# # Copyright (c) 2023 Wind River Systems, Inc. # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. The ASF licenses this # file to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # # Fragment of base-bullseye.yaml for initramfs-sign-script definition echo "***Start initramfs-sign-script***" SIGNING_SERVER=INPUT_SIGNING_SERVER INITRAMFS_PATH=/localdisk/deploy/ INITRAMFS_INIT=$(ls ${INITRAMFS_PATH}/starlingx-initramfs-ostree-image-intel-x86-64-*.rootfs.cpio.gz) [ -z ${INITRAMFS_INIT} ] && { echo "No initramfs file!"; exit 1; } INITRAMFS_FILE=$(basename ${INITRAMFS_INIT}) INITRD_MINI_FILE=initrd-mini INITRD_MINI_PATH=/localdisk/workdir/starlingx/rootfs/var/miniboot/ SSH_OPTION_NOCHECKING="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" REQUEST=$(ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER} sudo /opt/signing/sign-debian.sh -r) UPLOAD_PATH=${REQUEST#*Upload: } echo UPLOAD_PATH: ${UPLOAD_PATH} [ -z ${UPLOAD_PATH}] && { echo "Fail to request for upload path!"; exit 1; } echo "(4) Sign initramfs" scp ${SSH_OPTION_NOCHECKING} ${INITRAMFS_PATH}/${INITRAMFS_FILE} ${SIGNING_SERVER}:${UPLOAD_PATH} \ || { echo "Fail to copy initramfs file to signing server!"; exit 1; } ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER} \ sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRAMFS_FILE} -t grub-gpg \ || { echo "Fail to sign initramfs file!"; exit 1; } scp ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER}:${UPLOAD_PATH}/${INITRAMFS_FILE}.sig ${INITRAMFS_PATH} \ || { echo "Fail to copy back initramfs sig file!"; exit 1; } ln -snf -r ${INITRAMFS_PATH}/${INITRAMFS_FILE}.sig ${INITRAMFS_PATH}/starlingx-initramfs-ostree-image-intel-x86-64.cpio.gz.sig \ || { echo "Fail to create the initramfs sig file's link!"; exit 1; } echo "(5) Sign mini initramfs" scp ${SSH_OPTION_NOCHECKING} ${INITRD_MINI_PATH}/${INITRD_MINI_FILE} ${SIGNING_SERVER}:${UPLOAD_PATH} \ || { echo "Fail to copy mini initrd file to signing server!"; exit 1; } ssh ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER} \ sudo /opt/signing/sign-debian.sh -i ${UPLOAD_PATH}/${INITRD_MINI_FILE} -t grub-gpg \ || { echo "Fail to sign mini initrd file!"; exit 1; } scp ${SSH_OPTION_NOCHECKING} ${SIGNING_SERVER}:${UPLOAD_PATH}/${INITRD_MINI_FILE}.sig ${INITRD_MINI_PATH} \ || { echo "Fail to copy back mini initrd sig file!"; exit 1; } echo "***Finish initramfs-sign-script***"