testing: Install packages like the FIPS-enabled OpenSSL from a custom apt repo
authorTobias Brunner <tobias@strongswan.org>
Tue, 8 Dec 2015 14:22:15 +0000 (15:22 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 16 Jun 2016 12:01:47 +0000 (14:01 +0200)
testing/scripts/build-baseimage
testing/scripts/recipes/012_openssl.mk [deleted file]
testing/testing.conf

index 76e4e81..3ad836b 100755 (executable)
@@ -19,7 +19,7 @@ INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libltdl-dev,liblog4cxx10-dev
 INC=$INC,libboost-thread-dev,libboost-system-dev,git-core,iperf,htop,screen
 INC=$INC,gnat,gprbuild,acpid,acpi-support-base,libldns-dev,libunbound-dev
 INC=$INC,dnsutils,hostapd,libsoup2.4-dev,ca-certificates,unzip
-INC=$INC,python,python-setuptools,python-dev,python-pip
+INC=$INC,python,python-setuptools,python-dev,python-pip,apt-transport-https
 INC=$INC,libjson0-dev,libxslt1-dev,libapache2-mod-wsgi,iptables-dev
 case "$BASEIMGSUITE" in
 wheezy)
@@ -86,6 +86,30 @@ execute "debootstrap --arch=$BASEIMGARCH --include=$INC $BASEIMGSUITE $LOOPDIR $
 execute "mount -t proc none $LOOPDIR/proc" 0
 do_on_exit graceful_umount $LOOPDIR/proc
 
+log_action "Downloading signing key for custom apt repo"
+execute_chroot "wget -q $BASEIMGEXTKEY -O /tmp/key"
+log_action "Installing signing key for custom apt repo"
+execute_chroot "apt-key add /tmp/key"
+
+log_action "Enabling custom apt repo"
+cat > $LOOPDIR/etc/apt/sources.list.d/strongswan.list << EOF
+deb $BASEIMGEXTREPO $BASEIMGSUITE main
+EOF
+log_status $?
+
+log_action "Prioritize custom apt repo"
+cat > $LOOPDIR/etc/apt/preferences.d/strongswan.pref << EOF
+Package: *
+Pin: origin "$BASEIMGEXTREPOHOST"
+Pin-Priority: 1001
+EOF
+log_status $?
+
+log_action "Update package sources"
+execute_chroot "apt-get update"
+log_action "Install packages from custom repo"
+execute_chroot "apt-get -y upgrade"
+
 for service in $SERVICES
 do
        log_action "Disabling service $service"
diff --git a/testing/scripts/recipes/012_openssl.mk b/testing/scripts/recipes/012_openssl.mk
deleted file mode 100644 (file)
index 16aec23..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/make
-
-PV  = 1.0.1e
-PKG = openssl-$(PV)
-SRC = http://download.strongswan.org/testing/openssl-fips/
-
-all: install
-
-$(PKG):
-       wget -r $(SRC) --no-directories --directory-prefix $(PKG) --accept deb --no-parent
-
-install: $(PKG)
-       cd $(PKG) && dpkg -i *.deb
index b23cd50..0abebe7 100644 (file)
@@ -53,6 +53,9 @@ fi
 : ${BASEIMGARCH=amd64}
 : ${BASEIMG=$IMGDIR/debian-$BASEIMGSUITE-$BASEIMGARCH.$IMGEXT}
 : ${BASEIMGMIRROR=http://http.debian.net/debian}
+: ${BASEIMGEXTREPOHOST=download.strongswan.org}
+: ${BASEIMGEXTKEY=https://$BASEIMGEXTREPOHOST/testing/repos/strongswan-testing.gpg.key}
+: ${BASEIMGEXTREPO=https://$BASEIMGEXTREPOHOST/testing/repos/apt/debian}
 
 # Directory shared between host and guests
 : ${SHAREDDIR=$BUILDDIR/shared/$BASEIMGSUITE}