commit d0038d87c4d40925c0eaca0718fa6a9a70b415c0
parent 5152c1fafa3616914b8e58923a97e9a337af7090
Author: parazyd <parazyd@dyne.org>
Date: Mon, 22 May 2017 00:31:41 +0200
add gpg signing for apt cache
Diffstat:
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/config b/config
@@ -20,7 +20,8 @@
## libdevuansdk configuration
vars+=(release version mirror section blend_name image_name vm_name)
-vars+=(arch earch aptcachedir APT_CACHE)
+vars+=(arch earch)
+vars+=(aptcachedir APT_CACHE aptcachegpg)
vars+=(usercredentials rootcredentials)
arrs+=(core_packages base_packages purge_packages blend_packages)
@@ -28,6 +29,8 @@ arrs+=(core_packages base_packages purge_packages blend_packages)
## enable local apt cache
APT_CACHE=1
aptcachedir="$LIBPATH/apt-cache"
+## key used to sign the cache's Release
+aptcachegpg="0xdeadbeefdeadbeef"
os="devuan"
release="jessie"
diff --git a/zlibs/bootstrap b/zlibs/bootstrap
@@ -74,6 +74,17 @@ bootstrap_complete_base() {
chroot-script -d thirdstage || zerr
+
+ [[ $APT_CACHE = 1 ]] && {
+ notice "adding apt cache gpg pubkey"
+ cat <<EOF | sudo tee ${strapdir}/addcachepubkey >/dev/null
+#!/bin/sh
+gpgkey="$(gpg --export -a $aptcachegpg)"
+printf "%s" "\$gpgkey" | apt-key add -
+EOF
+ chroot-script addcachepubkey || zerr
+ }
+
sleep 1
bootstrap_tar_pack || zerr
diff --git a/zlibs/cache b/zlibs/cache
@@ -68,9 +68,15 @@ SHA256:
$(sha256sum Packages.gz | cut -d' ' -f1) $(du -b Packages.gz)
EOF
rm -f Packages
- ## TODO: XXX: gpg sign Release
+ gpg --sign --detach-sign --sign-with $aptcachegpg Release || zerr
popd
sudo sed -i -e '@deb file:/mnt@d' "$strapdir/etc/apt/sources.list"
+ notice "removing apt cache gpg pubkey"
+ cat <<EOF | sudo tee ${strapdir}/delcachepubkey >/dev/null
+#!/bin/sh
+apt-key del ${aptcachegpg}
+EOF
+ chroot-script delcachepubkey || zerr
}
