mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-21 13:57:52 +00:00
005a19eeda
key-init makes sure trustdb is updated at run time and user and distro keys are ultimately trusted. Each time a file is signed, the related public key is showed without error on it's trustability. flash-gui deals with gpg1 to gpg2 migration. If pubring.kbx is found, pubring.gpg is deleted from running rom dump.
18 lines
770 B
Bash
Executable File
18 lines
770 B
Bash
Executable File
#!/bin/ash
|
|
set -e -o pipefail
|
|
. /etc/functions
|
|
|
|
# Post processing of keys
|
|
|
|
# Import user's keys
|
|
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || true
|
|
|
|
# Import trusted distro keys allowed for ISO signing
|
|
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true
|
|
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
|
|
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true
|
|
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true
|
|
|
|
# Add user's keys to the list of trusted keys for ISO signing
|
|
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true
|