Skip to content

Commit

Permalink
added support for usign signatures
Browse files Browse the repository at this point in the history
  • Loading branch information
jefferyto committed Jul 17, 2019
1 parent da22fb9 commit 88087f0
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 4 deletions.
8 changes: 7 additions & 1 deletion Changelog.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
# Changelog

## 0.1.0 (2019-06-05)
## [0.1.1] - 2019-07-18
* Added support for usign signatures

## 0.1.0 - 2019-06-05
* Initial release


[0.1.1]: https://github.com/jefferyto/openwrt-vivarium/compare/0.1.0...0.1.1
2 changes: 1 addition & 1 deletion builder/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
# along with Vivarium. If not, see <https://www.gnu.org/licenses/>.
#

FROM docker.io/openwrtorg/packages-cci:v1.0.2
FROM docker.io/openwrtorg/packages-cci:v1.0.3

ARG SDK_HOST
ARG SDK_PATH
Expand Down
24 changes: 22 additions & 2 deletions builder/docker-run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,28 @@ if [ -z "$(find / -mindepth 1 -maxdepth 1 -name "$SDK_FILE" -print -quit)" ]; th

# From https://github.com/openwrt/packages/blob/master/.circleci/config.yml
curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -sS -o sha256sums.asc
gpg --with-fingerprint --verify sha256sums.asc sha256sums
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then
echo "Missing sha256sums signature files"
exit 1
fi
[ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums
if [ -f sha256sums.sig ]; then
VERIFIED=
for KEY in ../usign/*; do
echo "Trying $KEY..."
if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then
echo "...verified"
VERIFIED=1
break
fi
done
if [ -z "$VERIFIED" ]; then
echo "Could not verify usign signature"
exit 1
fi
fi
rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" .
sha256sum -c --ignore-missing sha256sums

Expand Down

0 comments on commit 88087f0

Please sign in to comment.