mkarchiso: do not sign .sig files
Make sure existing sig files are deleted before creating new ones and make sure to not sign any sig files. This allows retrying failed mkarchiso runs without ending up with files such as vmlinuz.ipxe.sig.ipxe.sig. Fixes #198
This commit is contained in:
nl6720
parent
f4f0a3a5ec
commit
11971619a6
@ -12,6 +12,8 @@ Changed
|
|||||||
-------
|
-------
|
||||||
|
|
||||||
- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule.
|
- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule.
|
||||||
|
- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly
|
||||||
|
applicable when re-running ``mkarchiso`` after a failure.
|
||||||
|
|
||||||
Removed
|
Removed
|
||||||
-------
|
-------
|
||||||
|
|||||||
@ -1073,7 +1073,8 @@ _sign_netboot_artifacts() {
|
|||||||
_files_to_sign+=("${_dir}${_file}")
|
_files_to_sign+=("${_dir}${_file}")
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do
|
for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"!(*.sig) "${_dir}${arch}/initramfs-"*.img; do
|
||||||
|
rm -f -- "${_file}".ipxe.sig
|
||||||
openssl cms \
|
openssl cms \
|
||||||
-sign \
|
-sign \
|
||||||
-binary \
|
-binary \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user