[arch-releng] [RFC 1/4] [archiso] Add gpg to the image and optionally create a keyring
Gerardo Exequiel Pozzi
vmlinuz386 at gmail.com
Mon Feb 15 18:40:07 UTC 2016
On 02/15/16 15:08, Thomas Bächler wrote:
> Am 15.02.2016 um 14:14 schrieb Gerardo Exequiel Pozzi:
>> On 02/12/16 21:08, Thomas Bächler wrote:
>>> If the ARCHISO_GNUPG_FD environment variable is set, its contents will be interpreted as an open file
>>> descriptor and its contents will be used to create a keyring in the initramfs in /gpg.
>>> ---
>>> archiso/initcpio/install/archiso | 5 +++++
>>> 1 file changed, 5 insertions(+)
>>>
>>> diff --git a/archiso/initcpio/install/archiso b/archiso/initcpio/install/archiso
>>> index 300dfef..715120b 100644
>>> --- a/archiso/initcpio/install/archiso
>>> +++ b/archiso/initcpio/install/archiso
>>> @@ -14,11 +14,16 @@ build() {
>>> add_binary losetup
>>> add_binary mountpoint
>>> add_binary truncate
>>> + add_binary gpg
>>>
>>> add_file /usr/lib/udev/rules.d/60-cdrom_id.rules
>>> add_file /usr/lib/udev/rules.d/10-dm.rules
>>> add_file /usr/lib/udev/rules.d/95-dm-notify.rules
>>> add_file /usr/lib/initcpio/udev/11-dm-initramfs.rules /usr/lib/udev/rules.d/11-dm-initramfs.rules
>>> + if [[ $ARCHISO_GNUPG_FD ]]; then
>>> + mkdir -p $BUILDROOT$dest/gpg
>>> + eval "cat <&$ARCHISO_GNUPG_FD" | gpg --homedir $BUILDROOT$dest/gpg --import
>>> + fi
>>> }
>>>
>>> # vim: set ft=sh ts=4 sw=4 et:
>>>
>>
>> Not directly related with this: We are getting closer to fill up the
>> "efiboot.img" (used to El Torito in EFI), inside this FAT-FS image (31M)
>> is archiso.img. Last time I checked (1/Feb) was around 1M free.
>
> Is Eltorito the only way to boot from CD? Can't we access the CD drive
> directly in EFI? In any case, I consider CD booting irrelevant with EFI,
> since USB ports are more common than CD drives and making a bootable USB
> only means copying the files onto it.
>
The standard way, yes. Some firmwares provides an extension to read
ISO9660-FS directly.
Sure, personally I did not use any DVD/CD in years!
> About the patches themselves, any comments? You can pull them via git
> directly from https://han.bchlr.de/git/public/archiso, branch verify.
>
I will look on this in next weekend.
Why is the signature stored inside initramfs file? why not outside like
the checksum file?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-releng/attachments/20160215/cfab0ab4/attachment.asc>
More information about the arch-releng
mailing list