2019-09-25 06:32:56 +08:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
# directory where search for images
|
|
|
|
TOP_DIR="${TOP_DIR:-./bin/targets}"
|
|
|
|
# key to sign images
|
2021-09-27 05:58:59 +08:00
|
|
|
BUILD_KEY="${BUILD_KEY:-key-build}" # TODO unify naming?
|
2019-09-25 06:32:56 +08:00
|
|
|
# remove other signatures (added e.g. by buildbot)
|
|
|
|
REMOVE_OTER_SIGNATURES="${REMOVE_OTER_SIGNATURES:-1}"
|
|
|
|
|
|
|
|
# find all sysupgrade images in TOP_DIR
|
2021-09-27 05:58:59 +08:00
|
|
|
# factory images don't need signatures as non OpenWrt system doesn't check them anyway
|
2019-09-25 06:32:56 +08:00
|
|
|
for image in $(find $TOP_DIR -type f -name "*-sysupgrade.bin"); do
|
|
|
|
# check if image actually support metadata
|
|
|
|
if fwtool -i /dev/null "$image"; then
|
|
|
|
# remove all previous signatures
|
|
|
|
if [ -n "$REMOVE_OTER_SIGNATURES" ]; then
|
|
|
|
while [ "$?" = 0 ]; do
|
|
|
|
fwtool -t -s /dev/null "$image"
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
# run same operation as build root does for signing
|
|
|
|
cp "$BUILD_KEY.ucert" "$image.ucert"
|
|
|
|
usign -S -m "$image" -s "$BUILD_KEY" -x "$image.sig"
|
|
|
|
ucert -A -c "$image.ucert" -x "$image.sig"
|
|
|
|
fwtool -S "$image.ucert" "$image"
|
|
|
|
fi
|
|
|
|
done
|