Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-05-05 07:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

The EXTRA_ARCHIVES environment variable defined in 2.212 doesn't quite

Browse Source 
work properly because it doesn't allow for signing key configuration.
Rename it to the more domain-specific EXTRA_PPAS (which is now a
space-separated sequence of <ppa-owner>/<ppa-name> pairs), and fetch
signing keys for those from Launchpad using python3-software-properties.
This commit is contained in:
Colin Watson 2014-05-19 15:28:05 +01:00
parent 14c091eff2
commit 4923df1abf
5 changed files with 65 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
debian/changelog vendored
View File

@ -1,3 +1,13 @@
livecd-rootfs (2.213) UNRELEASED; urgency=medium
* The EXTRA_ARCHIVES environment variable defined in 2.212 doesn't quite
work properly because it doesn't allow for signing key configuration.
Rename it to the more domain-specific EXTRA_PPAS (which is now a
space-separated sequence of <ppa-owner>/<ppa-name> pairs), and fetch
signing keys for those from Launchpad using python3-software-properties.
-- Colin Watson <cjwatson@ubuntu.com> Mon, 19 May 2014 15:24:43 +0100
livecd-rootfs (2.212) utopic; urgency=medium livecd-rootfs (2.212) utopic; urgency=medium
* live-build/auto/config: If EXTRA_ARCHIVES is set in the environment, * live-build/auto/config: If EXTRA_ARCHIVES is set in the environment,

2
debian/control vendored
View File

@ -8,7 +8,7 @@ Vcs-Bzr: http://bazaar.launchpad.net/~ubuntu-core-dev/livecd-rootfs/trunk
Package: livecd-rootfs Package: livecd-rootfs
Architecture: any Architecture: any
Depends: ${misc:Depends}, debootstrap, rsync, python-minimal | python, procps, squashfs-tools (>= 1:3.3-1), grep-dctrl, fdupes, lsb-release, lzma, e2fsprogs, germinate (>= 1.25.1), apt-utils, gnupg, live-build (>= 3.0~a55-1), android-tools-fsutils [armhf] Depends: ${misc:Depends}, debootstrap, rsync, python-minimal | python, procps, squashfs-tools (>= 1:3.3-1), grep-dctrl, fdupes, lsb-release, lzma, e2fsprogs, germinate (>= 1.25.1), apt-utils, gnupg, live-build (>= 3.0~a55-1), android-tools-fsutils [armhf], python3-software-properties
Suggests: partimage Suggests: partimage
Breaks: ubuntu-defaults-builder (<< 0.32) Breaks: ubuntu-defaults-builder (<< 0.32)
Description: construction script for the livecd rootfs Description: construction script for the livecd rootfs

1
debian/install vendored
View File

@ -1 +1,2 @@
live-build usr/share/livecd-rootfs live-build usr/share/livecd-rootfs
get-ppa-fingerprint usr/share/livecd-rootfs

16
get-ppa-fingerprint Executable file
View File

@ -0,0 +1,16 @@
#! /usr/bin/python3
from __future__ import print_function
from optparse import OptionParser
from softwareproperties import ppa
parser = OptionParser(usage="%prog OWNER/NAME")
_, args = parser.parse_args()
if not args:
parser.error("must provide a PPA owner/name")
owner_name, ppa_name = args[0].split("/")
ppa_info = ppa.get_ppa_info_from_lp(owner_name, ppa_name)
print(ppa_info["signing_key_fingerprint"])

42
live-build/auto/config
View File

@ -498,11 +498,43 @@ EOF
;; ;;
esac esac
if [ "$EXTRA_ARCHIVES" ]; then if [ "$EXTRA_PPAS" ]; then
printf '%s\n' "$EXTRA_ARCHIVES" \ rm -f config/archives/extra-ppas.list.chroot \
> config/archives/extra-archives.list.chroot config/archives/extra-ppas.key.chroot
cp -a config/archives/extra-archives.list.chroot \ gpg_tmpdir="$(mktemp -d)"
config/archives/extra-archives.list.binary run_gpg () {
gpg --no-default-keyring --no-options --homedir "$gpg_tmpdir" \
--secret-keyring "$gpg_tmpdir/secring.gpg" \
--keyserver hkp://keyserver.ubuntu.com:80/ \
"$@"
}
for extra_ppa in $EXTRA_PPAS; do
extra_ppa_fingerprint="$(/usr/share/livecd-rootfs/get-ppa-fingerprint "$extra_ppa")"
echo "deb http://ppa.launchpad.net/$extra_ppa/ubuntu @DISTRIBUTION@ main" >> config/archives/extra-ppas.list.chroot
run_gpg --keyring "$gpg_tmpdir/pubring.gpg" \
--recv "$extra_ppa_fingerprint"
run_gpg --keyring "$gpg_tmpdir/pubring.gpg" \
--output "$gpg_tmpdir/export.gpg" \
--export "$extra_ppa_fingerprint"
got_fingerprint="$(
run_gpg --keyring "$gpg_tmpdir/export.gpg" \
--fingerprint --batch --with-colons |
grep '^fpr:' | cut -d: -f10)"
if [ "$got_fingerprint" != "$extra_ppa_fingerprint" ]; then
echo "Fingerprints do not match. Got:" >&2
echo "$got_fingerprint" | sed 's/^/ /' >&2
echo "Expected:" >&2
echo " $extra_ppa_fingerprint" >&2
exit 1
fi
cat "$gpg_tmpdir/export.gpg" >> config/archives/extra-ppas.key.chroot
rm -f "$gpg_tmpdir/export.gpg"
done
rm -rf "$gpg_tmpdir"
cp -a config/archives/extra-ppas.list.chroot \
config/archives/extra-ppas.list.binary
cp -a config/archives/extra-ppas.key.chroot \
config/archives/extra-ppas.key.binary
fi fi
# cribbed from cdimage, perhaps this should be a small helper script in germinate? # cribbed from cdimage, perhaps this should be a small helper script in germinate?