From 8434da1a579dc15090cbd1dc57cd8d83c6de613e Mon Sep 17 00:00:00 2001 From: Patrick Vacek Date: Tue, 20 Aug 2019 16:59:49 +0200 Subject: aktualizr: latest garage-sign with expiration support. Use GARAGE_TARGET_EXPIRES or GARAGE_TARGET_EXPIRE_AFTER (but not both!) to set the garage-sign parameters. Signed-off-by: Patrick Vacek --- classes/image_types_ostree.bbclass | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'classes/image_types_ostree.bbclass') diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 2e8e8f5..fd67865 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass @@ -237,10 +237,18 @@ IMAGE_CMD_garagesign () { # Push may fail due to race condition when multiple build machines try to push simultaneously # in which case targets.json should be pulled again and the whole procedure repeated push_success=0 - target_url="" - if [ -n "${GARAGE_TARGET_URL}" ]; then - target_url='--url ${GARAGE_TARGET_URL}' - fi + target_url="" + if [ -n "${GARAGE_TARGET_URL}" ]; then + target_url="--url ${GARAGE_TARGET_URL}" + fi + target_expiry="" + if [ -n "${GARAGE_TARGET_EXPIRES}" ] && [ -n "${GARAGE_TARGET_EXPIRE_AFTER}" ]; then + bbfatal "Both GARAGE_TARGET_EXPIRES and GARAGE_TARGET_EXPIRE_AFTER are set. Only one can be set at a time." + elif [ -n "${GARAGE_TARGET_EXPIRES}" ]; then + target_expiry="--expires ${GARAGE_TARGET_EXPIRES}" + elif [ -n "${GARAGE_TARGET_EXPIRE_AFTER}" ]; then + target_expiry="--expire-after ${GARAGE_TARGET_EXPIRE_AFTER}" + fi for push_retries in $( seq 3 ); do garage-sign targets pull --repo tufrepo \ @@ -262,6 +270,7 @@ IMAGE_CMD_garagesign () { fi garage-sign targets sign --repo tufrepo \ --home-dir ${GARAGE_SIGN_REPO} \ + ${target_expiry} \ --key-name=targets errcode=0 garage-sign targets push --repo tufrepo \ -- cgit v1.2.3-54-g00ecf