opensourcemirror
/
opnsense-tools
mirror of https://github.com/opnsense/tools.git
1
0
Fork 0
Code Issues Releases Wiki Activity

build: add image signatures via openssl digest

This commit is contained in:
Franco Fichtner 2017-07-24 09:07:23 +02:00
parent 25549dc7fb
commit d78e69138a
7 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
build/common.sh
View File

@ -450,7 +450,23 @@ generate_signature()
fi
}
check_images()
sign_image()
{
if [ ! -f "${PRODUCT_PRIVKEY}" ]; then
return
fi
echo -n ">>> Creating signature for ${1}: "
openssl dgst -sha256 -sign "${PRODUCT_PRIVKEY}" "${1}" | \
openssl base64 > "${2}"
openssl base64 -d -in "${2}" > "${2}.tmp"
openssl dgst -sha256 -verify "${PRODUCT_PUBKEY}" \
-signature "${2}.tmp" "${1}"
rm "${2}.tmp"
}
check_image()
{
SELF=${1}
SKIP=${2}

2
build/dvd.sh
View File

@ -31,7 +31,7 @@ SELF=dvd
. ./common.sh
check_images ${SELF} ${@}
check_image ${SELF} ${@}
DVD="${IMAGESDIR}/${PRODUCT_RELEASE}-dvd-${PRODUCT_ARCH}.iso"

2
build/nano.sh
View File

@ -32,7 +32,7 @@ SELF=nano
. ./common.sh
check_images ${SELF} ${@}
check_image ${SELF} ${@}
NANOSIZE="3G"

10
build/release.sh
View File

@ -63,8 +63,18 @@ echo -n ">>> Checksumming images for ${PRODUCT_RELEASE}... "
(cd ${STAGEDIR}/work && md5 ${PRODUCT_RELEASE}-*) \
> ${STAGEDIR}/tmp/${PRODUCT_RELEASE}-checksums-${PRODUCT_ARCH}.md5
for IMAGE in $(find ${STAGEDIR}/work -name "${PRODUCT_RELEASE}-*"); do
sign_image ${IMAGE} ${STAGEDIR}/tmp/$(basename ${IMAGE}).sig
done
mv ${STAGEDIR}/tmp/* ${STAGEDIR}/work/
if [ -f "${PRODUCT_PRIVKEY}" ]; then
# checked for private key, but want the public key to
# be able to verify the images on the mirror later on
cp "${PRODUCT_PUBKEY}" ${STAGEDIR}/work/${PRODUCT_RELEASE}.pub
fi
echo "done"
echo -n ">>> Bundling images for ${PRODUCT_RELEASE}... "

2
build/serial.sh
View File

@ -32,7 +32,7 @@ SELF=serial
. ./common.sh
check_images ${SELF} ${@}
check_image ${SELF} ${@}
SERIALIMG="${IMAGESDIR}/${PRODUCT_RELEASE}-serial-${PRODUCT_ARCH}.img"

2
build/vga.sh
View File

@ -31,7 +31,7 @@ SELF=vga
. ./common.sh
check_images ${SELF} ${@}
check_image ${SELF} ${@}
VGAIMG="${IMAGESDIR}/${PRODUCT_RELEASE}-vga-${PRODUCT_ARCH}.img"

2
build/vm.sh
View File

@ -31,7 +31,7 @@ SELF=vm
. ./common.sh
check_images ${SELF} ${@}
check_image ${SELF} ${@}
VMFORMAT="vmdk"
VMSIZE="20G"