[arch-releng] [RFC 0/4] Add gpg signature verification for the squashfs image
Thomas Bächler
thomas at archlinux.org
Sat Feb 13 00:08:47 UTC 2016
I have recently been working on a better and more robust netboot setup. One change
is that booting via netboot needs to be secure, i.e. all files need to be verified.
One crucial step in this setup is that the squashfs image is verified before
the archiso initramfs tries to mount it. This patchset adds a new verify=y
option that forces archiso to verify the signature of the squashfs image.
In order to build an image with squashfs signatures:
1) Make sure gpg-agent is running for your user before starting the build process.
2) Run su -c "GNUPGHOME=/home/youruser/.gnupg /path/to/build.sh -g yourkeyid"
More information about the arch-releng
mailing list