diff options
| author | Carlo Landmeter <clandmeter@alpinelinux.org> | 2018-06-27 12:55:19 +0000 |
|---|---|---|
| committer | Carlo Landmeter <clandmeter@alpinelinux.org> | 2018-08-11 09:46:57 +0000 |
| commit | 2682f6a7441fe2b549f19d5453e9f8c785305bc2 (patch) | |
| tree | ac397530a123d97c224d4bad8fd80a2b0dd8ea7c /update-netboot.sh | |
| parent | 0995c816219a8f6c700e58e6bcca32331cd5529c (diff) | |
| download | alpine-netboot-master.tar.bz2 alpine-netboot-master.tar.xz | |
Do not generate images locally but instead generate signatures locally
and use images from offical mirror.
- generate ipxe boot script from template
- add option to start sshd with firstboot
- add version information when selecting branch
- verify netboot releases with gpg signature
- added ncopa.asc gpg public key
Diffstat (limited to 'update-netboot.sh')
| -rwxr-xr-x | update-netboot.sh | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/update-netboot.sh b/update-netboot.sh deleted file mode 100755 index 99ff659..0000000 --- a/update-netboot.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/sh -e - -REPO="http://dl-cdn.alpinelinux.org/alpine" -BRANCHES="edge latest-stable" -ARCHS="x86 x86_64 aarch64" -IMGDIR="/var/www/localhost/htdocs/images" - -# CA Settings -CA_CRT="/etc/ssl/alpine-netboot-ca/ca.crt" -SIGN_CRT="/etc/ssl/alpine-netboot-ca/codesign.crt" -SIGN_KEY="/etc/ssl/alpine-netboot-ca/codesign.key" -PASS_FILE="/etc/ssl/alpine-netboot-ca/passwd" - -if [ -f "/lib/libalpine.sh" ]; then - . /lib/libalpine.sh -else - echo "Error: cannot find libalpine.sh" >&2 - exit 1 -fi - -CACHE_DIR="/var/cache/alpine-netboot" -APK="apk --no-cache --repositories-file /dev/null" - -compare_files() { - [ -f "$1" ] || return 1 - [ -f "$2" ] || return 1 - diff -q "$1" "$2" > /dev/null 2>&1 -} - -# list all runtime depencencies for alpine-base -resolve_base() { - local branch="$1" - local arch="$2" - ALPINE_BASE=$($APK --arch $arch -X $REPO/$branch/main fetch -R --simulate alpine-base 2> /dev/null) - [ "$?" = "0" ] || die "Failed to get base dependency tree" - echo "$ALPINE_BASE" | grep -v '^fetch' | cut -d' ' -f2 -} - -# find the latest kernel and firmware. -# kernel/firmware deps are not interesting so we do not resolve the tree. -get_latest_kernel() { - local branch="$1" - local arch="$2" - KERNEL=$($APK --arch $arch -X $REPO/$branch/main search -x linux-vanilla linux-firmware) - [ "$?" = "0" ] || die "Failed to get kernel version" - echo "$KERNEL" | grep -v '^fetch' -} - -sign_images() { - local imgdir="$1" - local img - for img in vmlinuz initramfs; do - local file=$(realpath $imgdir/*${img}*) - echo "Signing image: $file" - openssl cms -sign -binary -noattr -in "$file" \ - -signer "$SIGN_CRT" -inkey "$SIGN_KEY" \ - -certfile "$CA_CRT" \ - -outform DER -out "$file".sig \ - -passin file:"$PASS_FILE" - done -} - - -############# -# M a i n # -############# - -mkdir -p "$CACHE_DIR" -tmpfile=$(mktemp) -tmpdir=$(mktemp -d) - -for branch in $BRANCHES; do - mkdir -p "$IMGDIR"/$branch - for arch in $ARCHS; do - echo "Checking: $branch/$arch" - for i in $(resolve_base $branch $arch && get_latest_kernel $branch $arch); do - echo "$i" >> $tmpfile - done - sort $tmpfile -o $tmpfile - if ! compare_files $tmpfile "$CACHE_DIR"/$branch-$arch.lst; then - echo "Dependencies updated for: $branch/$arch" - ./mknetboot.sh --release "$branch" --arch "$arch" --outdir "$tmpdir" - (cd "$tmpdir" && sha512sum * > alpine-netboot-$branch-$arch.sha512 || true) - sign_images "$tmpdir" - rm -rf "$IMGDIR"/$branch/$arch - mv "$tmpdir" "$IMGDIR"/$branch/$arch - mv "$tmpfile" "$CACHE_DIR"/$branch-$arch.lst - else - printf "No update found\n" - rm -f $tmpfile - fi - done -done |