2018-11-12 06:56:17 +01:00
|
|
|
#!/bin/bash -ex
|
|
|
|
|
|
|
|
|
|
usage() {
|
|
|
|
|
cat << EOF
|
|
|
|
|
Usage: $PROGNAME [OPTION] LATEST.JSON
|
|
|
|
|
|
|
|
|
|
-h, --help Display this help
|
|
|
|
|
--key KEY Use KEY as certification key for EFI signing
|
|
|
|
|
--crt CRT Use CRT as certification for EFI signing
|
|
|
|
|
--checkpoint Remove old directories and tarballs
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEMP=$(
|
|
|
|
|
getopt -o '' \
|
|
|
|
|
--long key: \
|
|
|
|
|
--long crt: \
|
|
|
|
|
--long checkpoint \
|
|
|
|
|
--long help \
|
|
|
|
|
-- "$@"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if (( $? != 0 )); then
|
|
|
|
|
usage >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
eval set -- "$TEMP"
|
|
|
|
|
unset TEMP
|
|
|
|
|
|
|
|
|
|
while true; do
|
|
|
|
|
case "$1" in
|
|
|
|
|
'--key')
|
|
|
|
|
KEY="$(readlink -e $2)"
|
|
|
|
|
shift 2; continue
|
|
|
|
|
;;
|
|
|
|
|
'--crt')
|
|
|
|
|
CRT="$(readlink -e $2)"
|
|
|
|
|
shift 2; continue
|
|
|
|
|
;;
|
|
|
|
|
'--checkpoint')
|
|
|
|
|
CHECKPOINT="1"
|
|
|
|
|
shift 1; continue
|
|
|
|
|
;;
|
|
|
|
|
'--help')
|
|
|
|
|
usage
|
|
|
|
|
exit 0
|
|
|
|
|
;;
|
|
|
|
|
'--')
|
|
|
|
|
shift
|
|
|
|
|
break
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo 'Internal error!' >&2
|
|
|
|
|
exit 1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
PROGNAME=${0##*/}
|
|
|
|
|
BASEDIR=$(realpath ${0%/*})
|
|
|
|
|
|
|
|
|
|
JSON="$(realpath -e $1)"
|
2018-11-15 16:47:59 +01:00
|
|
|
DISTDIR="${JSON%/*}"
|
2018-11-12 06:56:17 +01:00
|
|
|
NAME="$(jq -r '.name' ${JSON})"
|
|
|
|
|
VERSION="$(jq -r '.version' ${JSON})"
|
|
|
|
|
ROOTHASH="$(jq -r '.roothash' ${JSON})"
|
2018-11-15 16:47:59 +01:00
|
|
|
IMAGE="${DISTDIR}/${NAME}-${VERSION}.json"
|
2018-11-12 06:56:17 +01:00
|
|
|
CRT=${CRT:-${BASEDIR}/${NAME}.crt}
|
|
|
|
|
KEY=${KEY:-${BASEDIR}/${NAME}.key}
|
|
|
|
|
|
|
|
|
|
mkdelta_f() {
|
2018-11-15 16:47:59 +01:00
|
|
|
local OLD="$1"
|
|
|
|
|
local NEW="$2"
|
|
|
|
|
local DELTANAME="$DISTDIR/$NAME-$(jq -r '.roothash' "$OLD")"
|
|
|
|
|
local OLDIMAGE="$DISTDIR/$NAME-$(jq -r '.roothash' "$OLD").img"
|
|
|
|
|
local NEWHASH=$(jq -r '.roothash' "$NEW")
|
|
|
|
|
local NEWIMAGE="$DISTDIR/$NAME-$NEWHASH.img"
|
|
|
|
|
xdelta3 -9 -f -S djw -s "$OLDIMAGE" "$NEWIMAGE" "$DELTANAME"-delta.new
|
2018-11-12 06:56:17 +01:00
|
|
|
openssl dgst -sha256 -sign "$KEY" -out "$DELTANAME"-delta.new.sig "$DELTANAME"-delta.new
|
2018-11-15 16:47:59 +01:00
|
|
|
|
2018-11-12 06:56:17 +01:00
|
|
|
mv "$DELTANAME"-delta.new "$DELTANAME"-delta.img
|
2018-11-15 16:47:59 +01:00
|
|
|
DELTA_IMAGE_SIZE=$(stat --printf '%s' "$DELTANAME"-delta.img)
|
|
|
|
|
jq "( . + {\
|
|
|
|
|
\"deltasig\": \"$(xxd -c256 -p -g0 < "$DELTANAME"-delta.new.sig)\",\
|
|
|
|
|
\"deltasize\": \"${DELTA_IMAGE_SIZE}\",\
|
|
|
|
|
})" \
|
|
|
|
|
< "${NEW}" > "${DELTANAME}-delta.json"
|
|
|
|
|
rm -f "$DELTANAME"-delta.new.sig
|
|
|
|
|
|
|
|
|
|
openssl dgst -sha256 -sign "$KEY" -out "${DELTANAME}-delta.json.sig" "${DELTANAME}-delta.json"
|
2018-11-12 06:56:17 +01:00
|
|
|
}
|
|
|
|
|
|
2018-11-15 16:47:59 +01:00
|
|
|
for i in $(ls -1 "${DISTDIR}/${NAME}-"*.??????????????.json); do
|
|
|
|
|
[[ -f "$i" ]] || continue
|
2018-11-12 06:56:17 +01:00
|
|
|
|
|
|
|
|
OLDIMAGE=$(realpath $i)
|
|
|
|
|
if [[ $OLDIMAGE == $IMAGE ]]; then
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
mkdelta_f "$OLDIMAGE" "$IMAGE"
|
2018-11-15 16:47:59 +01:00
|
|
|
if [[ $CHECKPOINT ]]; then
|
|
|
|
|
OLDHASH="$(jq -r '.roothash' "$OLDIMAGE")"
|
|
|
|
|
OLDNAME="$(jq -r '.name' "$OLDIMAGE")"
|
|
|
|
|
rm -f \
|
|
|
|
|
"$OLDIMAGE" \
|
|
|
|
|
"$OLDIMAGE".sig \
|
|
|
|
|
"${DISTDIR}/$OLDNAME"-"$OLDHASH".img \
|
|
|
|
|
"${DISTDIR}/$OLDNAME"-"$OLDHASH"-efi.tgz "${DISTDIR}/$OLDNAME"-"$OLDHASH"-efi.tgz.sig \
|
|
|
|
|
"${DISTDIR}/$OLDNAME"-"$OLDHASH".json "${DISTDIR}/$OLDNAME"-"$OLDHASH".json.sig
|
|
|
|
|
fi
|
2018-11-12 06:56:17 +01:00
|
|
|
done
|
