From 11971619a671c778b027ce823e1c1a7d9ad48482 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 12 Oct 2022 13:12:29 +0300 Subject: mkarchiso: do not sign .sig files Make sure existing sig files are deleted before creating new ones and make sure to not sign any sig files. This allows retrying failed mkarchiso runs without ending up with files such as vmlinuz.ipxe.sig.ipxe.sig. Fixes #198 --- CHANGELOG.rst | 2 ++ archiso/mkarchiso | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 73fa2d9..4c18fd2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,6 +12,8 @@ Changed ------- - Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. +- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly + applicable when re-running ``mkarchiso`` after a failure. Removed ------- diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 2fbbf66..caeb21e 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -254,7 +254,7 @@ _mk_pgp_signature() { local gpg_options=() local airootfs_image_filename="${1}" _msg_info "Signing rootfs image using GPG..." - + rm -f -- "${airootfs_image_filename}.sig" # Add gpg sender option if the value is provided [[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}") @@ -1054,7 +1054,7 @@ _cms_sign_artifact() { fi _msg_info "Signing ${artifact} image using openssl cms..." - + rm -f -- "${artifact}.cms.sig" openssl cms "${openssl_flags[@]}" @@ -1073,7 +1073,8 @@ _sign_netboot_artifacts() { _files_to_sign+=("${_dir}${_file}") fi done - for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do + for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"!(*.sig) "${_dir}${arch}/initramfs-"*.img; do + rm -f -- "${_file}".ipxe.sig openssl cms \ -sign \ -binary \ -- cgit v1.2.3-70-g09d2