| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | #!/bin/sh |
| 2 | |
| 3 | # directory where search for images |
| 4 | TOP_DIR="${TOP_DIR:-./bin/targets}" |
| 5 | # key to sign images |
| 6 | BUILD_KEY="${BUILD_KEY:-key-build}" # TODO unify naming? |
| 7 | # remove other signatures (added e.g. by buildbot) |
| 8 | REMOVE_OTER_SIGNATURES="${REMOVE_OTER_SIGNATURES:-1}" |
| 9 | |
| 10 | # find all sysupgrade images in TOP_DIR |
| 11 | # factory images don't need signatures as non OpenWrt system doesn't check them anyway |
| 12 | for image in $(find $TOP_DIR -type f -name "*-sysupgrade.bin"); do |
| 13 | # check if image actually support metadata |
| 14 | if fwtool -i /dev/null "$image"; then |
| 15 | # remove all previous signatures |
| 16 | if [ -n "$REMOVE_OTER_SIGNATURES" ]; then |
| 17 | while [ "$?" = 0 ]; do |
| 18 | fwtool -t -s /dev/null "$image" |
| 19 | done |
| 20 | fi |
| 21 | # run same operation as build root does for signing |
| 22 | cp "$BUILD_KEY.ucert" "$image.ucert" |
| 23 | usign -S -m "$image" -s "$BUILD_KEY" -x "$image.sig" |
| 24 | ucert -A -c "$image.ucert" -x "$image.sig" |
| 25 | fwtool -S "$image.ucert" "$image" |
| 26 | fi |
| 27 | done |