[gnome-build-meta/valentindavid/eos-installer: 5/13] Make the bootable image acceptable for eos-installer
- From: Valentin David <valentindavid src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-build-meta/valentindavid/eos-installer: 5/13] Make the bootable image acceptable for eos-installer
- Date: Thu, 9 Apr 2020 20:27:55 +0000 (UTC)
commit 357b5508df34837c8e4d237a9df01bcb0e28876d
Author: Valentin David <valentin david codethink co uk>
Date: Wed Feb 26 11:34:38 2020 +0100
Make the bootable image acceptable for eos-installer
The name has to be of a certain format and it has to be a raw
compressed file. It is also signed with a temporary private key.
The signature and public keyring are exported.
elements/iso/public-key.bst | 8 ++++
elements/iso/signed-image-only.bst | 8 ++++
elements/iso/signed-image.bst | 82 ++++++++++++++++++++++++++++++++++++++
3 files changed, 98 insertions(+)
---
diff --git a/elements/iso/public-key.bst b/elements/iso/public-key.bst
new file mode 100644
index 00000000..e02adb1a
--- /dev/null
+++ b/elements/iso/public-key.bst
@@ -0,0 +1,8 @@
+kind: filter
+
+build-depends:
+- iso/signed-image.bst
+
+config:
+ include:
+ - keyring
diff --git a/elements/iso/signed-image-only.bst b/elements/iso/signed-image-only.bst
new file mode 100644
index 00000000..7bec4c31
--- /dev/null
+++ b/elements/iso/signed-image-only.bst
@@ -0,0 +1,8 @@
+kind: filter
+
+build-depends:
+- iso/signed-image.bst
+
+config:
+ include:
+ - image
diff --git a/elements/iso/signed-image.bst b/elements/iso/signed-image.bst
new file mode 100644
index 00000000..da4aa4d8
--- /dev/null
+++ b/elements/iso/signed-image.bst
@@ -0,0 +1,82 @@
+kind: script
+
+build-depends:
+- freedesktop-sdk.bst:components/gnupg.bst
+- vm/qemu-tools.bst
+- vm/image.bst
+
+variables:
+ # This name format is required by eos-installer
+ basename: 'GNOMEOS-%{branch}-%{arch}-%{arch}.%{branch}.base'
+
+environment:
+ GNUPGHOME: /tmp/gpg
+
+config:
+ layout:
+ - element: components/gnupg.bst
+ destination: /
+ - element: vm/qemu-tools.bst
+ destination: /
+ - element: vm/image.bst
+ destination: /images
+ - element: ''
+ destination: /tmp
+
+ commands:
+ - qemu-img convert -O raw /images/disk.qcow2 /tmp/disk.img
+ - xz -T0 /tmp/disk.img
+ - install -Dm644 /tmp/disk.img.xz "%{install-root}/%{basename}.img.xz"
+
+ - mkdir "${GNUPGHOME}"
+ - |
+ cat >/tmp/key-config <<EOF
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 1024
+ Name-Real: Gnome OS
+ Expire-Date: 0
+ %no-protection
+ %commit
+ EOF
+
+ - gpg --batch --generate-key /tmp/key-config
+
+ - |
+ default_key="$(gpg -k --with-colons | sed '/^fpr:/q;d' | cut -d: -f10)"
+ echo "default-key ${default_key}" >${GNUPGHOME}/gpg.conf
+
+ - |
+ gpg --batch --yes -sbao \
+ "%{install-root}/%{basename}.img.xz.asc" \
+ "%{install-root}/%{basename}.img.xz"
+
+ - |
+ gpg --export --armor >/tmp/public-key.gpg
+
+ - gpg --no-default-keyring --keyring /tmp/eos-image-keyring.gpg --import /tmp/public-key.gpg
+
+ - |
+ for key in $(gpg --k --with-colons | grep "^fpr:" | cut -d: -f10); do
+ gpg --command-fd 0 \
+ --no-default-keyring \
+ --keyring /tmp/eos-image-keyring.gpg \
+ --edit-key "${key}" \
+ trust <<EOF
+ 4
+ y
+ EOF
+ done
+
+ - |
+ install -Dm644 -t "%{install-root}%{datadir}/keyrings" /tmp/eos-image-keyring.gpg
+
+public:
+ bst:
+ split-rules:
+ image:
+ - "/%{basename}.img.xz"
+ - "/%{basename}.img.xz.asc"
+ keyring:
+ - "%{datadir}/keyrings/eos-image-keyring.gpg"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]