aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbuildos9
-rw-r--r--doc/manual.cli14
2 files changed, 19 insertions, 4 deletions
diff --git a/buildos b/buildos
index c91c554..872a5a0 100755
--- a/buildos
+++ b/buildos
@@ -101,6 +101,15 @@ else
tc_root="/build/tftp"
tc_path="$tc_root/$tc_file"
tc_ver=
+
+ # If buildos.toolchain_trust was not specified, set it to "no" so that
+ # we don't prompt if the repository happens to be signed.
+ #
+ if [ -n "$toolchain_trust" ]; then
+ tc_trust="$toolchain_trust"
+ else
+ tc_trust="no"
+ fi
fi
# Calculate the file checksum using the shaNNNsum utility.
diff --git a/doc/manual.cli b/doc/manual.cli
index e61caa2..b7aca34 100644
--- a/doc/manual.cli
+++ b/doc/manual.cli
@@ -126,13 +126,14 @@ label buildos
menu label buildos
kernel /buildos/buildos-image
initrd /buildos/buildos-initrd
- append buildos.smtp_relay=example.org buildos.admin_email=admin@example.org buildos.buildid_url=tftp://<os-host>/buildos/buildos-buildid buildos.toolchain_url=https://<toolchain-host>/toolchain.sha256
+ append buildos.smtp_relay=example.org buildos.admin_email=admin@example.org buildos.buildid_url=tftp://<os-host>/buildos/buildos-buildid buildos.toolchain_url=https://<toolchain-host>/toolchain.sha256 buildos.toolchain_trust=<repo-fp>
EOF
\
Where \c{<os-host>} is the address of the TFTP server (the same address as
-returned by the DHCP server to PXE clients) and \c{<toolchain-host>} is the
-host that serves the toolchain archives. Note that all the parameters in
+returned by the DHCP server to PXE clients), \c{<toolchain-host>} is the host
+that serves the toolchain archives, and \c{<repo-fp>} is the toolchain
+repository certificate fingerprint to trust. Note that all the parameters in
\c{append} must be specified on a single line.|
\li|You can test the setup using QEMU/KVM, for example:
@@ -295,7 +296,12 @@ buildos.ssh_key=\"ssh-rsa AAA...OA0DB user@host\"
The first step performed by the Build OS monitor is to bootstrap the
\c{build2} toolchain. The location of the toolchain packages is specified with
the \c{buildos.toolchain_url} kernel command line parameter. This URL should
-point to the \i{toolchain checksums file}.
+point to the \i{toolchain checksums file}. You will also normally need to pass
+the \c{buildos.toolchain_trust} parameter which is the toolchain repository
+certificate fingerprint that the monitor should trust. Note also that the
+bootstrap process (both on the build host and inside build machines) uses the
+default toolchain repository location embedded into the build scripts in the
+\c{build2-toolchain} package.
Each line in the checksums file is the output of the \c{shaNNNsum(1)} utility,
that is, the SHANNN sum following by space, an asterisk (\c{*}) which signals