diff options
author | Renato Botelho <renato@netgate.com> | 2015-12-23 12:00:19 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-12-23 12:00:46 -0200 |
commit | f457518994adc716929d96c33cd9706915a8f396 (patch) | |
tree | 7d153d6fab79efce81cc129b1ce66a88371161cf /tools | |
parent | 3c63f2e6b88fd484d4170e7e42c40d9f9bd80b52 (diff) | |
download | pfsense-f457518994adc716929d96c33cd9706915a8f396.zip pfsense-f457518994adc716929d96c33cd9706915a8f396.tar.gz |
Implement necessary code to be able to sign pkg(8) repo
Diffstat (limited to 'tools')
-rw-r--r-- | tools/builder_common.sh | 32 | ||||
-rw-r--r-- | tools/builder_defaults.sh | 3 |
2 files changed, 34 insertions, 1 deletions
diff --git a/tools/builder_common.sh b/tools/builder_common.sh index 7c9b958..f367f06 100644 --- a/tools/builder_common.sh +++ b/tools/builder_common.sh @@ -1696,7 +1696,7 @@ finish() { pkg_repo_rsync() { local _repo_path="${1}" - if [ -n "${DO_NOT_UPLOAD}" -o -z "${_repo_path}" -o ! -d "${_repo_path}" ]; then + if [ -z "${_repo_path}" -o ! -d "${_repo_path}" ]; then return fi @@ -1706,6 +1706,36 @@ pkg_repo_rsync() { local _logfile="${LOGFILE}" fi + if [ -n "${PKG_REPO_SIGNING_COMMAND}" ]; then + echo -n ">>> Signing repository... " | tee -a ${_logfile} + if script -aq ${_logfile} pkg repo ${_repo_path} \ + signing_command: ${PKG_REPO_SIGNING_COMMAND} >/dev/null 2>&1; then + echo "Done!" | tee -a ${_logfile} + else + echo "Failed!" | tee -a ${_logfile} + echo ">>> ERROR: An error occurred trying to sign repo" + print_error_pfS + fi + + local _pkgfile="${_repo_path}/Latest/pkg.txz" + if [ -e ${_pkgfile} ]; then + echo -n ">>> Signing Latest/pkg.txz for bootstraping... " | tee -a ${_logfile} + + if sha256 -q ${_pkgfile} | ${PKG_REPO_SIGNING_COMMAND} \ + > ${_pkgfile}.sig 2>/dev/null; then + echo "Done!" | tee -a ${_logfile} + else + echo "Failed!" | tee -a ${_logfile} + echo ">>> ERROR: An error occurred trying to sign Latest/pkg.txz" + print_error_pfS + fi + fi + fi + + if [ -n "${DO_NOT_UPLOAD}" ]; then + return + fi + echo -n ">>> Sending updated repository to ${PKG_RSYNC_HOSTNAME}... " | tee -a ${_logfile} if script -aq ${_logfile} rsync -ave "ssh -p ${PKG_RSYNC_SSH_PORT}" \ --timeout=60 --delete-delay ${_repo_path} \ diff --git a/tools/builder_defaults.sh b/tools/builder_defaults.sh index 6ef72e1..a1b5791 100644 --- a/tools/builder_defaults.sh +++ b/tools/builder_defaults.sh @@ -278,6 +278,9 @@ export PKG_RSYNC_LOGS=${PKG_RSYNC_LOGS:-"/usr/local/www/beta"} export PKG_REPO_SERVER=${PKG_REPO_SERVER:-"pkg+http://beta.pfsense.org/packages"} export PKG_REPO_CONF_BRANCH=${PKG_REPO_CONF_BRANCH:-"${GIT_REPO_BRANCH_OR_TAG}"} +# Command used to sign pkg repo +export PKG_REPO_SIGNING_COMMAND=${PKG_REPO_SIGNING_COMMAND:-""} + unset _IS_RELEASE unset CORE_PKG_DATESTRING export TIMESTAMP_SUFFIX="-${DATESTRING}" |