tadd gpg signing for apt cache - libdevuansdk - common library for devuan's simple distro kits (HTM) git clone https://git.parazyd.org/libdevuansdk (DIR) Log (DIR) Files (DIR) Refs (DIR) Submodules (DIR) README (DIR) LICENSE --- (DIR) commit d0038d87c4d40925c0eaca0718fa6a9a70b415c0 (DIR) parent 5152c1fafa3616914b8e58923a97e9a337af7090 (HTM) Author: parazyd <parazyd@dyne.org> Date: Mon, 22 May 2017 00:31:41 +0200 add gpg signing for apt cache Diffstat: M config | 5 ++++- M zlibs/bootstrap | 11 +++++++++++ M zlibs/cache | 8 +++++++- 3 files changed, 22 insertions(+), 2 deletions(-) --- (DIR) diff --git a/config b/config t@@ -20,7 +20,8 @@ ## libdevuansdk configuration vars+=(release version mirror section blend_name image_name vm_name) -vars+=(arch earch aptcachedir APT_CACHE) +vars+=(arch earch) +vars+=(aptcachedir APT_CACHE aptcachegpg) vars+=(usercredentials rootcredentials) arrs+=(core_packages base_packages purge_packages blend_packages) t@@ -28,6 +29,8 @@ arrs+=(core_packages base_packages purge_packages blend_packages) ## enable local apt cache APT_CACHE=1 aptcachedir="$LIBPATH/apt-cache" +## key used to sign the cache's Release +aptcachegpg="0xdeadbeefdeadbeef" os="devuan" release="jessie" (DIR) diff --git a/zlibs/bootstrap b/zlibs/bootstrap t@@ -74,6 +74,17 @@ bootstrap_complete_base() { chroot-script -d thirdstage || zerr + + [[ $APT_CACHE = 1 ]] && { + notice "adding apt cache gpg pubkey" + cat <<EOF | sudo tee ${strapdir}/addcachepubkey >/dev/null +#!/bin/sh +gpgkey="$(gpg --export -a $aptcachegpg)" +printf "%s" "\$gpgkey" | apt-key add - +EOF + chroot-script addcachepubkey || zerr + } + sleep 1 bootstrap_tar_pack || zerr (DIR) diff --git a/zlibs/cache b/zlibs/cache t@@ -68,9 +68,15 @@ SHA256: $(sha256sum Packages.gz | cut -d' ' -f1) $(du -b Packages.gz) EOF rm -f Packages - ## TODO: XXX: gpg sign Release + gpg --sign --detach-sign --sign-with $aptcachegpg Release || zerr popd sudo sed -i -e '@deb file:/mnt@d' "$strapdir/etc/apt/sources.list" + notice "removing apt cache gpg pubkey" + cat <<EOF | sudo tee ${strapdir}/delcachepubkey >/dev/null +#!/bin/sh +apt-key del ${aptcachegpg} +EOF + chroot-script delcachepubkey || zerr }