sign_images.sh 938 B

123456789101112131415161718192021222324252627
  1. #!/bin/sh
  2. # directory where search for images
  3. TOP_DIR="${TOP_DIR:-./bin/targets}"
  4. # key to sign images
  5. BUILD_KEY="${BUILD_KEY:-key-build}" # TODO unify naming?
  6. # remove other signatures (added e.g. by buildbot)
  7. REMOVE_OTER_SIGNATURES="${REMOVE_OTER_SIGNATURES:-1}"
  8. # find all sysupgrade images in TOP_DIR
  9. # factory images don't need signatures as non libreCMC system doesn't check them anyway
  10. for image in $(find $TOP_DIR -type f -name "*-sysupgrade.bin"); do
  11. # check if image actually support metadata
  12. if fwtool -i /dev/null "$image"; then
  13. # remove all previous signatures
  14. if [ -n "$REMOVE_OTER_SIGNATURES" ]; then
  15. while [ "$?" = 0 ]; do
  16. fwtool -t -s /dev/null "$image"
  17. done
  18. fi
  19. # run same operation as build root does for signing
  20. cp "$BUILD_KEY.ucert" "$image.ucert"
  21. usign -S -m "$image" -s "$BUILD_KEY" -x "$image.sig"
  22. ucert -A -c "$image.ucert" -x "$image.sig"
  23. fwtool -S "$image.ucert" "$image"
  24. fi
  25. done