63 lines
1.7 KiB
Bash
Executable File
63 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#title :coreos-resign-swu-file.sh
|
|
#description :This script signs/resigns an already existent swu file with a
|
|
# provided private key and a certificate
|
|
#author :Patrick Vogelaar
|
|
#date :20240325
|
|
#version :0.1
|
|
#usage :coreos-resign-swu-file.sh -i <in>.swu -k <key> -c <cert>
|
|
# -o <output_file>
|
|
#notes :openssl and cpio are required
|
|
#==============================================================================
|
|
|
|
SW_DESC_FILE_NAME="sw-description"
|
|
SW_DESC_SIG_FILE_NAME="sw-description.sig"
|
|
FIRMWARE_TMP_DIR="firmware_tmp"
|
|
CPIO_ORDER_FILE="cpio_order"
|
|
|
|
while getopts i:k:c:o flag
|
|
do
|
|
case "${flag}" in
|
|
i) swupdate_in_file=${OPTARG};;
|
|
k) key_file=${OPTARG};;
|
|
c) certificate=${OPTARG};;
|
|
o) output_file=${OPTARG};;
|
|
*);; # TODO: error handling -> unknown flag
|
|
esac
|
|
done
|
|
|
|
### Some basic checks
|
|
if [[ -d $FIRMWARE_TMP_DIR ]]; then
|
|
echo "ERROR: $FIRMWARE_TMP_DIR directory alread exists in this directory"
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v openssl &> /dev/null
|
|
then
|
|
echo "openssl could not be found"
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v cpio &> /dev/null
|
|
then
|
|
echo "cpio could not be found"
|
|
exit 1
|
|
fi
|
|
|
|
|
|
mkdir -p $FIRMWARE_TMP_DIR
|
|
cd $FIRMWARE_TMP_DIR || exit 1
|
|
|
|
# store the exact order in a file
|
|
cpio --quiet --list < "../$swupdate_in_file" > $CPIO_ORDER_FILE
|
|
|
|
cpio --quiet -id < "../$swupdate_in_file"
|
|
|
|
# resign
|
|
openssl cms -sign -in $SW_DESC_FILE_NAME -out $SW_DESC_SIG_FILE_NAME -signer\
|
|
"$certificate" -inkey "$key_file" -outform DER -nosmimecap -binary
|
|
|
|
# recreate the swu file
|
|
echo "cat < $CPIO_ORDER_FILE | cpio --quiet -ov > $output_file"
|
|
cat < $CPIO_ORDER_FILE | cpio --quiet -ov > "$output_file"
|