updated- docs might have some bugs, but working

This commit is contained in:
brent s. 2017-03-07 18:38:20 -05:00
parent f26e03fda9
commit 2545d0742a
4 changed files with 43 additions and 47 deletions

View File

@ -12,12 +12,15 @@ def genGPG(conf):
dlpath = build['dlpath']
bdisk = conf['bdisk']
gpghome = conf['gpg']['mygpghome']
distkey = build['gpgkey']
distkeys = []
gpgkeyserver = []
for a in conf['build']['arch']:
keysrv = conf['src'][a]['gpgkeyserver']
distkey = conf['src'][a]['gpgkey']
if keysrv and (keysrv not in gpgkeyserver):
gpgkeyserver.append(keysrv)
if distkey not in distkeys:
distkeys.append(distkey)
templates_dir = '{0}/extra/templates'.format(build['basedir'])
mykey = False
pkeys = []
@ -80,34 +83,30 @@ def genGPG(conf):
gpg.signers = pkeys
# Now we try to find and add the key for the base image.
gpg.keylist_mode = gpgme.KEYLIST_MODE_EXTERN # remote (keyserver)
if distkey: # testing
#try:
key = gpg.get_key(distkey)
#except:
# exit('{0}: ERROR: We cannot find key ID {1}!'.format(
# datetime.datetime.now(),
# distkey))
importkey = key.subkeys[0].fpr
gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
DEVNULL = open(os.devnull, 'w')
print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format(
datetime.datetime.now(),
distkey))
cmd = ['/usr/bin/gpg',
'--recv-keys',
'--batch',
'--yes',
'0x{0}'.format(importkey)]
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
sigkeys = []
for k in gpg.get_key(importkey).subkeys:
sigkeys.append(k.fpr)
cmd = ['/usr/bin/gpg',
'--batch',
'--yes',
'--lsign-key',
'0x{0}'.format(importkey)]
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
if len(distkeys) > 0: # testing
for k in distkeys:
key = gpg.get_key(k)
importkey = key.subkeys[0].fpr
gpg.keylist_mode = gpgme.KEYLIST_MODE_LOCAL # local keyring (default)
DEVNULL = open(os.devnull, 'w')
print('{0}: [GPG] Importing {1} and signing it for verification purposes...'.format(
datetime.datetime.now(),
distkey))
cmd = ['/usr/bin/gpg',
'--recv-keys',
'--batch',
'--yes',
'0x{0}'.format(importkey)]
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
sigkeys = []
for i in gpg.get_key(importkey).subkeys:
sigkeys.append(i.fpr)
cmd = ['/usr/bin/gpg',
'--batch',
'--yes',
'--lsign-key',
'0x{0}'.format(importkey)]
subprocess.call(cmd, stdout = DEVNULL, stderr = subprocess.STDOUT)
# We need to expose this key to the chroots, too, so we need to export it.
with open('{0}/gpgkey.pub'.format(dlpath), 'wb') as f:
gpg.export(pkeys[0].subkeys[0].keyid, f)

View File

@ -129,17 +129,16 @@ def parseConfig(confs):
config_dict['src'] = {}
for a in config_dict['build']['arch']:
config_dict['src'][a] = config_dict['source_' + a]
if config_dict['src'][a]['enabled']:
if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
config_dict['src'][a]['mirror']) or validatords.ipv6(
config_dict['src'][a]['mirror'])):
try:
getaddrinfo(config_dict['src'][a]['mirror'], None)
except:
exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' +
'mirror for the bootstrap tarballs. Check your configuration.').format(
datetime.datetime.now(),
config_dict['src'][a]['host']))
if (validators.domain(config_dict['src'][a]['mirror']) or validators.ipv4(
config_dict['src'][a]['mirror']) or validatords.ipv6(
config_dict['src'][a]['mirror'])):
try:
getaddrinfo(config_dict['src'][a]['mirror'], None)
except:
exit(('{0}: ERROR: {1} does not resolve and cannot be used as a ' +
'mirror for the bootstrap tarballs. Check your configuration.').format(
datetime.datetime.now(),
config_dict['src'][a]['host']))
config_dict['src'][a]['gpg'] = config['source_' + a].getboolean('gpg')
# Are we rsyncing? If so, validate the rsync host.
# Works for IP address too. It does NOT check to see if we can

View File

@ -33,10 +33,8 @@ def downloadTarball(conf):
mirror = locsrc['mirrorproto'] + '://' + locsrc['mirror']
rlsdir = mirror + locsrc['mirrorpath']
if locsrc['mirrorchksum'] != '':
if not locsrc['chksumtype']:
exit(("{0}: source_{1}:chksumtype is unset!".format(
datetime.datetime.now(),
a))
if locsrc['chksumtype'] == '':
exit("{0}: source_{1}:chksumtype is unset!".format(datetime.datetime.now(), a))
hash_type = locsrc['chksumtype']
hash_in = urlopen(mirror + locsrc['mirrorchksum'])
hashsums = hash_in.read()
@ -84,7 +82,7 @@ def downloadTarball(conf):
tarball_hash = hashfunc(open(tarball_path[a], 'rb').read()).hexdigest()
break
if not tarball_hash:
exit(("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
exit("{0}: source_{1}:chksumtype '{2}' is not supported on this machine!".format(
datetime.datetime.now(),
a,
hash_type))

View File

@ -514,7 +514,7 @@ What group the HTTP files should be owned as. This is most likely going to be ei
. Group must exist on build system

|======================
^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
|======================

=== `[tftp]`
@ -546,7 +546,7 @@ What group the TFTP files should be owned as. This is most likely going to be ei
. Group must exist on build system

|======================
^s|Can be one of: ^.^m|group name ^.^m|https://linux.die.net/man/5/group[UID]
^s|Can be one of: ^.^m|groupname ^.^m|https://linux.die.net/man/5/group[GID]
|======================

=== `[ipxe]`