sudo cp ${COMMON_BINDIR}/unpack.sh ./
sudo tar --overwrite -cf ../delta.tar *
-SIGN_KEY=$1
-SIGN_CERT=$2
-if [ "z${SIGN_KEY}" != "z" ] && [ "z${SIGN_CERT}" != "z" ]; then
- sudo ${COMMON_BINDIR}/sign_upg.sh ${SIGN_KEY} ${SIGN_CERT} ../delta.tar
+SIGN_PKCS_FILE=$1
+SIGN_PKCS_PASSWORD=$2
+if [ "z${SIGN_PKCS_FILE}" != "z" ] && [ "z${SIGN_PKCS_PASSWORD}" != "z" ]; then
+ sudo ${COMMON_BINDIR}/sign_upg.sh ${SIGN_PKCS_FILE} ${SIGN_PKCS_PASSWORD} ../delta.tar
fi
cd -
fi
}
-KEY=$1
-CERT=$2
+PKCS=$1
+PKCS_PASSWORD=$2
FILE=$3
SIGNED_FILE=$4
CheckArgument() {
ArgumentList=(
- ${KEY}
- ${CERT}
+ ${PKCS}
${FILE}
)
done
}
+KEY=""
+CERT=""
+ExtractFromPKCSFile() {
+ echo "Extract from PKCS file..."
+
+ KEY=${TMP_DIR}/key.pem
+ ${OPENSSL} pkcs12 -in ${PKCS} -nocerts -passin pass:${PKCS_PASSWORD} -passout pass:${PKCS_PASSWORD} -out ${KEY}
+ CheckFile ${KEY}
+
+ CERT=${TMP_DIR}/cert.pem
+ ${OPENSSL} pkcs12 -in ${PKCS} -clcerts -nokeys -passin pass:${PKCS_PASSWORD} -out ${CERT}
+ CheckFile ${CERT}
+}
+
SIGNATURE=""
SIGNATURE_SIZE=""
SignFile() {
SIGNATURE=${TMP_DIR}/$(${BASENAME} ${FILE}).sign
CheckNull ${SIGNATURE} "Failed to name signature"
- ${OPENSSL} dgst -sha256 -sign ${KEY} -out ${SIGNATURE} ${FILE}
+ ${OPENSSL} dgst -sha256 -sign ${KEY} -passin pass:${PKCS_PASSWORD} -out ${SIGNATURE} ${FILE}
CheckFile ${SIGNATURE} "Failed to sign"
SIGNATURE_SIZE=$(${STAT} -c %s ${SIGNATURE})
echo "********** Package Signing Start **********"
if [ "$#" -lt 3 ]; then
- echo "Usage : sign_upg.sh KEY CERT FILE_NAME [SIGNED_FILE_NAME]"
- echo " - KEY and CERT should be PEM format"
+ echo "Usage : sign_upg.sh PKCS_FILE PKCS_PASSWORD FILE_NAME [SIGNED_FILE_NAME]"
+ echo " - PKCS_FILE should include private key and certificate"
echo " - If SIGNED_FILE_NAME is NULL, signature will be overwritten to FILE_NAME"
exit
fi
CheckTool
Initialize
+ExtractFromPKCSFile
SignFile
ConvertCert
AttachSignature
# Get argument
if [ $# -lt 2 ]; then
- echo "Usage: delta-generation.sh TOTA_UPG_PATH TARGET [SIGN_KEY SIGN_CERT]"
+ echo "Usage: delta-generation.sh TOTA_UPG_PATH TARGET [SIGN_PKCS_FILE SIGN_PKCS_PASSWORD]"
echo " TARGET> rpi3 | tw1"
exit
fi
TOTA_UPG_PATH=$1
TARGET=$2
-SIGN_KEY=$3
-SIGN_CERT=$4
+SIGN_PKCS_FILE=$3
+SIGN_PKCS_PASSWORD=$4
# Path of downloaded images (old, new)
TOTA_UPG_WORK=${TOTA_UPG_PATH}/mk_delta/${TARGET}
# Execute mk_delta script
CWD=${PWD}
cd ${TOTA_UPG_WORK}
-../common/bin/mk_delta.sh ${SIGN_KEY} ${SIGN_CERT}
+../common/bin/mk_delta.sh ${SIGN_PKCS_FILE} ${SIGN_PKCS_PASSWORD}
cd ${CWD}