starlingx
/
root
Code Issues Proposed changes
root/build-tools/sign_initramfs-sign-script

52 lines
3.0 KiB
Plaintext
Raw Permalink Blame History

#
# Copyright (c) 2023 Wind River Systems, Inc.
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. The ASF licenses this
# file to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# Fragment of base-bullseye.yaml for initramfs-sign-script definition
echo "***Start initramfs-sign-script***"
SIGNING_SERVER=INPUT_SIGNING_SERVER
INITRAMFS_PATH=/localdisk/deploy/
INITRAMFS_INIT=$(ls ${INITRAMFS_PATH}/starlingx-initramfs-ostree-image-intel-x86-64-*.rootfs.cpio.gz)
[ -z ${INITRAMFS_INIT} ] && { echo "No initramfs file!"; exit 1; }
INITRAMFS_FILE=$(basename ${INITRAMFS_INIT})
INITRD_MINI_FILE=initrd-mini
INITRD_MINI_PATH=/localdisk/workdir/starlingx/rootfs/var/miniboot/
SSH_OPTION_NOCHECKING="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
REQUEST=$(ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER} sudo /opt/signing/sign-debian.sh -r)
UPLOAD_PATH=${REQUEST#*Upload: }
echo UPLOAD_PATH: ${UPLOAD_PATH}
[ -z ${UPLOAD_PATH}] && { echo "Fail to request for upload path!"; exit 1; }
echo "(4) Sign initramfs"
scp ${SSH_OPTION_NOCHECKING} ${INITRAMFS_PATH}/${INITRAMFS_FILE} ${SIGNING_SERVER}:${UPLOAD_PATH} \
|| { echo "Fail to copy initramfs file to signing server!"; exit 1; }
ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER} \
sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRAMFS_FILE} -t grub-gpg \
|| { echo "Fail to sign initramfs file!"; exit 1; }
scp ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER}:${UPLOAD_PATH}/${INITRAMFS_FILE}.sig ${INITRAMFS_PATH} \
|| { echo "Fail to copy back initramfs sig file!"; exit 1; }
ln -snf -r ${INITRAMFS_PATH}/${INITRAMFS_FILE}.sig ${INITRAMFS_PATH}/starlingx-initramfs-ostree-image-intel-x86-64.cpio.gz.sig \
|| { echo "Fail to create the initramfs sig file's link!"; exit 1; }
echo "(5) Sign mini initramfs"
scp ${SSH_OPTION_NOCHECKING} ${INITRD_MINI_PATH}/${INITRD_MINI_FILE} ${SIGNING_SERVER}:${UPLOAD_PATH} \
|| { echo "Fail to copy mini initrd file to signing server!"; exit 1; }
ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER} \
sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRD_MINI_FILE} -t grub-gpg \
|| { echo "Fail to sign mini initrd file!"; exit 1; }
scp ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER}:${UPLOAD_PATH}/${INITRD_MINI_FILE}.sig ${INITRD_MINI_PATH} \
|| { echo "Fail to copy back mini initrd sig file!"; exit 1; }
echo "***Finish initramfs-sign-script***"
View Git Blame Copy Permalink