Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(574)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: scripts/image_signing/sign_official_build.sh

Issue 3066034: Add a script to generate builds signed using the official keys. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: . Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « scripts/image_signing/customize_image.sh ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 #!/bin/bash
2
3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file.
6
7 # Sign the final build image using the "official" keys.
8
9 # Usage: sign_for_ssd.sh <type> input_image /path/to/keys/dir output_image
10 #
11 # where <type> is one of:
12 # ssd (sign an SSD image)
13 # recovery (sign a USB recovery image)
14 # install (sign a factory install image)
15
16 # Load common constants and variables.
17 . "$(dirname "$0")/common.sh"
18
19 if [ $# -ne 4 ]; then
20 cat <<EOF
21 Usage: $0 <type> input_image /path/to/keys/dir output_image"
22 where <type> is one of:
23 ssd (sign an SSD image)
24 recovery (sign a USB recovery image)
25 install (sign a factory install image)
26 EOF
27 exit 1
28 fi
29
30 # Abort on errors.
31 set -e
32
33 TYPE=$1
34 INPUT_IMAGE=$2
35 KEY_DIR=$3
36 OUTPUT_IMAGE=$4
37
38
39 # Generate the SSD image
40 sign_for_ssd() {
41 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \
42 ${KEY_DIR}/kernel_data_key.vbprivk \
43 ${KEY_DIR}/kernel.keyblock
44 echo "Output signed SSD image to ${OUTPUT_IMAGE}"
45 }
46
47 # Generate the USB (recovery + install) image
48 sign_for_recovery() {
49 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \
50 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
51 ${KEY_DIR}/recovery_kernel.keyblock
52
53 # Now generate the installer vblock with the SSD keys.
54 temp_kimage=$(mktemp)
55 trap "rm -f ${temp_kimage}" EXIT
56 temp_out_vb=$(mktemp)
57 trap "rm -f ${temp_out_vb}" EXIT
58 extract_image_partition ${OUTPUT_IMAGE} 2 ${temp_kimage}
59 ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimage} ${temp_out_vb} \
60 ${KEY_DIR}/kernel_data_key.vbprivk \
61 ${KEY_DIR}/kernel.keyblock
62
63 # Copy the installer vblock to the stateful partition.
64 local stateful_dir=$(mktemp -d)
65 trap "sudo umount -d $stateful_dir; rm -rf $stateful_dir" EXIT
66 mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir}
67 sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock
68 echo "Output signed recovery image to ${OUTPUT_IMAGE}"
69 }
70
71 # Generate the factory install image.
72 sign_for_factory_install() {
73 ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \
74 ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
75 ${KEY_DIR}/installer_kernel.keyblock
76 echo "Output signed factory install image to ${OUTPUT_IMAGE}"
77 }
78
79 if [ "${TYPE}" == "ssd" ]; then
80 sign_for_ssd
81 elif [ "${TYPE}" == "recovery" ]; then
82 sign_for_recovery
83 elif [ "${TYPE}" == "install" ]; then
84 sign_for_factory_install
85 else
86 echo "Invalid type ${TYPE}"
87 exit 1
88 fi
89
90
OLDNEW
« no previous file with comments | « scripts/image_signing/customize_image.sh ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698