mirror of
https://github.com/BastilleBSD/bastille.git
synced 2025-12-12 01:49:51 +01:00
Merge pull request #1338 from BastilleBSD/pkg-base-fix
This commit is contained in:
tschettervictor
GitHub
@@ -320,31 +320,34 @@ bootstrap_release_pkgbase() {
|
||||
if [ "${PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
|
||||
local abi="${PLATFORM_OS}:${MAJOR_VERSION}:${HW_MACHINE_ARCH}"
|
||||
local fingerprints="${bastille_releasesdir}/${RELEASE}/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
local host_fingerprintsdir="/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
local release_fingerprintsdir="${bastille_releasesdir}/${RELEASE}/usr/share/keys"
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
if [ "${FREEBSD_BRANCH}" = "release" ]; then
|
||||
local repo_name="FreeBSD-base-release-${MINOR_VERSION}"
|
||||
local release_fingerprintsdir="${bastille_releasesdir}/${RELEASE}/usr/share/keys"
|
||||
local host_fingerprintsdir="/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
local fingerprints="${bastille_releasesdir}/${RELEASE}/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
elif [ "${FREEBSD_BRANCH}" = "current" ]; then
|
||||
local repo_name="FreeBSD-base-latest"
|
||||
local release_fingerprintsdir="${bastille_releasesdir}/${RELEASE}/usr/share/keys"
|
||||
local host_fingerprintsdir="/usr/share/keys/pkg"
|
||||
local fingerprints="${bastille_releasesdir}/${RELEASE}/usr/share/keys/pkg"
|
||||
fi
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
|
||||
# Verify trusted pkg keys
|
||||
if [ ! -f "${host_fingerprintsdir}/trusted/awskms-${MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${host_fingerprintsdir}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${MAJOR_VERSION}/trusted/awskms-${MAJOR_VERSION}
|
||||
then
|
||||
ERRORS=$((ERRORS + 1))
|
||||
error_notify "[ERROR]: Failed to fetch trusted pkg keys."
|
||||
return 1
|
||||
if [ "${FREEBSD_BRANCH}" = "release" ]; then
|
||||
if [ ! -f "${host_fingerprintsdir}/trusted/awskms-${MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${host_fingerprintsdir}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${MAJOR_VERSION}/trusted/awskms-${MAJOR_VERSION}; then
|
||||
ERRORS=$((ERRORS + 1))
|
||||
error_notify "[ERROR]: Failed to fetch trusted pkg keys."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ ! -f "${host_fingerprintsdir}/trusted/backup-signing-${MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${host_fingerprintsdir}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${MAJOR_VERSION}/trusted/backup-signing-${MAJOR_VERSION}
|
||||
then
|
||||
ERRORS=$((ERRORS + 1))
|
||||
error_notify "[ERROR]: Failed to fetch trusted backup pkg keys."
|
||||
return 1
|
||||
if [ ! -f "${host_fingerprintsdir}/trusted/backup-signing-${MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${host_fingerprintsdir}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${MAJOR_VERSION}/trusted/backup-signing-${MAJOR_VERSION}; then
|
||||
ERRORS=$((ERRORS + 1))
|
||||
error_notify "[ERROR]: Failed to fetch trusted backup pkg keys."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@@ -2,14 +2,14 @@ FreeBSD-base-latest: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_latest",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-weekly: {
|
||||
url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_weekly",
|
||||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkgbase-${VERSION_MAJOR}",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
enabled: yes
|
||||
}
|
||||
FreeBSD-base-release-0: {
|
||||
|
||||
@@ -134,7 +134,7 @@ jail_check() {
|
||||
# Validate update method
|
||||
MINOR_VERSION=$(echo ${OLD_RELEASE} | sed -E 's/^[0-9]+\.([0-9]+)-.*$/\1/')
|
||||
MAJOR_VERSION=$(echo ${OLD_RELEASE} | grep -Eo '^[0-9]+')
|
||||
if echo "${OLD_RELEASE}" | grep -oq "\-CURRENT"; then
|
||||
if echo "${OLD_RELEASE}" | grep -Eoq "(\-CURRENT|\-STABLE)"; then
|
||||
FREEBSD_BRANCH="current"
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
@@ -196,13 +196,14 @@ jail_update_pkgbase() {
|
||||
|
||||
local jailpath="${bastille_jailsdir}/${TARGET}/root"
|
||||
local abi="FreeBSD:${MAJOR_VERSION}:${HW_MACHINE_ARCH}"
|
||||
local fingerprints="${jailpath}/usr/share/keys/pkg"
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
if [ "${FREEBSD_BRANCH}" = "release" ]; then
|
||||
local repo_name="FreeBSD-base-release-${MINOR_VERSION}"
|
||||
local fingerprints="${jailpath}/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
elif [ "${FREEBSD_BRANCH}" = "current" ]; then
|
||||
local repo_name="FreeBSD-base-latest"
|
||||
local fingerprints="${jailpath}/usr/share/keys/pkg"
|
||||
fi
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
|
||||
# Update repo (pkgbase)
|
||||
if ! pkg --rootdir "${jailpath}" \
|
||||
@@ -271,7 +272,7 @@ release_check() {
|
||||
# Validate update method
|
||||
MINOR_VERSION=$(echo ${TARGET} | sed -E 's/^[0-9]+\.([0-9]+)-.*$/\1/')
|
||||
MAJOR_VERSION=$(echo ${TARGET} | grep -Eo '^[0-9]+')
|
||||
if echo "${TARGET}" | grep -oq "\-CURRENT"; then
|
||||
if echo "${TARGET}" | grep -Eoq "(\-CURRENT|\-STABLE)"; then
|
||||
FREEBSD_BRANCH="current"
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
@@ -330,21 +331,24 @@ release_update() {
|
||||
release_update_pkgbase() {
|
||||
|
||||
if [ "${RELEASE_PLATFORM_OS}" = "FreeBSD" ]; then
|
||||
|
||||
|
||||
local release_dir="${bastille_releasesdir}/${TARGET}"
|
||||
local abi="FreeBSD:${MAJOR_VERSION}:${HW_MACHINE_ARCH}"
|
||||
local fingerprints="${release_dir}/usr/share/keys/pkg"
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
if [ "${FREEBSD_BRANCH}" = "release" ]; then
|
||||
local repo_name="FreeBSD-base-release-${MINOR_VERSION}"
|
||||
local fingerprints="${release_dir}/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
elif [ "${FREEBSD_BRANCH}" = "current" ]; then
|
||||
local repo_name="FreeBSD-base-latest"
|
||||
local fingerprints="${release_dir}/usr/share/keys/pkg"
|
||||
fi
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
|
||||
# Update repo (pkgbase)
|
||||
if ! pkg --rootdir "${release_dir}" \
|
||||
--repo-conf-dir "${repo_dir}" \
|
||||
-o IGNORE_OSVERSION="yes" \
|
||||
-o VERSION_MAJOR="${MAJOR_VERSION}" \
|
||||
-o VERSION_MINOR="${MINOR_VERSION}" \
|
||||
-o ABI="${abi}" \
|
||||
-o ASSUME_ALWAYS_YES="yes" \
|
||||
-o FINGERPRINTS="${fingerprints}" \
|
||||
@@ -357,6 +361,8 @@ release_update_pkgbase() {
|
||||
if ! pkg --rootdir "${release_dir}" \
|
||||
--repo-conf-dir "${repo_dir}" \
|
||||
-o IGNORE_OSVERSION="yes" \
|
||||
-o VERSION_MAJOR="${MAJOR_VERSION}" \
|
||||
-o VERSION_MINOR="${MINOR_VERSION}" \
|
||||
-o ABI="${abi}" \
|
||||
-o ASSUME_ALWAYS_YES="yes" \
|
||||
-o FINGERPRINTS="${fingerprints}" \
|
||||
|
||||
@@ -127,7 +127,7 @@ thick_jail_check() {
|
||||
# Validate PKGBASE or non-PKGBASE
|
||||
if pkg -r "${bastille_jailsdir}/${TARGET}/root" which /usr/bin/uname > /dev/null 2>&1; then
|
||||
PKGBASE=1
|
||||
if echo "${NEW_RELEASE}" | grep -oq "\-CURRENT"; then
|
||||
if echo "${NEW_RELEASE}" | grep -Eoq "(\-CURRENT|\-STABLE)"; then
|
||||
FREEBSD_BRANCH="current"
|
||||
else
|
||||
FREEBSD_BRANCH="release"
|
||||
@@ -317,27 +317,28 @@ jail_upgrade_pkgbase() {
|
||||
|
||||
local jailpath="${bastille_jailsdir}/${TARGET}/root"
|
||||
local abi="FreeBSD:${NEW_MAJOR_VERSION}:${HW_MACHINE_ARCH}"
|
||||
local fingerprints="${jailpath}/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
if [ "${FREEBSD_BRANCH}" = "release" ]; then
|
||||
local repo_name="FreeBSD-base-release-${NEW_MINOR_VERSION}"
|
||||
local fingerprints="${jailpath}/usr/share/keys/pkgbase-${MAJOR_VERSION}"
|
||||
elif [ "${FREEBSD_BRANCH}" = "current" ]; then
|
||||
local repo_name="FreeBSD-base-latest"
|
||||
local fingerprints="${jailpath}/usr/share/keys/pkg"
|
||||
fi
|
||||
local repo_dir="${bastille_sharedir}/pkgbase"
|
||||
|
||||
info "\n[${TARGET}]:"
|
||||
|
||||
# Verify trusted pkg keys
|
||||
if [ ! -f "${fingerprints}/trusted/awskms-${NEW_MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${fingerprints}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${NEW_MAJOR_VERSION}/trusted/awskms-${NEW_MAJOR_VERSION}
|
||||
then
|
||||
error_exit "[ERROR]: Failed to fetch trusted pkg keys."
|
||||
if [ "${FREEBSD_BRANCH}" = "release" ]; then
|
||||
if [ ! -f "${fingerprints}/trusted/awskms-${NEW_MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${fingerprints}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${NEW_MAJOR_VERSION}/trusted/awskms-${NEW_MAJOR_VERSION}; then
|
||||
error_exit "[ERROR]: Failed to fetch trusted pkg keys."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ ! -f "${fingerprints}/trusted/backup-signing-${NEW_MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${fingerprints}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${NEW_MAJOR_VERSION}/trusted/backup-signing-${NEW_MAJOR_VERSION}
|
||||
then
|
||||
error_exit "[ERROR]: Failed to fetch trusted backup pkg keys."
|
||||
if [ ! -f "${fingerprints}/trusted/backup-signing-${NEW_MAJOR_VERSION}" ]; then
|
||||
if ! fetch -o "${fingerprints}/trusted" https://cgit.freebsd.org/src/tree/share/keys/pkgbase-${NEW_MAJOR_VERSION}/trusted/backup-signing-${NEW_MAJOR_VERSION}; then
|
||||
error_exit "[ERROR]: Failed to fetch trusted backup pkg keys."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user