commit: b8e7d17f7c7c0a30bdf024333cec1ea7e1c7c151
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 26 16:32:54 2025 +0000
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Fri Dec 26 16:32:54 2025 +0000
URL: https://gitweb.gentoo.org/proj/catalyst.git/commit/?id=b8e7d17f
In QCOW2 images, enable binpkg-request-signature by default, try 2
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
targets/support/create-qcow2.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/targets/support/create-qcow2.sh b/targets/support/create-qcow2.sh
index 499197f2..731ae8b4 100755
--- a/targets/support/create-qcow2.sh
+++ b/targets/support/create-qcow2.sh
@@ -163,6 +163,10 @@ mount ${mypartefi} "${mymountpoint}/boot" || qcow2die
"Could not mount boot part
echo "Copying files into the mounted directories from ${clst_stage_path}"
cp -a "${clst_stage_path}"/* "${mymountpoint}/" || qcow2die "Could not copy
content into mounted image"
+echo "Adding FEATURES=binpkg-request-signature to make.conf"
+echo '# Ensure that binary package signatures are verified' >>
"${mymountpoint}/etc/portage/make.conf" || qcow2die "Could not modify make.conf"
+echo 'FEATURES="binpkg-request-signature"' >>
"${mymountpoint}/etc/portage/make.conf" || qcow2die "Could not modify make.conf"
+
echo "Setting machine-id to empty"
# We are already running systemd-firstboot in a previous step, so we don't
want to run it again.
# The documented behaviour for an empty machine-id is that systemd generates a
new one and commits
