diff --git a/scripts/build_image/build_alpine.bash b/scripts/build_image/build_alpine.bash index 2931413..414cec1 100755 --- a/scripts/build_image/build_alpine.bash +++ b/scripts/build_image/build_alpine.bash @@ -7,13 +7,18 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ############## Setup ######################### function cleanup { + sync + for f in "${gpgagents[@]}"; do + >&2 echo "Killing gpg-agent $f" + GNUPGHOME="$f" gpgconf --kill gpg-agent + done for f in "${jails[@]}"; do >&2 echo "Stopping jail $f" jail -r "$f" done for (( idx=${#mountedfolders[@]}-1 ; idx>=0 ; idx-- )) ; do >&2 echo "Unmounting folder ${mountedfolders[idx]}" - umount "${mountedfolders[idx]}" + umount -f "${mountedfolders[idx]}" done for f in "${memorydevices[@]}"; do >&2 echo "Removing memory device $f" @@ -28,6 +33,7 @@ folders=() jails=() memorydevices=() mountedfolders=() +gpgagents=() for sig in EXIT INT QUIT HUP TERM; do trap "set +e; cleanup" "$sig" done @@ -157,8 +163,11 @@ function download_alpine { sha256 -c "$ALPINE_SHA256" "${download_directory}/${ALPINE_TARBALL}" local keyring="$work_directory/keyring" - gpg --no-default-keyring --keyring "$keyring" --trust-model always --import <<<"$ALPINE_KEY" - gpg --no-default-keyring --keyring "$keyring" --trust-model always --verify <(cat <<<"$ALPINE_SIGNATURE") "${download_directory}/${ALPINE_TARBALL}" + local gpghome="$work_directory/gpghome" + (umask 077 && mkdir "$gpghome") + GNUPGHOME="$gpghome" gpg --no-default-keyring --keyring "$keyring" --trust-model always --import <<<"$ALPINE_KEY" + gpgagents+=("$gpghome") + GNUPGHOME="$gpghome" gpg --no-default-keyring --keyring "$keyring" --trust-model always --verify <(cat <<<"$ALPINE_SIGNATURE") "${download_directory}/${ALPINE_TARBALL}" } function make_chroot {