LM
/
coreos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
coreos/scripts/coreos-get-dev-keys

89 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# This script will get development keys needed by the UEFI secure boot
# implementation from the k-stufen web share and put the under $BUILDDIR/keys
#
# The reason for every developer to have the same keys is that image/update
# filest are interchangable.
# Those developer keys are used for all builds except the ones that are marked
# as final. Here the official keys will be used.
#
# Following keys will be downloaded
# db.auth db.der db.key KEK.crt KEK.esl PK.auth PK.der PK.key
# db.crt db.esl KEK.auth KEK.der KEK.key PK.crt PK.esl
# This script is used every time the build environment of CoreOS is sourced
# Note: in the build environment stdout is redirected to /dev/null but not
# stderr.
set -e
# Logging helper
RED='\033[0;31m'
GREEN='\033[0;32m'
BOLD='\033[1m'
RESET='\033[0m'
# Ensure that BUILDDIR is defined
# ==============================================================================
# This is usually done inside the coreos-init-build-env script
if [ -z "$BUILDDIR" ]; then
echo -e "${RED}BUILDDIR is not defined${RESET}" 2>&1
echo -e "Have you run the coreos-init-buildenv script?" 2>&1
exit 1
fi
# We need the KEYDIR directory to exist
# ==============================================================================
KEYDIR="${BUILDDIR}/keys"
mkdir -p "${KEYDIR}"
cd "${KEYDIR}"
# we need wget and tar
# ==============================================================================
assert_command_in_path() {
if command -v "$1" >/dev/null 2>&1; then
echo -e "✓ Command ${GREEN}${1}${RESET} was found"
else
echo -e "${RED}Command ${BOLD}${1}${RESET}${RED} was not found in your path${RESET}" >&2
echo -e "Please check the coreos-documentation for the list of required packages" >&2
exit 1
fi
}
assert_command_in_path wget
assert_command_in_path tar
# Generate all they keys, as needed
# ==============================================================================
# Only generate the file if it's missing and don't fail if the file already
# exist
check_files_exist() {
RET=0
for file in "$@"; do
if [ ! -e "$file" ]; then
echo -e "𐄂 File ${RED}${file}${RESET} missing"
RET=1
else
echo -e "✓ File ${GREEN}${file}${RESET} already exist"
fi
done
return $RET
}
check_files_exist db.auth db.crt db.der db.esl db.key KEK.auth KEK.crt KEK.der \
KEK.esl KEK.key PK.auth PK.crt PK.der PK.esl PK.key || \
{
echo -e "${RED}Incosistent or no keys.${RESET}"
echo "Downloading Keys"
wget -q https://platform-nas.gad.local/K-Stufen/CoreOS/.signing/coreos_developer_signing.keys.tar.gz && \
tar -xzf coreos_developer_signing.keys.tar.gz -C ${BUILDDIR}/keys && \
rm coreos_developer_signing.keys.tar.gz
}
Reference in New Issue View Git Blame Copy Permalink