Signing packages with docker sdk?

PolynomialDivision · November 13, 2020, 7:39pm

We build a script using the openwrt docker-sdk that builds our feed:

Freifunk-Spalter/repo_builder/blob/master/build_feed

#!/bin/bash

if [ "$1" == "incontainer" ]; then
  INSTR_SET="$(ls build_dir | awk -F'-|(_musl)' '{print $2}')"
  if [ -d "bin/packages/$INSTR_SET" ]
  then
    echo "$INSTR_SET was built before. Skip";
    exit 0;
  fi
  echo "$FEED_LINE" >> feeds.conf.default
  ./scripts/feeds update -a # luci falter
  ./scripts/feeds install -a -p falter
  make defconfig
  echo "$FEED_NAME"
  for pkg in $(./scripts/feeds list -r $FEED_NAME | awk '{print $1}'); do
    make package/$pkg/compile -j8
  done
  make package/index
else
  SDK_TAG="$1"

This file has been truncated. show original

I can not use it since, the signature is wrong?

In the normal image-builder u have all that key-build.* stuff handling the keys. Where is the key in the docker sdk?

anon50098793 · November 13, 2020, 7:58pm

@Andy2244 is my reference for stuff of this nature... you'll likely find some good tips here

PolynomialDivision · November 13, 2020, 9:00pm

I found something:

staging_dir/host/bin/usign -G -p key-build.pub -s key-build

PolynomialDivision · November 13, 2020, 10:32pm

First, compile packages.
Compile and install usign on your normal system: https://git.openwrt.org/project/usign.git

U can now use this little script to sign all your packages:

#!/bin/bash

package_list=$(find -name "Packages")
for list in $package_list; do
	usign -S -m $list -s key-build
done