From 934d9979a681d869f5eabc331beb16ea9fde8b9c Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Fri, 20 Jun 2014 17:58:12 -0700 Subject: [PATCH] updates: Add script for enabling the official update signing key. This script should be called before running build_image when generating official production images. Images built with official key will not accept updates signed with the default development signing key. --- set_official | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 set_official diff --git a/set_official b/set_official new file mode 100755 index 0000000000..e7695f5e22 --- /dev/null +++ b/set_official @@ -0,0 +1,37 @@ +#!/bin/bash + +# Copyright (c) 2014 The CoreOS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +SCRIPT_ROOT=$(dirname $(readlink -f "$0")) +. "${SCRIPT_ROOT}/common.sh" || exit 1 + +# Script must run inside the chroot +restart_in_chroot_if_needed "$@" + +assert_not_root_user + +DEFINE_string board "${DEFAULT_BOARD}" \ + "The board to update." +DEFINE_boolean official ${FLAGS_TRUE} \ + "Enable (or disable) official key." + +# Parse flags +FLAGS "$@" || exit 1 +eval set -- "${FLAGS_ARGV}" +switch_to_strict_mode + +# set BOARD and BOARD_ROOT +. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" +. "${BUILD_LIBRARY_DIR}/board_options.sh" + +if [[ ${FLAGS_official} -eq ${FLAGS_TRUE} ]]; then + sudo mkdir -p "${BOARD_ROOT}/etc/portage/package.use" + sudo_clobber "${BOARD_ROOT}/etc/portage/package.use/official" \ + <<<"coreos-base/coreos-au-key official" +else + sudo rm -f "${BOARD_ROOT}/etc/portage/package.use/official" +fi + +emerge-${BOARD} -v --quiet-build=y --nospinner coreos-base/coreos-au-key