parazyd.org

       tadd gpg signing for apt cache - libdevuansdk - common library for devuan's simple distro kits
 (HTM) git clone https://git.parazyd.org/libdevuansdk
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) Submodules
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit d0038d87c4d40925c0eaca0718fa6a9a70b415c0
 (DIR) parent 5152c1fafa3616914b8e58923a97e9a337af7090
 (HTM) Author: parazyd <parazyd@dyne.org>
       Date:   Mon, 22 May 2017 00:31:41 +0200
       
       add gpg signing for apt cache
       
       Diffstat:
         M config                              |       5 ++++-
         M zlibs/bootstrap                     |      11 +++++++++++
         M zlibs/cache                         |       8 +++++++-
       
       3 files changed, 22 insertions(+), 2 deletions(-)
       ---
 (DIR) diff --git a/config b/config
       t@@ -20,7 +20,8 @@
        ## libdevuansdk configuration
        
        vars+=(release version mirror section blend_name image_name vm_name)
       -vars+=(arch earch aptcachedir APT_CACHE)
       +vars+=(arch earch)
       +vars+=(aptcachedir APT_CACHE aptcachegpg)
        vars+=(usercredentials rootcredentials)
        
        arrs+=(core_packages base_packages purge_packages blend_packages)
       t@@ -28,6 +29,8 @@ arrs+=(core_packages base_packages purge_packages blend_packages)
        ## enable local apt cache
        APT_CACHE=1
        aptcachedir="$LIBPATH/apt-cache"
       +## key used to sign the cache's Release
       +aptcachegpg="0xdeadbeefdeadbeef"
        
        os="devuan"
        release="jessie"
 (DIR) diff --git a/zlibs/bootstrap b/zlibs/bootstrap
       t@@ -74,6 +74,17 @@ bootstrap_complete_base() {
        
        
                chroot-script -d thirdstage || zerr
       +
       +        [[ $APT_CACHE = 1 ]] && {
       +                notice "adding apt cache gpg pubkey"
       +                cat <<EOF | sudo tee ${strapdir}/addcachepubkey >/dev/null
       +#!/bin/sh
       +gpgkey="$(gpg --export -a $aptcachegpg)"
       +printf "%s" "\$gpgkey" | apt-key add -
       +EOF
       +                chroot-script addcachepubkey || zerr
       +        }
       +
                sleep 1
        
                bootstrap_tar_pack             || zerr
 (DIR) diff --git a/zlibs/cache b/zlibs/cache
       t@@ -68,9 +68,15 @@ SHA256:
         $(sha256sum Packages.gz | cut -d' ' -f1)    $(du -b Packages.gz)
        EOF
                        rm -f Packages
       -                ## TODO: XXX: gpg sign Release
       +                gpg --sign --detach-sign --sign-with $aptcachegpg Release || zerr
                popd
        
        
                sudo sed -i -e '@deb file:/mnt@d' "$strapdir/etc/apt/sources.list"
       +        notice "removing apt cache gpg pubkey"
       +        cat <<EOF | sudo tee ${strapdir}/delcachepubkey >/dev/null
       +#!/bin/sh
       +apt-key del ${aptcachegpg}
       +EOF
       +        chroot-script delcachepubkey || zerr
        }