Add support for signed modloop images

2 files changed, 15 insertions, 1 deletions

diff --git a/initramfs-init.in b/initramfs-init.in
index 8233af4..fd78fcf 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -656,6 +656,13 @@ else
 	rc_add swclock boot
 fi
 
+# enable support for modloop verification
+if [ -f /var/cache/misc/*modloop*.SIGN.RSA.*.pub ]; then
+	mkdir -p "$sysroot"/var/cache/misc
+	cp /var/cache/misc/*modloop*.SIGN.RSA.*.pub "$sysroot"/var/cache/misc
+	pkgs="$pkgs libressl"
+fi
+
 apkflags="--initramfs-diskless-boot --progress"
 if [ -z "$ALPINE_REPO" ]; then
 	apkflags="$apkflags --no-network"
diff --git a/mkinitfs.in b/mkinitfs.in
index 9bffa01..8cd3de3 100755
--- a/mkinitfs.in
+++ b/mkinitfs.in
@@ -54,6 +54,11 @@ initfs_base() {
 	# copy init
 	cd "$startdir"
 	install -m755 "$init" "$tmpdir"/init || return 1
+	# copy modloop signature
+	if [ -n "$modloop_sig" ]; then
+		install -Dm644 "$modloop_sig" \
+			"$tmpdir"/var/cache/misc/${modloop_sig##*/}
+	fi
 	for i in "$fstab" "$passwd" "$group"; do
 		install -Dm644 "$i" "$tmpdir"/etc/${i##*/} || return 1
 	done
@@ -181,6 +186,7 @@ options:
 	-o  set another outfile
 	-P  prepend features.d search path
 	-q  Quiet mode
+	-s  Include modloop signature
 	-t  use tempdir when creating initramfs image
 
 EOF
@@ -190,7 +196,7 @@ EOF
 # main
 features_dirs=${features_dir:-"${basedir%/:-}/${sysconfdir#/}/features.d"}
 
-while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do
+while getopts "b:c:C:f:F:hi:kKLlno:P:qs:t:" opt; do
 	case "$opt" in
 		b) basedir="$OPTARG";;
 		c) config="$OPTARG";;
@@ -207,6 +213,7 @@ while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do
 		o) outfile="$OPTARG";;
 		P) features_dirs="$OPTARG $features_dirs";;
 		q) quiet=1;;
+		s) modloop_sig="$OPTARG";;
 		t) tmpdir="$OPTARG";;
 		*) usage;;
 	esac