mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-09 11:21:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

offline_signing: include kernel in official updates

Browse Source
This commit is contained in:
Michael Marineau 2016-09-19 12:14:24 -07:00
parent 1092afd240
commit 5da26fa912
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core_sign_update
View File

@ -15,7 +15,8 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
export GCLIENT_ROOT=$(readlink -f "${SCRIPT_ROOT}/../../") export GCLIENT_ROOT=$(readlink -f "${SCRIPT_ROOT}/../../")
. "${SCRIPT_ROOT}/common.sh" || exit 1 . "${SCRIPT_ROOT}/common.sh" || exit 1
DEFINE_string image "" "The image that should be sent to clients." DEFINE_string image "" "The filesystem image of /usr"
DEFINE_string kernel "" "The kernel image"
DEFINE_string output "" "Output file" DEFINE_string output "" "Output file"
DEFINE_string private_keys "" "Path to private key in .pem format." DEFINE_string private_keys "" "Path to private key in .pem format."
DEFINE_string public_keys "" "Path to public key in .pem format." DEFINE_string public_keys "" "Path to public key in .pem format."
@ -39,6 +40,7 @@ trap cleanup INT TERM EXIT
delta_generator \ delta_generator \
-new_image "$FLAGS_image" \ -new_image "$FLAGS_image" \
-new_kernel "$FLAGS_kernel" \
-out_file update -out_file update
IFS=: read -a private_keys <<< "$FLAGS_private_keys" IFS=: read -a private_keys <<< "$FLAGS_private_keys"

3
offline_signing/download.sh
View File

@ -7,10 +7,13 @@ GS="gs://builds.release.core-os.net/stable/boards/amd64-usr/$VERSION"
cd "${2:-.}" cd "${2:-.}"
gsutil cp \ gsutil cp \
"${GS}/coreos_production_image.vmlinuz.bz2" \
"${GS}/coreos_production_image.vmlinuz.bz2.sig" \
"${GS}/coreos_production_update.bin.bz2" \ "${GS}/coreos_production_update.bin.bz2" \
"${GS}/coreos_production_update.bin.bz2.sig" \ "${GS}/coreos_production_update.bin.bz2.sig" \
"${GS}/coreos_production_update.zip" \ "${GS}/coreos_production_update.zip" \
"${GS}/coreos_production_update.zip.sig" ./ "${GS}/coreos_production_update.zip.sig" ./
gpg --verify "coreos_production_image.vmlinuz.bz2.sig"
gpg --verify "coreos_production_update.bin.bz2.sig" gpg --verify "coreos_production_update.bin.bz2.sig"
gpg --verify "coreos_production_update.zip.sig" gpg --verify "coreos_production_update.zip.sig"

3
offline_signing/sign.sh
View File

@ -5,8 +5,10 @@ DATA_DIR="$(readlink -f "$1")"
KEYS_DIR="$(readlink -f "$(dirname "$0")")" KEYS_DIR="$(readlink -f "$(dirname "$0")")"
gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig" gpg2 --verify "${DATA_DIR}/coreos_production_update.bin.bz2.sig"
gpg2 --verify "${DATA_DIR}/coreos_production_image.vmlinuz.bz2.sig"
gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig" gpg2 --verify "${DATA_DIR}/coreos_production_update.zip.sig"
bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2" bunzip2 --keep "${DATA_DIR}/coreos_production_update.bin.bz2"
bunzip2 --keep "${DATA_DIR}/coreos_production_image.vmlinuz.bz2"
unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}" unzip "${DATA_DIR}/coreos_production_update.zip" -d "${DATA_DIR}"
export PATH="${DATA_DIR}:${PATH}" export PATH="${DATA_DIR}:${PATH}"
@ -14,6 +16,7 @@ export PATH="${DATA_DIR}:${PATH}"
cd "${DATA_DIR}" cd "${DATA_DIR}"
./core_sign_update \ ./core_sign_update \
--image "${DATA_DIR}/coreos_production_update.bin" \ --image "${DATA_DIR}/coreos_production_update.bin" \
--kernel "${DATA_DIR}/coreos_production_image.vmlinuz" \
--output "${DATA_DIR}/coreos_production_update.gz" \ --output "${DATA_DIR}/coreos_production_update.gz" \
--private_keys "${KEYS_DIR}/devel.key.pem:${KEYS_DIR}/prod-2.key.pem" \ --private_keys "${KEYS_DIR}/devel.key.pem:${KEYS_DIR}/prod-2.key.pem" \
--public_keys "${KEYS_DIR}/devel.pub.pem:${KEYS_DIR}/prod-2.pub.pem" --public_keys "${KEYS_DIR}/devel.pub.pem:${KEYS_DIR}/prod-2.pub.pem"