Hello tech, The attached patch adds an autoinstall question to install.sub that lets the user specify a custom signify key for the SHA256.sig file.
I like to track -stable for a bunch of my servers, and it's convenient to make a release and use autoinstall with bsd.rd to keep up to date. I already use a personal signify key for packages, and it would be handy to be able to use the same key to sign my patched sets. I understand if this is an unwanted feature, and the preferred solution is to just add 'Continue without verification = yes' to auto_upgrade.conf. But if this might be a useful feature for more than just me, this patch might be of interest. Thank you, Todd
Index: distrib/miniroot/install.sub =================================================================== RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.867 diff -u -p -u -p -r1.867 install.sub --- distrib/miniroot/install.sub 27 Dec 2015 18:42:11 -0000 1.867 +++ distrib/miniroot/install.sub 7 Jan 2016 03:55:23 -0000 @@ -1224,7 +1224,8 @@ __EOT # user will know to try again. install_files() { local _src=$1 _files=$2 _f _sets _get_sets _n _col=$COLUMNS \ - _tmpfs _tmpsrc _cfile _fsrc _unver _t _issue _srclocal + _tmpfs _tmpsrc _cfile _fsrc _unver _t _issue _srclocal \ + _signifykey # Initialize _sets to the list of sets found in _src, and initialize # _get_sets to the intersection of _sets and DEFAULTSETS. @@ -1308,8 +1309,10 @@ install_files() { _issue="Cannot fetch SHA256.sig" && break # Verify signature file with public keys. - ! signify -Vep /etc/signify/openbsd-${VERSION}-base.pub \ - -x "$_cfile.sig" -m "$_cfile" && + _signifykey="/etc/signify/openbsd-${VERSION}-base.pub" + $AUTO && ask "Location of signify key" "$_signifykey" && + [[ $resp != none ]] && _signifykey=$resp + ! signify -Vep "$_signifykey" -x "$_cfile.sig" -m "$_cfile" && _issue="Signature check of SHA256.sig failed" && break for _f in $_get_sets; do Index: share/man/man8/autoinstall.8 =================================================================== RCS file: /cvs/src/share/man/man8/autoinstall.8,v retrieving revision 1.16 diff -u -p -u -p -r1.16 autoinstall.8 --- share/man/man8/autoinstall.8 15 May 2015 18:53:05 -0000 1.16 +++ share/man/man8/autoinstall.8 7 Jan 2016 03:55:26 -0000 @@ -180,6 +180,10 @@ A template file for autopartitioning is fetched from .Ar url allowing a custom partition layout for the root disk. +.It Location of signify key = Ar path +A path to the +.Xr signify 1 +public key used to verify the release distribution files. .El .Sh FILES .Bl -tag -width "/etc/dhcpd.confXXX" -compact