[gnome-build-meta/valentindavid/eos-installer: 2/13] Make the bootable image acceptable for eos-installer




commit 78e793e664c19072b44f47f80cf0bcad2238573f
Author: Valentin David <valentin david codethink co uk>
Date:   Wed Feb 26 11:34:38 2020 +0100

    Make the bootable image acceptable for eos-installer
    
    The name has to be of a certain format and it has to be a raw
    compressed file. It is also signed with a temporary private key.
    The signature and public keyring are exported.

 elements/iso/public-key.bst        |  8 ++++
 elements/iso/signed-image-only.bst |  8 ++++
 elements/iso/signed-image.bst      | 81 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 97 insertions(+)
---
diff --git a/elements/iso/public-key.bst b/elements/iso/public-key.bst
new file mode 100644
index 00000000..e02adb1a
--- /dev/null
+++ b/elements/iso/public-key.bst
@@ -0,0 +1,8 @@
+kind: filter
+
+build-depends:
+- iso/signed-image.bst
+
+config:
+  include:
+  - keyring
diff --git a/elements/iso/signed-image-only.bst b/elements/iso/signed-image-only.bst
new file mode 100644
index 00000000..7bec4c31
--- /dev/null
+++ b/elements/iso/signed-image-only.bst
@@ -0,0 +1,8 @@
+kind: filter
+
+build-depends:
+- iso/signed-image.bst
+
+config:
+  include:
+  - image
diff --git a/elements/iso/signed-image.bst b/elements/iso/signed-image.bst
new file mode 100644
index 00000000..110e5af0
--- /dev/null
+++ b/elements/iso/signed-image.bst
@@ -0,0 +1,81 @@
+kind: script
+
+build-depends:
+- freedesktop-sdk.bst:components/gnupg.bst
+- vm/image.bst
+
+variables:
+  # This name format is required by eos-installer
+  basename: 'GNOMEOS-%{branch}-%{arch}-%{arch}.%{branch}.base'
+
+environment:
+  GNUPGHOME: /tmp/gpg
+  XZFLAGS: -T%{max-jobs}
+
+environment-nocache:
+- XZFLAGS
+
+config:
+  layout:
+  - element: components/gnupg.bst
+    destination: /
+  - element: vm/image.bst
+    destination: /images
+  - element: ''
+    destination: /tmp
+
+  commands:
+  - install -Dm644 /images/disk.img.xz "%{install-root}/%{basename}.img.xz"
+
+  - mkdir "${GNUPGHOME}"
+  - |
+    cat >/tmp/key-config <<EOF
+    Key-Type: DSA
+    Key-Length: 1024
+    Subkey-Type: ELG-E
+    Subkey-Length: 1024
+    Name-Real: Gnome OS
+    Expire-Date: 0
+    %no-protection
+    %commit
+    EOF
+
+  - gpg --batch --generate-key /tmp/key-config
+
+  - |
+    default_key="$(gpg -k --with-colons | sed '/^fpr:/q;d' | cut -d: -f10)"
+    echo "default-key ${default_key}" >${GNUPGHOME}/gpg.conf
+
+  - |
+    gpg --batch --yes -sbao \
+      "%{install-root}/%{basename}.img.xz.asc" \
+      "%{install-root}/%{basename}.img.xz"
+
+  - |
+    gpg --export --armor >/tmp/public-key.gpg
+
+  - gpg --no-default-keyring --keyring /tmp/eos-image-keyring.gpg --import /tmp/public-key.gpg
+
+  - |
+    for key in $(gpg --k --with-colons | grep "^fpr:" | cut -d: -f10); do
+      gpg --command-fd 0 \
+          --no-default-keyring \
+          --keyring /tmp/eos-image-keyring.gpg \
+          --edit-key "${key}" \
+          trust <<EOF
+    4
+    y
+    EOF
+    done
+
+  - |
+    install -Dm644 -t "%{install-root}%{datadir}/keyrings" /tmp/eos-image-keyring.gpg
+
+public:
+  bst:
+    split-rules:
+      image:
+      - "/%{basename}.img.xz"
+      - "/%{basename}.img.xz.asc"
+      keyring:
+      - "%{datadir}/keyrings/eos-image-keyring.gpg"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]