diff --git a/.gitignore b/.gitignore index 795257c..eee3ded 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ -board/myna-player-odyssey/utilities/certs.txt board/myna-player-odyssey/utilities/genimage.cfg board/myna-player-odyssey/utilities/machine-id -pki +scripts/certs.sh easy-rsa -output/* -dl/* +certs +output +dl diff --git a/board/myna-player-odyssey/scripts/rootfs_postbuild.sh b/board/myna-player-odyssey/scripts/rootfs_postbuild.sh index ed95620..80caff7 100755 --- a/board/myna-player-odyssey/scripts/rootfs_postbuild.sh +++ b/board/myna-player-odyssey/scripts/rootfs_postbuild.sh @@ -2,16 +2,12 @@ set -e -# setup machine-id - -cp "${BR2_EXTERNAL_MynaPlayer_PATH}"/board/myna-player-odyssey/utilities/machine-id \ - "${TARGET_DIR}"/etc/machine-id -chmod 444 "${TARGET_DIR}"/etc/machine-id +. "${BR2_EXTERNAL_MynaPlayer_PATH}"/scripts/certs.sh # Moving kernel modules into place -rsync -ar ${BASE_DIR}/../kmod/modules/* \ - ${TARGET_DIR}/usr/lib/modules +rsync -ar "${BASE_DIR}"/../kmod/modules/* \ + "${TARGET_DIR}"/usr/lib/modules # lets point emergency.target to reboot.target @@ -33,6 +29,5 @@ # grab keyring needed for rauc -RAUC_KEYRING=$(awk '{print $3}' "${BR2_EXTERNAL_MynaPlayer_PATH}/board/myna-player-odyssey/utilities/certs.txt" | sed -n '1p') -cp "${RAUC_KEYRING}" \ +cp "${BR2_EXTERNAL_MynaPlayer_PATH}"/certs/keyring.pem \ "${TARGET_DIR}"/etc/rauc/keyring.pem diff --git a/board/myna-player-odyssey/scripts/rootfs_postimage.sh b/board/myna-player-odyssey/scripts/rootfs_postimage.sh index c80dc82..151837a 100755 --- a/board/myna-player-odyssey/scripts/rootfs_postimage.sh +++ b/board/myna-player-odyssey/scripts/rootfs_postimage.sh @@ -20,17 +20,11 @@ export GENIMAGE_USER=$(whoami) export GENIMAGE_HOST=$(hostname) export GENIMAGE_BUILD_ID=$(uuidgen) -export GENIMAGE_CERTIFICATE_AUTHORITY=$(awk '{print $3}' "${BR2_EXTERNAL_MynaPlayer_PATH}/board/myna-player-odyssey/utilities/certs.txt" | sed -n '1p') -export GENIMAGE_PRIVATE_KEY=$(awk '{print $3}' "${BR2_EXTERNAL_MynaPlayer_PATH}/board/myna-player-odyssey/utilities/certs.txt" | sed -n '2p') -export GENIMAGE_PUBLIC_KEY=$(awk '{print $3}' "${BR2_EXTERNAL_MynaPlayer_PATH}/board/myna-player-odyssey/utilities/certs.txt" | sed -n '3p') envsubst \ \$GENIMAGE_DATE,\ \$GENIMAGE_USER,\ \$GENIMAGE_HOST,\ -\$GENIMAGE_BUILD_ID,\ -\$GENIMAGE_CERTIFICATE_AUTHORITY,\ -\$GENIMAGE_PRIVATE_KEY,\ -\$GENIMAGE_PUBLIC_KEY \ +\$GENIMAGE_BUILD_ID \ < ${GENIMAGE_TMP} \ > ${GENIMAGE_CFG} diff --git a/board/myna-player-odyssey/utilities/certs.txt.example b/board/myna-player-odyssey/utilities/certs.txt.example deleted file mode 100644 index 53ab94e..0000000 --- a/board/myna-player-odyssey/utilities/certs.txt.example +++ /dev/null @@ -1,3 +0,0 @@ -Certificate authority: /path/to/ca.crt -Private key: /path/to/private.key -Public key: /path/to/public.crt diff --git a/board/myna-player-odyssey/utilities/genimage.tmp b/board/myna-player-odyssey/utilities/genimage.tmp index a4e4ffc..51a102e 100644 --- a/board/myna-player-odyssey/utilities/genimage.tmp +++ b/board/myna-player-odyssey/utilities/genimage.tmp @@ -43,9 +43,9 @@ files = { "rootfs.tar.xz" } - key = "${GENIMAGE_PRIVATE_KEY}" - cert = "${GENIMAGE_PUBLIC_KEY}" - extraargs = "--keyring ${GENIMAGE_CERTIFICATE_AUTHORITY}" + key = "${BR2_EXTERNAL_MynaPlayer_PATH}/certs/signing.key" + cert = "${BR2_EXTERNAL_MynaPlayer_PATH}/certs/signing.crt" + extraargs = "--keyring ${BR2_EXTERNAL_MynaPlayer_PATH}/certs/keyring.pem" manifest = "[update] compatible=LuminaSensum MynaPlayer diff --git a/external.mk b/external.mk index 4c56968..3f97698 100644 --- a/external.mk +++ b/external.mk @@ -6,3 +6,8 @@ pre-clean: rm -rf $(MAGIC_PLACE) rm -rf $(KERNEL_PLACE) + +rauc-fixups: + $(BR2_EXTERNAL_MynaPlayer_PATH)/scripts/rauc_fixups.sh + +all: rauc-fixups diff --git a/scripts/certs.sh.example b/scripts/certs.sh.example new file mode 100644 index 0000000..bf0607c --- /dev/null +++ b/scripts/certs.sh.example @@ -0,0 +1,4 @@ +#!/bin/sh +RAUC_CERTIFICATE_AUTHORITY="/path/to/ca.crt" +RAUC_PRIVATE_KEY="/path/to/private.key" +RAUC_PUBLIC_KEY="/path/to/public.crt" diff --git a/scripts/rauc_fixups.sh b/scripts/rauc_fixups.sh new file mode 100755 index 0000000..b4f3b25 --- /dev/null +++ b/scripts/rauc_fixups.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +. "${BR2_EXTERNAL_MynaPlayer_PATH}"/scripts/certs.sh + +# creating directory to store symlinks in + +mkdir -p "${BR2_EXTERNAL_MynaPlayer_PATH}"/certs + +# lets create the appropriate symlinks to use later with genimage as well as in rootfs_postbuild.sh + +ln -sf "${RAUC_CERTIFICATE_AUTHORITY}" \ + "${BR2_EXTERNAL_MynaPlayer_PATH}"/certs/keyring.pem +ln -sf "${RAUC_PRIVATE_KEY}" \ + "${BR2_EXTERNAL_MynaPlayer_PATH}"/certs/signing.key +ln -sf "${RAUC_PUBLIC_KEY}" \ + "${BR2_EXTERNAL_MynaPlayer_PATH}"/certs/signing.crt