updated- docs might have some bugs, but working
This commit is contained in:
parent
f26e03fda9
commit
2545d0742a
@ -12,12 +12,15 @@ def genGPG(conf):
|
|||||||
dlpath = build['dlpath']
|
dlpath = build['dlpath']
|
||||||
bdisk = conf['bdisk']
|
bdisk = conf['bdisk']
|
||||||
gpghome = conf['gpg']['mygpghome']
|
gpghome = conf['gpg']['mygpghome']
|
||||||
distkey = build['gpgkey']
|
distkeys = []
|
||||||
gpgkeyserver = []
|
gpgkeyserver = []
|
||||||
for a in conf['build']['arch']:
|
for a in conf['build']['arch']:
|
||||||
keysrv = conf['src'][a]['gpgkeyserver']
|
keysrv = conf['src'][a]['gpgkeyserver']
|
||||||
|
distkey = conf['src'][a]['gpgkey']
|
||||||
if keysrv and (keysrv not in gpgkeyserver):
|
if keysrv and (keysrv not in gpgkeyserver):
|
||||||
gpgkeyserver.append(keysrv)
|
gpgkeyserver.append(keysrv)
|
||||||
|
if distkey not in distkeys:
|
||||||
|
distkeys.append(distkey)
|
||||||
templates_dir = '{0}/extra/templates'.format(build['basedir'])
|
templates_dir = '{0}/extra/templates'.format(build['basedir'])
|
||||||
mykey = False
|
mykey = False
|
||||||
pkeys = []
|
pkeys = []
|
||||||
@ -80,34 +83,30 @@ def genGPG(conf):
|
|||||||
gpg.signers = pkeys
|
gpg.signers = pkeys
|
||||||
# Now we try to find and add the key for the base image.
|
# Now we try to find and add the key for the base image.
|
||||||
gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN # remote (keyserver)
|
gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN # remote (keyserver)
|
||||||
if distkey: # testing
|
if len(distkeys) > 0: # testing
|
||||||
#try:
|
for k in distkeys:
|
||||||
key = gpg.get_key(distkey)
|
key = gpg.get_key(k)
|
||||||
#except:
|
importkey = key.subkeys[0].fpr
|
||||||
# exit('{0}: ERROR: We cannot find key ID {1}!'.format(
|
gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
|
||||||
# datetime.datetime.now(),
|
DEVNULL = open(os.devnull, 'w')
|
||||||
# distkey))
|
print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format(
|
||||||
importkey = key.subkeys[0].fpr
|
datetime.datetime.now(),
|
||||||
gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
|
distkey))
|
||||||
DEVNULL = open(os.devnull, 'w')
|
cmd = ['/usr/bin/gpg',
|
||||||
print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format(
|
'--recv-keys',
|
||||||
datetime.datetime.now(),
|
'--batch',
|
||||||
distkey))
|
'--yes',
|
||||||
cmd = ['/usr/bin/gpg',
|
'0x{0}'.format(importkey)]
|
||||||
'--recv-keys',
|
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
|
||||||
'--batch',
|
sigkeys = []
|
||||||
'--yes',
|
for i in gpg.get_key(importkey).subkeys:
|
||||||
'0x{0}'.format(importkey)]
|
sigkeys.append(i.fpr)
|
||||||
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
|
cmd = ['/usr/bin/gpg',
|
||||||
sigkeys = []
|
'--batch',
|
||||||
for k in gpg.get_key(importkey).subkeys:
|
'--yes',
|
||||||
sigkeys.append(k.fpr)
|
'--lsign-key',
|
||||||
cmd = ['/usr/bin/gpg',
|
'0x{0}'.format(importkey)]
|
||||||
'--batch',
|
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
|
||||||
'--yes',
|
|
||||||
'--lsign-key',
|
|
||||||
'0x{0}'.format(importkey)]
|
|
||||||
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
|
|
||||||
# We need to expose this key to the chroots, too, so we need to export it.
|
# We need to expose this key to the chroots, too, so we need to export it.
|
||||||
with open('{0}/gpgkey.pub'.format(dlpath), 'wb') as f:
|
with open('{0}/gpgkey.pub'.format(dlpath), 'wb') as f:
|
||||||
gpg.export(pkeys[0].subkeys[0].keyid, f)
|
gpg.export(pkeys[0].subkeys[0].keyid, f)
|
||||||
|
@ -129,17 +129,16 @@ def parseConfig(confs):
|
|||||||
config_dict['src'] = {}
|
config_dict['src'] = {}
|
||||||
for a in config_dict['build']['arch']:
|
for a in config_dict['build']['arch']:
|
||||||
config_dict['src'][a] = config_dict['source_' + a]
|
config_dict['src'][a] = config_dict['source_' + a]
|
||||||
if config_dict['src'][a]['enabled']:
|
if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
|
||||||
if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
|
config_dict['src'][a]['mirror']) or validatords.ipv6(
|
||||||
config_dict['src'][a]['mirror']) or validatords.ipv6(
|
config_dict['src'][a]['mirror'])):
|
||||||
config_dict['src'][a]['mirror'])):
|
try:
|
||||||
try:
|
getaddrinfo(config_dict['src'][a]['mirror'], None)
|
||||||
getaddrinfo(config_dict['src'][a]['mirror'], None)
|
except:
|
||||||
except:
|
exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' +
|
||||||
exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' +
|
'mirror for the bootstrap tarballs. Check your configuration.').format(
|
||||||
'mirror for the bootstrap tarballs. Check your configuration.').format(
|
datetime.datetime.now(),
|
||||||
datetime.datetime.now(),
|
config_dict['src'][a]['host']))
|
||||||
config_dict['src'][a]['host']))
|
|
||||||
config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg')
|
config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg')
|
||||||
# Are we rsyncing? If so, validate the rsync host.
|
# Are we rsyncing? If so, validate the rsync host.
|
||||||
# Works for IP address too. It does NOT check to see if we can
|
# Works for IP address too. It does NOT check to see if we can
|
||||||
|
@ -33,10 +33,8 @@ def downloadTarball(conf):
|
|||||||
mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror']
|
mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror']
|
||||||
rlsdir = mirror + locsrc['mirrorpath']
|
rlsdir = mirror + locsrc['mirrorpath']
|
||||||
if locsrc['mirrorchksum'] != '':
|
if locsrc['mirrorchksum'] != '':
|
||||||
if not locsrc['chksumtype']:
|
if locsrc['chksumtype'] == '':
|
||||||
exit(("{0}: source_{1}:chksumtype is unset!".format(
|
exit("{0}: source_{1}:chksumtype is unset!".format(datetime.datetime.now(), a))
|
||||||
datetime.datetime.now(),
|
|
||||||
a))
|
|
||||||
hash_type = locsrc['chksumtype']
|
hash_type = locsrc['chksumtype']
|
||||||
hash_in = urlopen(mirror + locsrc['mirrorchksum'])
|
hash_in = urlopen(mirror + locsrc['mirrorchksum'])
|
||||||
hashsums = hash_in.read()
|
hashsums = hash_in.read()
|
||||||
@ -84,7 +82,7 @@ def downloadTarball(conf):
|
|||||||
tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest()
|
tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest()
|
||||||
break
|
break
|
||||||
if not tarball_hash:
|
if not tarball_hash:
|
||||||
exit(("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
|
exit("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
|
||||||
datetime.datetime.now(),
|
datetime.datetime.now(),
|
||||||
a,
|
a,
|
||||||
hash_type))
|
hash_type))
|
||||||
|
@ -514,7 +514,7 @@ What group the HTTP files should be owned as. This is most likely going to be ei
|
|||||||
. Group must exist on build system
|
. Group must exist on build system
|
||||||
|
|
||||||
|======================
|
|======================
|
||||||
^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
|
^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
|
||||||
|======================
|
|======================
|
||||||
|
|
||||||
=== `[tftp]`
|
=== `[tftp]`
|
||||||
@ -546,7 +546,7 @@ What group the TFTP files should be owned as. This is most likely going to be ei
|
|||||||
. Group must exist on build system
|
. Group must exist on build system
|
||||||
|
|
||||||
|======================
|
|======================
|
||||||
^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
|
^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
|
||||||
|======================
|
|======================
|
||||||
|
|
||||||
=== `[ipxe]`
|
=== `[ipxe]`
|
||||||
|
Loading…
Reference in New Issue
Block a user