[arch-releng] [RFC 3/4] [mkarchiso] Optionally sign the squashfs files with gpg
Thomas Bächler
thomas at archlinux.org
Sat Feb 13 00:08:50 UTC 2016
A new option -g <keyid> is added to set the key id. The squashfs files are only signed if
this option is set.
---
archiso/mkarchiso | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/archiso/mkarchiso b/archiso/mkarchiso
index 44f0c4a..a183d34 100755
--- a/archiso/mkarchiso
+++ b/archiso/mkarchiso
@@ -18,6 +18,7 @@ work_dir="work"
out_dir="out"
sfs_mode="sfs"
sfs_comp="xz"
+gpg_key=
# Show an INFO message
# $1: message string
@@ -253,6 +254,14 @@ _mkchecksum () {
_msg_info "Done!"
}
+_mksignature () {
+ _msg_info "Creating signature file..."
+ cd "${work_dir}/iso/${install_dir}/${arch}"
+ gpg --detach-sign --default-key ${gpg_key} airootfs.sfs
+ cd ${OLDPWD}
+ _msg_info "Done!"
+}
+
command_pkglist () {
_show_config pkglist
@@ -319,6 +328,7 @@ command_prepare () {
_mkairootfs_img
fi
_mkchecksum
+ [[ ${gpg_key} ]] && _mksignature
}
# Install packages on airootfs.
@@ -355,7 +365,7 @@ if [[ ${EUID} -ne 0 ]]; then
_msg_error "This script must be run as root." 1
fi
-while getopts 'p:r:C:L:P:A:D:w:o:s:c:vh' arg; do
+while getopts 'p:r:C:L:P:A:D:w:o:s:c:g:vh' arg; do
case "${arg}" in
p) pkg_list="${pkg_list} ${OPTARG}" ;;
r) run_cmd="${OPTARG}" ;;
@@ -368,6 +378,7 @@ while getopts 'p:r:C:L:P:A:D:w:o:s:c:vh' arg; do
o) out_dir="${OPTARG}" ;;
s) sfs_mode="${OPTARG}" ;;
c) sfs_comp="${OPTARG}" ;;
+ g) gpg_key="${OPTARG}" ;;
v) quiet="n" ;;
h|?) _usage 0 ;;
*)
--
2.6.3
More information about the arch-releng
mailing list