build: add override for signing keys #20
The logic of scripts dir was that it doesn't need build dir foo, which isn't true anymore for the pkg_* scripts so that needs to be shuffled now.
This commit is contained in:
parent
ba1f580968
commit
e213702060
4
Makefile
4
Makefile
|
@ -20,6 +20,7 @@ NAME?= OPNsense
|
|||
TYPE?= opnsense-devel
|
||||
FLAVOUR?= OpenSSL
|
||||
SETTINGS?= 15.7
|
||||
SIGNATURE?= /root/repo
|
||||
_VERSION!= date '+%Y%m%d%H%M'
|
||||
VERSION?= ${_VERSION}
|
||||
PORTSREFDIR?= /usr/freebsd-ports
|
||||
|
@ -59,5 +60,6 @@ ${STEP}:
|
|||
@cd build && sh ${VERBOSE_FLAGS} ./${.TARGET}.sh \
|
||||
-f ${FLAVOUR} -n ${NAME} -v ${VERSION} -s ${SETTINGS} \
|
||||
-S ${SRCDIR} -P ${PORTSDIR} -p ${PLUGINSDIR} -T ${TOOLSDIR} \
|
||||
-C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} ${${STEP}_ARGS}
|
||||
-C ${COREDIR} -R ${PORTSREFDIR} -t ${TYPE} -k ${SIGNATURE} \
|
||||
${${STEP}_ARGS}
|
||||
.endfor
|
||||
|
|
10
README.md
10
README.md
|
@ -74,12 +74,14 @@ All build steps are invoked via make(1):
|
|||
|
||||
Available build options are:
|
||||
|
||||
* NAME: "OPNsense" (default)
|
||||
* TYPE: the name of the meta package to be installed
|
||||
* CONFIG: reads the below from the specified file
|
||||
* FLAVOUR: "OpenSSL" (default), "LibreSSL"
|
||||
* VERSION: a version tag (if applicable)
|
||||
* NAME: "OPNsense" (default)
|
||||
* SETTINGS: the name of the selected settings in config/
|
||||
* CONFIG: reads the above from the specified file
|
||||
* SIGNATURE: file prefix to the packages signature files,
|
||||
automatically appending ".key" and ".pub"
|
||||
* TYPE: the name of the meta package to be installed
|
||||
* VERSION: a version tag (if applicable)
|
||||
|
||||
Build the userland binaries, bootloader and administrative
|
||||
files:
|
||||
|
|
|
@ -33,6 +33,7 @@ usage()
|
|||
{
|
||||
echo "Usage: ${0} -f flavour -n name -v version -R freebsd-ports.git" >&2
|
||||
echo " -C core.git -P ports.git -S src.git -T tools.git -t type" >&2
|
||||
echo " -k /path/to/signature/prefix [...]" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
@ -50,6 +51,10 @@ while getopts C:f:n:P:p:R:S:s:T:t:v: OPT; do
|
|||
export PRODUCT_NAME=${OPTARG}
|
||||
SCRUB_ARGS=${SCRUB_ARGS};shift;shift
|
||||
;;
|
||||
k)
|
||||
export PRODUCT_SIGNATURE=${OPTARG}
|
||||
SCRUB_ARGS=${SCRUB_ARGS};shift;shift
|
||||
;;
|
||||
P)
|
||||
export PORTSDIR=${OPTARG}
|
||||
SCRUB_ARGS=${SCRUB_ARGS};shift;shift
|
||||
|
@ -93,6 +98,7 @@ if [ -z "${PRODUCT_NAME}" -o \
|
|||
-z "${PRODUCT_FLAVOUR}" -o \
|
||||
-z "${PRODUCT_VERSION}" -o \
|
||||
-z "${PRODUCT_SETTINGS}" -o \
|
||||
-z "${PRODUCT_SIGNATURE}" -o \
|
||||
-z "${TOOLSDIR}" -o \
|
||||
-z "${PLUGINSDIR}" -o \
|
||||
-z "${PORTSDIR}" -o \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ -f /root/repo.pub ]; then
|
||||
if [ -f ${PRODUCT_SIGNATURE}.pub ]; then
|
||||
echo "function: \"sha256\""
|
||||
echo "fingerprint: \"$(sha256 -q /root/repo.pub)\""
|
||||
echo "fingerprint: \"$(sha256 -q ${PRODUCT_SIGNATURE}.pub)\""
|
||||
fi
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
read -t 2 SUM
|
||||
[ -z "${SUM}" ] && exit 1
|
||||
echo SIGNATURE
|
||||
echo -n ${SUM} | openssl dgst -sign /root/repo.key -sha256 -binary
|
||||
echo -n ${SUM} | openssl dgst -sign ${PRODUCT_SIGNATURE}.key -sha256 -binary
|
||||
echo
|
||||
echo CERT
|
||||
cat /root/repo.pub
|
||||
cat ${PRODUCT_SIGNATURE}.pub
|
||||
echo END
|
||||
|
|
Loading…
Reference in New Issue