generate_payload: handle the downloading of releases

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2025-08-10 06:26:57 +02:00 · 2023-12-15 11:08:08 +01:00 · 2023-12-15 11:08:08 +01:00 · ab72a2c2fe
commit ab72a2c2fe
parent b112006fa7
1 changed files with 63 additions and 53 deletions
--- a/32
+++ b/32
@ -2,11 +2,14 @@
 set -e
-if [ $# -ne 2 ]; then
+if [ $# -lt 1 ]; then
-    echo "usage: ${0} DATA_DIR KEYS_DIR"
+    echo "usage: $0 alpha:1786.0.0 beta:1781.2.0"
    exit 1
 fi
 # DOWNLOAD can be set to 1 to download release artifacts automatically.
 DOWNLOAD="${DOWNLOAD:-0}"
 if [ -z "${PRIVATE_KEYS}" ]; then
    echo "PRIVATE_KEYS must be set using the URI form (https://www.rfc-editor.org/rfc/rfc7512#section-2.3)"
    echo "or using an absolute or relative path."
@ -361,18 +364,24 @@ TkvXzMghTKTbYL9TjbK/CLzOR+5XXCHxXgDGLg==
 -----END PGP PUBLIC KEY BLOCK-----
 "
 DATA_DIR="$1"
 PUBLIC_KEYS_DIR="$2"
 GNUPGHOME="${PWD}/gnupg"
 mkdir -p "${GNUPGHOME}"
 chmod 700 "${GNUPGHOME}"
 trap 'rm -rf ${GNUPGHOME}' EXIT
 if [ "${DOWNLOAD}" != 0 ]; then
    echo "Downloading files"
    pushd ./data
    ./download_payloads "$@"
    popd
 fi
 # Setup GnuPG for verifying the image signature
 gpg --batch --quiet --import <<< "${GPG_KEY}"
-echo "Verifying files"
+for d in ./data/*/*; do
    DATA_DIR="${d}"
    echo "Verifying files for ${DATA_DIR}"
    # Check that we have a signature for the files we work on
    test -f "${DATA_DIR}/flatcar_production_update.bin.bz2.sig"
    test -f "${DATA_DIR}/flatcar_production_image.vmlinuz.sig"
@ -380,7 +389,7 @@ for FILE_PATH in "${DATA_DIR}"/*.sig; do
      gpg --verify "${FILE_PATH}"
    done
-echo "Generating extension payloads"
+    echo "Generating extension payloads for ${DATA_DIR}"
    shopt -s nullglob
    for EXTENSION_PATH in "${DATA_DIR}/flatcar-"*.raw "${DATA_DIR}/oem-"*.raw; do
      # Check that we have a signature for the files we work on
@ -392,7 +401,7 @@ for EXTENSION_PATH in "${DATA_DIR}/flatcar-"*.raw "${DATA_DIR}/oem-"*.raw; do
          --image "${EXTENSION_PATH}" \
          --output "${OUTPUT_PATH}" \
          --private_keys "${PRIVATE_KEYS}" \
-      --public_keys "${PUBLIC_KEYS_DIR}/flatcar.pub.pem" \
+          --public_keys "/mnt/host/source/src/scripts/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-au-key/files/official-v2.pub.pem" \
          --keys_separator "+"
      else
        echo "ERROR: Found update payload already: ${OUTPUT_PATH}."
@ -401,10 +410,10 @@ for EXTENSION_PATH in "${DATA_DIR}/flatcar-"*.raw "${DATA_DIR}/oem-"*.raw; do
    done
    shopt -u nullglob
-echo "Extracting flatcar_production_update.bin.bz2"
+    echo "Extracting flatcar_production_update.bin.bz2 for ${DATA_DIR}"
    bunzip2 -f -k "${DATA_DIR}/flatcar_production_update.bin.bz2"
-echo "Generating generic update payload"
+    echo "Generating generic update payload for ${DATA_DIR}"
    OUTPUT_PATH="${DATA_DIR}/flatcar_production_update.gz"
    if [ ! -f "${OUTPUT_PATH}" ]; then
        echo "Update payload not found. Building..."
@ -413,7 +422,7 @@ if [ ! -f "${OUTPUT_PATH}" ]; then
            --kernel "${DATA_DIR}/flatcar_production_image.vmlinuz" \
            --output "${OUTPUT_PATH}" \
            --private_keys "${PRIVATE_KEYS}" \
-        --public_keys "${PUBLIC_KEYS_DIR}/flatcar.pub.pem" \
+            --public_keys "/mnt/host/source/src/scripts/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-au-key/files/official-v2.pub.pem" \
            --keys_separator "+"
    else
        echo "ERROR: Found update payload already: ${OUTPUT_PATH}."
@ -421,3 +430,4 @@ else
    fi
    echo "Payload generated: ${OUTPUT_PATH}"
 done