[gnome-build-meta/valentindavid/eos-installer: 5/13] Make the bootable image acceptable for eos-installer



commit 357b5508df34837c8e4d237a9df01bcb0e28876d
Author: Valentin David <valentin david codethink co uk>
Date:   Wed Feb 26 11:34:38 2020 +0100

    Make the bootable image acceptable for eos-installer
    
    The name has to be of a certain format and it has to be a raw
    compressed file. It is also signed with a temporary private key.
    The signature and public keyring are exported.

 elements/iso/public-key.bst        |  8 ++++
 elements/iso/signed-image-only.bst |  8 ++++
 elements/iso/signed-image.bst      | 82 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 98 insertions(+)
---
diff --git a/elements/iso/public-key.bst b/elements/iso/public-key.bst
new file mode 100644
index 00000000..e02adb1a
--- /dev/null
+++ b/elements/iso/public-key.bst
@@ -0,0 +1,8 @@
+kind: filter
+
+build-depends:
+- iso/signed-image.bst
+
+config:
+  include:
+  - keyring
diff --git a/elements/iso/signed-image-only.bst b/elements/iso/signed-image-only.bst
new file mode 100644
index 00000000..7bec4c31
--- /dev/null
+++ b/elements/iso/signed-image-only.bst
@@ -0,0 +1,8 @@
+kind: filter
+
+build-depends:
+- iso/signed-image.bst
+
+config:
+  include:
+  - image
diff --git a/elements/iso/signed-image.bst b/elements/iso/signed-image.bst
new file mode 100644
index 00000000..da4aa4d8
--- /dev/null
+++ b/elements/iso/signed-image.bst
@@ -0,0 +1,82 @@
+kind: script
+
+build-depends:
+- freedesktop-sdk.bst:components/gnupg.bst
+- vm/qemu-tools.bst
+- vm/image.bst
+
+variables:
+  # This name format is required by eos-installer
+  basename: 'GNOMEOS-%{branch}-%{arch}-%{arch}.%{branch}.base'
+
+environment:
+  GNUPGHOME: /tmp/gpg
+
+config:
+  layout:
+  - element: components/gnupg.bst
+    destination: /
+  - element: vm/qemu-tools.bst
+    destination: /
+  - element: vm/image.bst
+    destination: /images
+  - element: ''
+    destination: /tmp
+
+  commands:
+  - qemu-img convert -O raw /images/disk.qcow2 /tmp/disk.img
+  - xz -T0 /tmp/disk.img
+  - install -Dm644 /tmp/disk.img.xz "%{install-root}/%{basename}.img.xz"
+
+  - mkdir "${GNUPGHOME}"
+  - |
+    cat >/tmp/key-config <<EOF
+    Key-Type: DSA
+    Key-Length: 1024
+    Subkey-Type: ELG-E
+    Subkey-Length: 1024
+    Name-Real: Gnome OS
+    Expire-Date: 0
+    %no-protection
+    %commit
+    EOF
+
+  - gpg --batch --generate-key /tmp/key-config
+
+  - |
+    default_key="$(gpg -k --with-colons | sed '/^fpr:/q;d' | cut -d: -f10)"
+    echo "default-key ${default_key}" >${GNUPGHOME}/gpg.conf
+
+  - |
+    gpg --batch --yes -sbao \
+      "%{install-root}/%{basename}.img.xz.asc" \
+      "%{install-root}/%{basename}.img.xz"
+
+  - |
+    gpg --export --armor >/tmp/public-key.gpg
+
+  - gpg --no-default-keyring --keyring /tmp/eos-image-keyring.gpg --import /tmp/public-key.gpg
+
+  - |
+    for key in $(gpg --k --with-colons | grep "^fpr:" | cut -d: -f10); do
+      gpg --command-fd 0 \
+          --no-default-keyring \
+          --keyring /tmp/eos-image-keyring.gpg \
+          --edit-key "${key}" \
+          trust <<EOF
+    4
+    y
+    EOF
+    done
+
+  - |
+    install -Dm644 -t "%{install-root}%{datadir}/keyrings" /tmp/eos-image-keyring.gpg
+
+public:
+  bst:
+    split-rules:
+      image:
+      - "/%{basename}.img.xz"
+      - "/%{basename}.img.xz.asc"
+      keyring:
+      - "%{datadir}/keyrings/eos-image-keyring.gpg"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]