diff --git a/bdisk/bGPG.py b/bdisk/bGPG.py index 2759457..f123e68 100755 --- a/bdisk/bGPG.py +++ b/bdisk/bGPG.py @@ -12,12 +12,15 @@ def genGPG(conf): dlpath = build['dlpath'] bdisk = conf['bdisk'] gpghome = conf['gpg']['mygpghome'] - distkey = build['gpgkey'] + distkeys = [] gpgkeyserver = [] for a in conf['build']['arch']: keysrv = conf['src'][a]['gpgkeyserver'] + distkey = conf['src'][a]['gpgkey'] if keysrv and (keysrv not in gpgkeyserver): gpgkeyserver.append(keysrv) + if distkey not in distkeys: + distkeys.append(distkey) templates_dir = '{0}/extra/templates'.format(build['basedir']) mykey = False pkeys = [] @@ -80,34 +83,30 @@ def genGPG(conf): gpg.signers = pkeys # Now we try to find and add the key for the base image. gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN # remote (keyserver) - if distkey: # testing - #try: - key = gpg.get_key(distkey) - #except: - # exit('{0}: ERROR: We cannot find key ID {1}!'.format( - # datetime.datetime.now(), - # distkey)) - importkey = key.subkeys[0].fpr - gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default) - DEVNULL = open(os.devnull, 'w') - print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format( - datetime.datetime.now(), - distkey)) - cmd = ['/usr/bin/gpg', - '--recv-keys', - '--batch', - '--yes', - '0x{0}'.format(importkey)] - subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT) - sigkeys = [] - for k in gpg.get_key(importkey).subkeys: - sigkeys.append(k.fpr) - cmd = ['/usr/bin/gpg', - '--batch', - '--yes', - '--lsign-key', - '0x{0}'.format(importkey)] - subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT) + if len(distkeys) > 0: # testing + for k in distkeys: + key = gpg.get_key(k) + importkey = key.subkeys[0].fpr + gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default) + DEVNULL = open(os.devnull, 'w') + print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format( + datetime.datetime.now(), + distkey)) + cmd = ['/usr/bin/gpg', + '--recv-keys', + '--batch', + '--yes', + '0x{0}'.format(importkey)] + subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT) + sigkeys = [] + for i in gpg.get_key(importkey).subkeys: + sigkeys.append(i.fpr) + cmd = ['/usr/bin/gpg', + '--batch', + '--yes', + '--lsign-key', + '0x{0}'.format(importkey)] + subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT) # We need to expose this key to the chroots, too, so we need to export it. with open('{0}/gpgkey.pub'.format(dlpath), 'wb') as f: gpg.export(pkeys[0].subkeys[0].keyid, f) diff --git a/bdisk/host.py b/bdisk/host.py index 39f7403..ee26361 100755 --- a/bdisk/host.py +++ b/bdisk/host.py @@ -129,17 +129,16 @@ def parseConfig(confs): config_dict['src'] = {} for a in config_dict['build']['arch']: config_dict['src'][a] = config_dict['source_' + a] - if config_dict['src'][a]['enabled']: - if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4( - config_dict['src'][a]['mirror']) or validatords.ipv6( - config_dict['src'][a]['mirror'])): - try: - getaddrinfo(config_dict['src'][a]['mirror'], None) - except: - exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' + - 'mirror for the bootstrap tarballs. Check your configuration.').format( - datetime.datetime.now(), - config_dict['src'][a]['host'])) + if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4( + config_dict['src'][a]['mirror']) or validatords.ipv6( + config_dict['src'][a]['mirror'])): + try: + getaddrinfo(config_dict['src'][a]['mirror'], None) + except: + exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' + + 'mirror for the bootstrap tarballs. Check your configuration.').format( + datetime.datetime.now(), + config_dict['src'][a]['host'])) config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg') # Are we rsyncing? If so, validate the rsync host. # Works for IP address too. It does NOT check to see if we can diff --git a/bdisk/prep.py b/bdisk/prep.py index 4551cc8..cea9c7d 100755 --- a/bdisk/prep.py +++ b/bdisk/prep.py @@ -33,10 +33,8 @@ def downloadTarball(conf): mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror'] rlsdir = mirror + locsrc['mirrorpath'] if locsrc['mirrorchksum'] != '': - if not locsrc['chksumtype']: - exit(("{0}: source_{1}:chksumtype is unset!".format( - datetime.datetime.now(), - a)) + if locsrc['chksumtype'] == '': + exit("{0}: source_{1}:chksumtype is unset!".format(datetime.datetime.now(), a)) hash_type = locsrc['chksumtype'] hash_in = urlopen(mirror + locsrc['mirrorchksum']) hashsums = hash_in.read() @@ -84,7 +82,7 @@ def downloadTarball(conf): tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest() break if not tarball_hash: - exit(("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format( + exit("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format( datetime.datetime.now(), a, hash_type)) diff --git a/docs/manual/user/BUILDINI.adoc b/docs/manual/user/BUILDINI.adoc index ed63ceb..a79f023 100644 --- a/docs/manual/user/BUILDINI.adoc +++ b/docs/manual/user/BUILDINI.adoc @@ -514,7 +514,7 @@ What group the HTTP files should be owned as. This is most likely going to be ei . Group must exist on build system |====================== -^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID] +^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID] |====================== === `[tftp]` @@ -546,7 +546,7 @@ What group the TFTP files should be owned as. This is most likely going to be ei . Group must exist on build system |====================== -^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID] +^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID] |====================== === `[ipxe]`