mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-10 06:26:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
0126898d23
flatcar-scripts/bin/cros_resign_image.sh
Greg Spencer 798d75f3be This starts to fix the scripts so that they load from /usr/lib/crosutils 
from within the chroot.

It also fixes a number of style issues.

It changes the meaning of cros_workon "list-all" to list all available
packages, and adds "list-live" to list all live packages.

It changes things that load chromeos-common.sh from the installer to
load it from /usr/lib/installer.

BUG=chromium-os:4230
TEST=synced, rebuilt chroot, made packages, made images, built chrome
from source, and wrote an image to a USB stick.

Review URL: http://codereview.chromium.org/6240018

Change-Id: I90c34420af1a64020402bafef8e9e77f56837c02
2011-02-01 22:04:49 -08:00

119 lines
3.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Script to resign the kernel partition generated in the output of build_image
# with keys of our choosing.
# --- BEGIN COMMON.SH BOILERPLATE ---
# Load common CrOS utilities. Inside the chroot this file is installed in
# /usr/lib/crosutils. Outside the chroot we find it relative to the script's
# location.
find_common_sh() {
local common_paths=(/usr/lib/crosutils "$(dirname "$(readlink -f "$0")")/..")
local path
SCRIPT_ROOT=
for path in "${common_paths[@]}"; do
if [ -r "${path}/common.sh" ]; then
SCRIPT_ROOT=${path}
break
fi
done
}
find_common_sh
. "${SCRIPT_ROOT}/common.sh" || (echo "Unable to load common.sh" && exit 1)
# --- END COMMON.SH BOILERPLATE ---
# Need to be inside the chroot to load chromeos-common.sh
assert_inside_chroot
# Load functions and constants for chromeos-install
. "/usr/lib/installer/chromeos-common.sh" || \
die "Unable to load /usr/lib/installer/chromeos-common.sh"
locate_gpt
DEFINE_string from "chromiumos_image.bin" \
"Input file name of Chrome OS image to re-sign."
DEFINE_string datakey "" \
"Private Kernel Data Key (.vbprivk) to use for re-signing."
DEFINE_string keyblock "" \
"Kernel Keyblock (.keyblock) to use for generating the vblock"
DEFINE_string to "" \
"Output file name for the re-signed image."
DEFINE_string vsubkey "" \
"(Optional) Public Kernel SubKey (.vbpubk) to use for testing verification."
DEFINE_string vbutil_dir "" \
"(Optional) Path to directory containing vboot utility binaries"
DEFINE_integer bootflags 0 \
"(Optional) Boot flags to use for verifying the output image"
# Parse command line
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"
# Abort on error
set -e
if [ -z $FLAGS_from ] || [ ! -f $FLAGS_from ] ; then
echo "Error: invalid flag --from"
exit 1
fi
if [ -z $FLAGS_datakey ] || [ ! -f $FLAGS_datakey ] ; then
echo "Error: invalid kernel data key"
exit 1
fi
if [ -z $FLAGS_keyblock ] || [ ! -f $FLAGS_keyblock ] ; then
echo "Error: invalid kernel keyblock"
exit 1
fi
if [ -z $FLAGS_to ]; then
echo "Error: invalid flag --to"
exit 1
fi
sector_size=512 # sector size in bytes
num_sectors_vb=128 # number of sectors in kernel verification blob
koffset="$(partoffset ${FLAGS_from} 2)"
ksize="$(partsize ${FLAGS_from} 2)"
echo "Re-signing image ${FLAGS_from} and outputting ${FLAGS_to}"
temp_kimage=$(mktemp)
trap "rm -f ${temp_kimage}" EXIT
temp_out_vb=$(mktemp)
trap "rm -f ${temp_out_vb}" EXIT
# Grab the kernel image in preparation for resigning
dd if="${FLAGS_from}" of="${temp_kimage}" skip=$koffset bs=$sector_size \
count=$ksize
${FLAGS_vbutil_dir}vbutil_kernel \
--repack "${temp_out_vb}" \
--vblockonly \
--keyblock "${FLAGS_keyblock}" \
--signprivate "${FLAGS_datakey}" \
--oldblob "${temp_kimage}"
# Create a copy of the input image and put in the new vblock
cp "${FLAGS_from}" "${FLAGS_to}"
dd if="${temp_out_vb}" of="${FLAGS_to}" seek=$koffset bs=$sector_size \
count=$num_sectors_vb conv=notrunc
# Only test verification if the public subkey was passed in.
if [ ! -z $FLAGS_vsubkey ]; then
${FLAGS_vbutil_dir}load_kernel_test "${FLAGS_to}" "${FLAGS_vsubkey}" \
${FLAGS_bootflags}
fi
echo "New signed image was output to ${FLAGS_to}"
# Clean up temporary files
rm -f ${temp_kimage}
rm -f ${temp_out_vb}
Reference in New Issue View Git Blame Copy Permalink