From 41b10e1aa4a669b8baea6ca23fa350bff1dbc4a0 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 9 Nov 2016 21:53:57 +0000
Subject: [PATCH] scripts/mkimage: automatically add pubkey from abuild

the boot repositry needs to be signed with a key. We explicitly copy
this to initramfs so users don't need use --hostkeys which requires
access to /etc/apk/keys/

without the key in intramfs the boot repository will be useless
---
 scripts/mkimage.sh    | 8 ++++++++
 scripts/mkimg.base.sh | 1 +
 2 files changed, 9 insertions(+)

diff --git a/scripts/mkimage.sh b/scripts/mkimage.sh
index 50d067fa5432..806247213b03 100644
--- a/scripts/mkimage.sh
+++ b/scripts/mkimage.sh
@@ -209,6 +209,14 @@ req_arch=${req_arch:-${default_arch}}
 [ "$req_arch" != "all" ] || req_arch="${all_arch}"
 [ "$req_profiles" != "all" ] || req_profiles="${all_profiles}"
 
+# get abuild pubkey used to sign the apkindex
+# we need inject this to the initramfs or we will not be able to use the
+# boot repository
+if [ -z "$_hostkeys" ]; then
+	_pub=${PACKAGER_PRIVKEY:+${PACKAGER_PRIVKEY}.pub}
+	_abuild_pubkey="${PACKAGER_PUBKEY:-$_pub}"
+fi
+
 # create images
 for ARCH in $req_arch; do
 	APKROOT="$WORKDIR/apkroot-$ARCH"
diff --git a/scripts/mkimg.base.sh b/scripts/mkimg.base.sh
index db2a3b28189b..354d174010bb 100644
--- a/scripts/mkimg.base.sh
+++ b/scripts/mkimg.base.sh
@@ -4,6 +4,7 @@ build_kernel() {
 	local _pkgs="$@"
 	update-kernel \
 		$_hostkeys \
+		${_abuild_pubkey:+--apk-pubkey $_abuild_pubkey} \
 		--media \
 		--flavor "$_flavor" \
 		--arch "$ARCH" \
-- 
GitLab