Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(189)

Unified Diff: scripts/image_signing/sign_official_build.sh

Issue 3066034: Add a script to generate builds signed using the official keys. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git
Patch Set: . Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « scripts/image_signing/customize_image.sh ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: scripts/image_signing/sign_official_build.sh
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e5a64867fa04d6b5c515809adf14ae434d5f8691
--- /dev/null
+++ b/scripts/image_signing/sign_official_build.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Sign the final build image using the "official" keys.
+
+# Usage: sign_for_ssd.sh <type> input_image /path/to/keys/dir output_image
+#
+# where <type> is one of:
+# ssd (sign an SSD image)
+# recovery (sign a USB recovery image)
+# install (sign a factory install image)
+
+# Load common constants and variables.
+. "$(dirname "$0")/common.sh"
+
+if [ $# -ne 4 ]; then
+ cat <<EOF
+Usage: $0 <type> input_image /path/to/keys/dir output_image"
+where <type> is one of:
+ ssd (sign an SSD image)
+ recovery (sign a USB recovery image)
+ install (sign a factory install image)
+EOF
+ exit 1
+fi
+
+# Abort on errors.
+set -e
+
+TYPE=$1
+INPUT_IMAGE=$2
+KEY_DIR=$3
+OUTPUT_IMAGE=$4
+
+
+# Generate the SSD image
+sign_for_ssd() {
+ ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \
+ ${KEY_DIR}/kernel_data_key.vbprivk \
+ ${KEY_DIR}/kernel.keyblock
+ echo "Output signed SSD image to ${OUTPUT_IMAGE}"
+}
+
+# Generate the USB (recovery + install) image
+sign_for_recovery() {
+ ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \
+ ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
+ ${KEY_DIR}/recovery_kernel.keyblock
+
+ # Now generate the installer vblock with the SSD keys.
+ temp_kimage=$(mktemp)
+ trap "rm -f ${temp_kimage}" EXIT
+ temp_out_vb=$(mktemp)
+ trap "rm -f ${temp_out_vb}" EXIT
+ extract_image_partition ${OUTPUT_IMAGE} 2 ${temp_kimage}
+ ${SCRIPT_DIR}/resign_kernel_partition.sh ${temp_kimage} ${temp_out_vb} \
+ ${KEY_DIR}/kernel_data_key.vbprivk \
+ ${KEY_DIR}/kernel.keyblock
+
+ # Copy the installer vblock to the stateful partition.
+ local stateful_dir=$(mktemp -d)
+ trap "sudo umount -d $stateful_dir; rm -rf $stateful_dir" EXIT
+ mount_image_partition ${OUTPUT_IMAGE} 1 ${stateful_dir}
+ sudo cp ${temp_out_vb} ${stateful_dir}/vmlinuz_hd.vblock
+ echo "Output signed recovery image to ${OUTPUT_IMAGE}"
+}
+
+# Generate the factory install image.
+sign_for_factory_install() {
+ ${SCRIPT_DIR}/resign_image.sh ${INPUT_IMAGE} ${OUTPUT_IMAGE} \
+ ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
+ ${KEY_DIR}/installer_kernel.keyblock
+ echo "Output signed factory install image to ${OUTPUT_IMAGE}"
+}
+
+if [ "${TYPE}" == "ssd" ]; then
+ sign_for_ssd
+elif [ "${TYPE}" == "recovery" ]; then
+ sign_for_recovery
+elif [ "${TYPE}" == "install" ]; then
+ sign_for_factory_install
+else
+ echo "Invalid type ${TYPE}"
+ exit 1
+fi
+
+
« no previous file with comments | « scripts/image_signing/customize_image.sh ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698