From ed4dedfcd04d12c4ad3d5116ccfedaaf0a10caa8 Mon Sep 17 00:00:00 2001 From: parazyd Date: Mon, 22 May 2017 00:31:41 +0200 Subject: [PATCH] add gpg signing for apt cache --- config | 5 ++++- zlibs/bootstrap | 11 +++++++++++ zlibs/cache | 8 +++++++- 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/config b/config index ca7c948..229bd10 100644 --- a/config +++ b/config @@ -20,7 +20,8 @@ ## libdevuansdk configuration vars+=(release version mirror section blend_name image_name vm_name) -vars+=(arch earch aptcachedir APT_CACHE) +vars+=(arch earch) +vars+=(aptcachedir APT_CACHE aptcachegpg) vars+=(usercredentials rootcredentials) arrs+=(core_packages base_packages purge_packages blend_packages) @@ -28,6 +29,8 @@ arrs+=(core_packages base_packages purge_packages blend_packages) ## enable local apt cache APT_CACHE=1 aptcachedir="$LIBPATH/apt-cache" +## key used to sign the cache's Release +aptcachegpg="0xdeadbeefdeadbeef" os="devuan" release="jessie" diff --git a/zlibs/bootstrap b/zlibs/bootstrap index 7143409..5d7635b 100644 --- a/zlibs/bootstrap +++ b/zlibs/bootstrap @@ -74,6 +74,17 @@ bootstrap_complete_base() { chroot-script -d thirdstage || zerr + + [[ $APT_CACHE = 1 ]] && { + notice "adding apt cache gpg pubkey" + cat </dev/null +#!/bin/sh +gpgkey="$(gpg --export -a $aptcachegpg)" +printf "%s" "\$gpgkey" | apt-key add - +EOF + chroot-script addcachepubkey || zerr + } + sleep 1 bootstrap_tar_pack || zerr diff --git a/zlibs/cache b/zlibs/cache index 2a589c3..a42c340 100644 --- a/zlibs/cache +++ b/zlibs/cache @@ -68,9 +68,15 @@ SHA256: $(sha256sum Packages.gz | cut -d' ' -f1) $(du -b Packages.gz) EOF rm -f Packages - ## TODO: XXX: gpg sign Release + gpg --sign --detach-sign --sign-with $aptcachegpg Release || zerr popd sudo sed -i -e '@deb file:/mnt@d' "$strapdir/etc/apt/sources.list" + notice "removing apt cache gpg pubkey" + cat </dev/null +#!/bin/sh +apt-key del ${aptcachegpg} +EOF + chroot-script delcachepubkey || zerr }