From f96d61f5a96db2deaf34f5ca38b77b3d18704ae6 Mon Sep 17 00:00:00 2001 From: "alex-hl.huang" Date: Thu, 17 Feb 2022 13:52:46 +0800 Subject: [PATCH] add shell script for generate cpld image tar --- gen-cpld-tar | 176 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100755 gen-cpld-tar diff --git a/gen-cpld-tar b/gen-cpld-tar new file mode 100755 index 0000000..d0d59c6 --- /dev/null +++ b/gen-cpld-tar @@ -0,0 +1,176 @@ +#!/bin/bash +set -eo pipefail + +help=$'Generate Tarball with Cpld image and MANIFEST Script + +Generates a Cpld image tarball from given file as input. +Creates a MANIFEST for image verification and recreation +Packages the image and MANIFEST together in a tarball + +usage: gen-Cpld-tar [OPTION] ... + +Options: +-o, --out Specify destination file. Defaults to +`pwd`/obmc-cpld.tar.gz if unspecified. +-s, --sign Sign the image. The optional path argument specifies +the private key file. Defaults to the bash variable +PRIVATE_KEY_PATH if available, or else uses the +open-source private key in this script. +-m, --machine Optionally specify the target machine name of this +image. +-v, --version Specify the version of Cpld image file +-h, --help Display this help text and exit. +' + +################################################################# +# It's the OpenBMC "public" private key (currently under +# meta-phosphor/recipes-phosphor/flash/files/OpenBMC.priv): +# https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/8949/15/ +# meta-phosphor/common/recipes-phosphor/flash/files/OpenBMC.priv +# +################################################################# +private_key=$'-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri +PaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B +zIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k +D4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU +zUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/ +nZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1 +h6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt +rX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE +x/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5 +DCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw +cM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE +5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4 +6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m +F0nIdUAhR0yTfKM= +-----END PRIVATE KEY----- +' + +do_sign=false +PRIVATE_KEY_PATH=${PRIVATE_KEY_PATH:-} +private_key_path="${PRIVATE_KEY_PATH}" +outfile="" +machine="" +version="" +default_cpld_name="cpld.svf" +while [[ $# -gt 0 ]]; do + key="$1" + case $key in + -o|--out) + outfile="$2" + shift 2 + ;; + -s|--sign) + do_sign=true + if [[ -n "${2}" && "${2}" != -* ]]; then + private_key_path="$2" + shift 2 + else + shift 1 + fi + ;; + -m|--machine) + machine="$2" + shift 2 + ;; + -v|--version) + version="$2" + shift 2 + ;; + -h|--help) + echo "$help" + exit + ;; + -*) + echo "Unrecognised option $1" + echo "$help" + exit + ;; + *) + file="$1" + shift 1 + ;; + esac +done + +if [ ! -f "${file}" ]; then + echo "${file} not found, Please enter a valid Cpld image file" + echo "$help" + exit 1 +else + cp "$file" $default_cpld_name + echo "$file" +fi + +if [[ -z $version ]]; then + echo "Please provide version of image with -v option" + exit 1 +fi + +if [[ -z $outfile ]]; then + outfile=$(pwd)/obmc-cpld.tar.gz +else + if [[ $outfile != /* ]]; then + outfile=$(pwd)/$outfile + fi +fi + +scratch_dir=$(mktemp -d) +# Remove the temp directory on exit. +# The files in the temp directory may contain read-only files, so add +# --interactive=never to skip the prompt. +trap '{ rm -r --interactive=never ${scratch_dir}; }' EXIT + +if [[ "${do_sign}" == true ]]; then + if [[ -z "${private_key_path}" ]]; then + private_key_path=${scratch_dir}/OpenBMC.priv + echo "${private_key}" > "${private_key_path}" + echo "Image is NOT secure!! Signing with the open private key!" + else + if [[ ! -f "${private_key_path}" ]]; then + echo "Couldn't find private key ${private_key_path}." + exit 1 + fi + + echo "Signing with ${private_key_path}." + fi + + public_key_file=publickey + public_key_path=${scratch_dir}/$public_key_file + openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}" +fi + +manifest_location="MANIFEST" +files_to_sign="$manifest_location $public_key_file" + +# Go to scratch_dir +cp "${file}" "${scratch_dir}" +cd "${scratch_dir}" +mv "${file}" ${default_cpld_name} +file=${default_cpld_name} +files_to_sign+=" $(basename ${file})" + +echo "Creating MANIFEST for the image" +echo -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.CPLD\n\ +version=$version" > $manifest_location + +if [[ -n "${machine}" ]]; then + echo -e "MachineName=${machine}" >> $manifest_location +fi + +if [[ "${do_sign}" == true ]]; then + private_key_name=$(basename "${private_key_path}") + key_type="${private_key_name%.*}" + echo KeyType="${key_type}" >> $manifest_location + echo HashType="RSA-SHA256" >> $manifest_location + + for file in $files_to_sign; do + openssl dgst -sha256 -sign "${private_key_path}" -out "${file}.sig" "$file" + done + + additional_files="*.sig" +fi +# shellcheck disable=SC2086 +tar -czvf $outfile $files_to_sign $additional_files +echo "Cpld image tarball is at $outfile"