I'm just reading this from the bottom up now... The last suggestion from James could be just something like this: http://paste.ubuntu.com/590764/ with some checks along the way.
Could that be a part of the "testdrive" script?
I think this covers the last point from lool:
> * provide a tool which downloads and verifies Linaro images (for instance, shell script or pygtk UI)
but not these:
> * add the GPG key of the current Offspring instance to linaro-image-tools
> * change linaro-media-create to verify rootfs.asc and hwpack.asc when passed --binary rootfs --hwpack hwpack args
> * change linaro-hwpack-create to include PPA keys when the hwpack includes PPAs and linaro-hwpack-install to install them and setup the corresponding PPAs when the hwpack includes keys and PPAs
Would these still be needed even with the "outside" signing with the sha1sums files?
I'm just reading this from the bottom up now... The last suggestion from James could be just something like this: http:// paste.ubuntu. com/590764/ with some checks along the way.
Could that be a part of the "testdrive" script?
I think this covers the last point from lool:
> * provide a tool which downloads and verifies Linaro images (for instance, shell script or pygtk UI)
but not these: hwpack- create to include PPA keys when the hwpack includes PPAs and linaro- hwpack- install to install them and setup the corresponding PPAs when the hwpack includes keys and PPAs
> * add the GPG key of the current Offspring instance to linaro-image-tools
> * change linaro-media-create to verify rootfs.asc and hwpack.asc when passed --binary rootfs --hwpack hwpack args
> * change linaro-
Would these still be needed even with the "outside" signing with the sha1sums files?