aboutsummaryrefslogtreecommitdiffstats
path: root/update-netboot.sh
diff options
context:
space:
mode:
authorCarlo Landmeter <clandmeter@alpinelinux.org>2018-06-27 12:55:19 +0000
committerCarlo Landmeter <clandmeter@alpinelinux.org>2018-08-11 09:46:57 +0000
commit2682f6a7441fe2b549f19d5453e9f8c785305bc2 (patch)
treeac397530a123d97c224d4bad8fd80a2b0dd8ea7c /update-netboot.sh
parent0995c816219a8f6c700e58e6bcca32331cd5529c (diff)
downloadalpine-netboot-master.tar.bz2
alpine-netboot-master.tar.xz
use images from offical mirrorHEADmaster
Do not generate images locally but instead generate signatures locally and use images from offical mirror. - generate ipxe boot script from template - add option to start sshd with firstboot - add version information when selecting branch - verify netboot releases with gpg signature - added ncopa.asc gpg public key
Diffstat (limited to 'update-netboot.sh')
-rwxr-xr-xupdate-netboot.sh93
1 files changed, 0 insertions, 93 deletions
diff --git a/update-netboot.sh b/update-netboot.sh
deleted file mode 100755
index 99ff659..0000000
--- a/update-netboot.sh
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/sh -e
-
-REPO="http://dl-cdn.alpinelinux.org/alpine"
-BRANCHES="edge latest-stable"
-ARCHS="x86 x86_64 aarch64"
-IMGDIR="/var/www/localhost/htdocs/images"
-
-# CA Settings
-CA_CRT="/etc/ssl/alpine-netboot-ca/ca.crt"
-SIGN_CRT="/etc/ssl/alpine-netboot-ca/codesign.crt"
-SIGN_KEY="/etc/ssl/alpine-netboot-ca/codesign.key"
-PASS_FILE="/etc/ssl/alpine-netboot-ca/passwd"
-
-if [ -f "/lib/libalpine.sh" ]; then
- . /lib/libalpine.sh
-else
- echo "Error: cannot find libalpine.sh" >&2
- exit 1
-fi
-
-CACHE_DIR="/var/cache/alpine-netboot"
-APK="apk --no-cache --repositories-file /dev/null"
-
-compare_files() {
- [ -f "$1" ] || return 1
- [ -f "$2" ] || return 1
- diff -q "$1" "$2" > /dev/null 2>&1
-}
-
-# list all runtime depencencies for alpine-base
-resolve_base() {
- local branch="$1"
- local arch="$2"
- ALPINE_BASE=$($APK --arch $arch -X $REPO/$branch/main fetch -R --simulate alpine-base 2> /dev/null)
- [ "$?" = "0" ] || die "Failed to get base dependency tree"
- echo "$ALPINE_BASE" | grep -v '^fetch' | cut -d' ' -f2
-}
-
-# find the latest kernel and firmware.
-# kernel/firmware deps are not interesting so we do not resolve the tree.
-get_latest_kernel() {
- local branch="$1"
- local arch="$2"
- KERNEL=$($APK --arch $arch -X $REPO/$branch/main search -x linux-vanilla linux-firmware)
- [ "$?" = "0" ] || die "Failed to get kernel version"
- echo "$KERNEL" | grep -v '^fetch'
-}
-
-sign_images() {
- local imgdir="$1"
- local img
- for img in vmlinuz initramfs; do
- local file=$(realpath $imgdir/*${img}*)
- echo "Signing image: $file"
- openssl cms -sign -binary -noattr -in "$file" \
- -signer "$SIGN_CRT" -inkey "$SIGN_KEY" \
- -certfile "$CA_CRT" \
- -outform DER -out "$file".sig \
- -passin file:"$PASS_FILE"
- done
-}
-
-
-#############
-# M a i n #
-#############
-
-mkdir -p "$CACHE_DIR"
-tmpfile=$(mktemp)
-tmpdir=$(mktemp -d)
-
-for branch in $BRANCHES; do
- mkdir -p "$IMGDIR"/$branch
- for arch in $ARCHS; do
- echo "Checking: $branch/$arch"
- for i in $(resolve_base $branch $arch && get_latest_kernel $branch $arch); do
- echo "$i" >> $tmpfile
- done
- sort $tmpfile -o $tmpfile
- if ! compare_files $tmpfile "$CACHE_DIR"/$branch-$arch.lst; then
- echo "Dependencies updated for: $branch/$arch"
- ./mknetboot.sh --release "$branch" --arch "$arch" --outdir "$tmpdir"
- (cd "$tmpdir" && sha512sum * > alpine-netboot-$branch-$arch.sha512 || true)
- sign_images "$tmpdir"
- rm -rf "$IMGDIR"/$branch/$arch
- mv "$tmpdir" "$IMGDIR"/$branch/$arch
- mv "$tmpfile" "$CACHE_DIR"/$branch-$arch.lst
- else
- printf "No update found\n"
- rm -f $tmpfile
- fi
- done
-done