updated- docs might have some bugs, but working

This commit is contained in:
brent s. 2017-03-07 18:38:20 -05:00
parent f26e03fda9
commit 2545d0742a
4 changed files with 43 additions and 47 deletions

View File

@ -12,12 +12,15 @@ def genGPG(conf):
dlpath = build['dlpath'] dlpath = build['dlpath']
bdisk = conf['bdisk'] bdisk = conf['bdisk']
gpghome = conf['gpg']['mygpghome'] gpghome = conf['gpg']['mygpghome']
distkey = build['gpgkey'] distkeys = []
gpgkeyserver = [] gpgkeyserver = []
for a in conf['build']['arch']: for a in conf['build']['arch']:
keysrv = conf['src'][a]['gpgkeyserver'] keysrv = conf['src'][a]['gpgkeyserver']
distkey = conf['src'][a]['gpgkey']
if keysrv and (keysrv not in gpgkeyserver): if keysrv and (keysrv not in gpgkeyserver):
gpgkeyserver.append(keysrv) gpgkeyserver.append(keysrv)
if distkey not in distkeys:
distkeys.append(distkey)
templates_dir = '{0}/extra/templates'.format(build['basedir']) templates_dir = '{0}/extra/templates'.format(build['basedir'])
mykey = False mykey = False
pkeys = [] pkeys = []
@ -80,34 +83,30 @@ def genGPG(conf):
gpg.signers = pkeys gpg.signers = pkeys
# Now we try to find and add the key for the base image. # Now we try to find and add the key for the base image.
gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN # remote (keyserver) gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN # remote (keyserver)
if distkey: # testing if len(distkeys) > 0: # testing
#try: for k in distkeys:
key = gpg.get_key(distkey) key = gpg.get_key(k)
#except: importkey = key.subkeys[0].fpr
# exit('{0}: ERROR: We cannot find key ID {1}!'.format( gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
# datetime.datetime.now(), DEVNULL = open(os.devnull, 'w')
# distkey)) print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format(
importkey = key.subkeys[0].fpr datetime.datetime.now(),
gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default) distkey))
DEVNULL = open(os.devnull, 'w') cmd = ['/usr/bin/gpg',
print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format( '--recv-keys',
datetime.datetime.now(), '--batch',
distkey)) '--yes',
cmd = ['/usr/bin/gpg', '0x{0}'.format(importkey)]
'--recv-keys', subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
'--batch', sigkeys = []
'--yes', for i in gpg.get_key(importkey).subkeys:
'0x{0}'.format(importkey)] sigkeys.append(i.fpr)
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT) cmd = ['/usr/bin/gpg',
sigkeys = [] '--batch',
for k in gpg.get_key(importkey).subkeys: '--yes',
sigkeys.append(k.fpr) '--lsign-key',
cmd = ['/usr/bin/gpg', '0x{0}'.format(importkey)]
'--batch', subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
'--yes',
'--lsign-key',
'0x{0}'.format(importkey)]
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
# We need to expose this key to the chroots, too, so we need to export it. # We need to expose this key to the chroots, too, so we need to export it.
with open('{0}/gpgkey.pub'.format(dlpath), 'wb') as f: with open('{0}/gpgkey.pub'.format(dlpath), 'wb') as f:
gpg.export(pkeys[0].subkeys[0].keyid, f) gpg.export(pkeys[0].subkeys[0].keyid, f)

View File

@ -129,17 +129,16 @@ def parseConfig(confs):
config_dict['src'] = {} config_dict['src'] = {}
for a in config_dict['build']['arch']: for a in config_dict['build']['arch']:
config_dict['src'][a] = config_dict['source_' + a] config_dict['src'][a] = config_dict['source_' + a]
if config_dict['src'][a]['enabled']: if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4( config_dict['src'][a]['mirror']) or validatords.ipv6(
config_dict['src'][a]['mirror']) or validatords.ipv6( config_dict['src'][a]['mirror'])):
config_dict['src'][a]['mirror'])): try:
try: getaddrinfo(config_dict['src'][a]['mirror'], None)
getaddrinfo(config_dict['src'][a]['mirror'], None) except:
except: exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' +
exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' + 'mirror for the bootstrap tarballs. Check your configuration.').format(
'mirror for the bootstrap tarballs. Check your configuration.').format( datetime.datetime.now(),
datetime.datetime.now(), config_dict['src'][a]['host']))
config_dict['src'][a]['host']))
config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg') config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg')
# Are we rsyncing? If so, validate the rsync host. # Are we rsyncing? If so, validate the rsync host.
# Works for IP address too. It does NOT check to see if we can # Works for IP address too. It does NOT check to see if we can

View File

@ -33,10 +33,8 @@ def downloadTarball(conf):
mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror'] mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror']
rlsdir = mirror + locsrc['mirrorpath'] rlsdir = mirror + locsrc['mirrorpath']
if locsrc['mirrorchksum'] != '': if locsrc['mirrorchksum'] != '':
if not locsrc['chksumtype']: if locsrc['chksumtype'] == '':
exit(("{0}: source_{1}:chksumtype is unset!".format( exit("{0}: source_{1}:chksumtype is unset!".format(datetime.datetime.now(), a))
datetime.datetime.now(),
a))
hash_type = locsrc['chksumtype'] hash_type = locsrc['chksumtype']
hash_in = urlopen(mirror + locsrc['mirrorchksum']) hash_in = urlopen(mirror + locsrc['mirrorchksum'])
hashsums = hash_in.read() hashsums = hash_in.read()
@ -84,7 +82,7 @@ def downloadTarball(conf):
tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest() tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest()
break break
if not tarball_hash: if not tarball_hash:
exit(("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format( exit("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
datetime.datetime.now(), datetime.datetime.now(),
a, a,
hash_type)) hash_type))

View File

@ -514,7 +514,7 @@ What group the HTTP files should be owned as. This is most likely going to be ei
. Group must exist on build system . Group must exist on build system


|====================== |======================
^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID] ^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
|====================== |======================


=== `[tftp]` === `[tftp]`
@ -546,7 +546,7 @@ What group the TFTP files should be owned as. This is most likely going to be ei
. Group must exist on build system . Group must exist on build system


|====================== |======================
^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID] ^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
|====================== |======================


=== `[ipxe]` === `[ipxe]`