Commit 41b10e1a authored by Natanael Copa's avatar Natanael Copa

scripts/mkimage: automatically add pubkey from abuild

the boot repositry needs to be signed with a key. We explicitly copy
this to initramfs so users don't need use --hostkeys which requires
access to /etc/apk/keys/

without the key in intramfs the boot repository will be useless
parent 1a2a0351
......@@ -209,6 +209,14 @@ req_arch=${req_arch:-${default_arch}}
[ "$req_arch" != "all" ] || req_arch="${all_arch}"
[ "$req_profiles" != "all" ] || req_profiles="${all_profiles}"
# get abuild pubkey used to sign the apkindex
# we need inject this to the initramfs or we will not be able to use the
# boot repository
if [ -z "$_hostkeys" ]; then
_pub=${PACKAGER_PRIVKEY:+${PACKAGER_PRIVKEY}.pub}
_abuild_pubkey="${PACKAGER_PUBKEY:-$_pub}"
fi
# create images
for ARCH in $req_arch; do
APKROOT="$WORKDIR/apkroot-$ARCH"
......
......@@ -4,6 +4,7 @@ build_kernel() {
local _pkgs="$@"
update-kernel \
$_hostkeys \
${_abuild_pubkey:+--apk-pubkey $_abuild_pubkey} \
--media \
--flavor "$_flavor" \
--arch "$ARCH" \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment