add APK signing logic #46
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aparcar
force-pushed
the
apksign
branch
2 times, most recently
from
64bab90
to
bbe70a1
Compare
With this commit it's possible to sign APK package indexes (packages.adb) via the `signall.sh` script, which is run on the buildmaster. As a consequence `apk` must be available on the buildmaster. This is the final step to replace OPKG with APK. Signed-off-by: Paul Spooren <[email protected]>
Signed-off-by: Paul Spooren <[email protected]>
|
@ynezz tested and works, I'm happy to give you access to the setup I'm running. |
|
Tested for phase1 and phase2, merging |
Ok, did you perhaps missed to commit your apk changes for docker/buildmaster/Dockerfile ? |
ynezz
reviewed
Sep 23, 2024
|
|
||
| umask 022 | ||
| find "$tmpdir/tar/" -type f -name "packages.adb" -exec \ | ||
| "${APK_BIN:-apk}" adbsign --allow-untrusted --sign-key "$(readlink -f "$tmpdir/apk.pem")" "{}" \; || finish 6 |
There was a problem hiding this comment.
For some reason this fails https://buildbot.staging.openwrt.org/images/#/builders/1/builds/21/steps/47/logs/stdio:
/scripts/signall.sh /master/signing/mediatek.filogic.tar.gz master
** RUNNING ON BUILDMASTER **
in dir /master
argv: ['/scripts/signall.sh', '/master/signing/mediatek.filogic.tar.gz', 'master']
env: {'CONFIG_INI': '/config/config.ini'}
gpg: keybox '/master/signall.4246/gpg/pubring.kbx' created
gpg: /master/signall.4246/gpg/trustdb.gpg: trustdb created
gpg: key CD84BCED626471F1: public key "OpenWrt Build System (PGP key for unattended snapshot builds) <[email protected]>" imported
gpg: key CD84BCED626471F1: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
find: ‘apk’: No such file or directory
find: ‘apk’: No such file or directorybut the signfiles step is marked as successful, although there is haltOnFailure=True defined for this step, so in this case the build should fail. Probably some issue with exit code handling/passing somewhere?
ynezz
added a commit
to ynezz/openwrt
that referenced
this pull request
Sep 28, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Signed-off-by: Petr Štetiar <[email protected]>
ynezz
added a commit
to ynezz/openwrt
that referenced
this pull request
Sep 28, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Signed-off-by: Petr Štetiar <[email protected]>
ynezz
added a commit
to ynezz/openwrt
that referenced
this pull request
Oct 12, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
ynezz
added a commit
to ynezz/openwrt
that referenced
this pull request
Oct 12, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
ynezz
added a commit
to ynezz/openwrt
that referenced
this pull request
Oct 12, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Signed-off-by: Petr Štetiar <[email protected]>
ynezz
added a commit
to ynezz/openwrt
that referenced
this pull request
Oct 12, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
Vladdrako
pushed a commit
to Vladdrako/openwrt
that referenced
this pull request
Oct 13, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
kimocoder
pushed a commit
to kimocoder/openwrt-ipq
that referenced
this pull request
Oct 15, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt/openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
liudf0716
pushed a commit
to liudf0716/openwrt
that referenced
this pull request
Oct 17, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
vincejv
pushed a commit
to vincejv/openwrt
that referenced
this pull request
Oct 27, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
vincejv
pushed a commit
to vincejv/openwrt
that referenced
this pull request
Oct 27, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
kimocoder
pushed a commit
to thisiskimocoder/openwrt
that referenced
this pull request
Oct 29, 2024
apk/openwrt-snapshots.pem contains Elliptic Curve based public key which is going to be used for signing of apk's package.adb package indexes after the builds using `apk adbsign --sign-key <key> packages.adb` command on the buildbot. References: openwrt/buildbot#46 Link: openwrt#16539 Signed-off-by: Petr Štetiar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With this commit it's possible to sign APK package indexes (packages.adb) via the
signall.shscript, which is run on the buildmaster. As a consequenceapkmust be available on the buildmaster. This is the final step to replace OPKG with APK.