
|
@ -32,7 +32,7 @@ SELF=serial
|
|||
|
||||
. ./common.sh
|
||||
|
||||
check_images ${SELF} ${@}
|
||||
check_image ${SELF} ${@}
|
||||
|
||||
SERIALIMG="${IMAGESDIR}/${PRODUCT_RELEASE}-serial-${PRODUCT_ARCH}.img"
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ SELF=vga
|
|||
|
||||
. ./common.sh
|
||||
|
||||
check_images ${SELF} ${@}
|
||||
check_image ${SELF} ${@}
|
||||
|
||||
VGAIMG="${IMAGESDIR}/${PRODUCT_RELEASE}-vga-${PRODUCT_ARCH}.img"
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ SELF=vm
|
|||
|
||||
. ./common.sh
|
||||
|
||||
check_images ${SELF} ${@}
|
||||
check_image ${SELF} ${@}
|
||||
|
||||
VMFORMAT="vmdk"
|
||||
VMSIZE="20G"
|
||||
|
|
Loading…
Reference in New Issue