[arch-releng] [RFC 1/4] [archiso] Add gpg to the image and optionally create a keyring
Thomas Bächler
thomas at archlinux.org
Sat Feb 13 08:37:18 UTC 2016
Am 13.02.2016 um 02:24 schrieb Dave Reisner:
> On Sat, Feb 13, 2016 at 01:08:48AM +0100, Thomas Bächler wrote:
>> If the ARCHISO_GNUPG_FD environment variable is set, its contents will be interpreted as an open file
>> descriptor and its contents will be used to create a keyring in the initramfs in /gpg.
>> ---
>> archiso/initcpio/install/archiso | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/archiso/initcpio/install/archiso b/archiso/initcpio/install/archiso
>> index 300dfef..715120b 100644
>> --- a/archiso/initcpio/install/archiso
>> +++ b/archiso/initcpio/install/archiso
>> @@ -14,11 +14,16 @@ build() {
>> add_binary losetup
>> add_binary mountpoint
>> add_binary truncate
>> + add_binary gpg
>>
>> add_file /usr/lib/udev/rules.d/60-cdrom_id.rules
>> add_file /usr/lib/udev/rules.d/10-dm.rules
>> add_file /usr/lib/udev/rules.d/95-dm-notify.rules
>> add_file /usr/lib/initcpio/udev/11-dm-initramfs.rules /usr/lib/udev/rules.d/11-dm-initramfs.rules
>> + if [[ $ARCHISO_GNUPG_FD ]]; then
>> + mkdir -p $BUILDROOT$dest/gpg
>
> quote "$BUILDROOT$dest/gpg"
Ok.
>> + eval "cat <&$ARCHISO_GNUPG_FD" | gpg --homedir $BUILDROOT$dest/gpg --import
>
> why not just:
>
> gpg --homedir "$BUILDROOT$dest/gpg" --import <&$ARCHISO_GNUPG_FD
>
> This is run by bash, so order of evaluation is sane. As is, your eval is
> not safe, and will under a variety of circumstances (the simplest of
> which is whitespace in the $BUILDROOT).
The exec calls to open and close file descriptors don't seem to work
without eval, but this one seems fine. I don't quite understand what the
difference is though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-releng/attachments/20160213/64476aee/attachment.asc>
More information about the arch-releng
mailing list