#!/bin/bash set -eo pipefail help=$(cat <<EOF Generate Tarball with PSU image and MANIFEST Script usage: generate-psu-tar [OPTION] <parameter>... Options: --image <file> PSU FW image --version <version> PSU FW version --model <model> PSU FW model --manufacturer <version> PSU FW manufacturer --machineName <machineName> Optionally specify the target machine name of this image. --outfile <filename> Outfile name For example : -o psufw.tar The default outfile name is image.tar,and "image" is what you input. --sign <path> Sign the image. The optional path argument specifies the private key file. Defaults to the bash variable PRIVATE_KEY_PATH if available, or else uses the open-source private key in this script. --help Display this help text and exit. EOF ) private_key=$'-----BEGIN PRIVATE KEY----- MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDO7vWM6ZOylO6T lxDiRWgKCFauAxMVM4A7NmgZxfV73xqTzAtIzzF9CIKUEhqMT4LhNy1rU2oUUivH 4BZO2oC6yFafEPVla2oYAeWtXJmQTixYgJplKQCtLzFtb57DQJpl9Od0RVFC61yg 4LihsiENnRjncLPP7OkL68ssiELu+WxazDtewmVYQEHOMWQa2zDh9yrWsblLAyo4 gsG9rdwWjqIUnZkoeJuT7zks4Jes4qAtQUuZhCxMcvwvOq8od3e4nLVFnyUOGMpE jdDDGddKh5e+9BJGqkfsLCT9UFTYi62Ifuxl1Gp963cZLapJS0CneHIrG3gapiCO ea4TH/xySfts2jpl7DnEIUo3Qs0rZrOLQDLVVXvRJvHdsVoZcSRCD8Jf0YTQ6tT7 j3ejUOH8j3DGkgKRHGtH7yyCgmDyPYVQdEu3q4E1NBwODAyxppYGBqkwpSGRnf6q E6i5rQJuoPCm3rb9ZmoHVzeb8HW3ofYfNnZNuae/2LdEtJ/cFs8ILXP5AKiaKpmS H4GB8GUcgRMITGI1pcXhevO2wHi0ReJkme+m5GpuVIg9LpTs6YvvNoFeu6ux7up/ TjTa+Zdy3tLUZvvIIlS2Asu32uiGBFjZ2WiLeHq+ScaDsSyEJQkoYLqv+3MoPKhy iX4yanZCwG3yx68RDe9qQBt6WXqAEwIDAQABAoICAA6OxAqKQiA9lv0eEwuAC34t MP/j6ntC2MIRpUgu44K34tRD9gVEwjwEFb+Z+HEnhNMYQSM8RomwcDELBDa+63B4 eJOPK1xbrqaKt6A3E/yRa1A8l+AG/uuwFr+WqyocSOBkVsYYvEtDaIxO0t5ZPDcL dr2NcbDuf0Sd7XiwC1lphaRrmr+jWGLZfmellN/IzMsQytw4u4rZ6aX5GO0hpoqV tTRTE/vDZFqHaVPNZw48ET2tysY9hKpKKpCeBcWIhg0gRSZlOEOiHdStz2JyVnGB UX0XCZQcFZw5TM7fUGC9jtM77qCJTYaXQpUsX77xQtalRA7hS1VAm6i6SbNBvE4j le2JWBmOCbh9A/Dqnxh/3R2ZpsbffMG3O4KLkObquP8QGsItxwZYm4Bo37/HS6ki 1Ilym014DUT1+mTybi+2TjlPgh2LeECo1lbgFRJ/p9Vs7TJV2jeVPKDHF72cVvp2 Ly6dGQVtBPz7/HpvxwYA5TJstNWgiU1sZPwgVzhgeZEKt5DO3Da6DVoXt96/tHk4 577MA9P4qYLJldq5rfFW3IeyGUjLZ1yLmmDWj2Hz2IQe/YqrHHQH5UO6xxhrjuCa FrAOv7wJxmmbhZ9AptmR0PnmTU79LM8gxyNY9nn0R+XMJd/3UvrrjzJWw+LUGdhC zG0pF0JGMb71wHwlmmUpAoIBAQDyUHAcpgWtCl70qVpHnAG6WnsRP6ZS0dtBjqnN l9GachlNLOyQHfKcs7Vj7dkrcumSTbZ7zzgsazQcwfJMEvVq2RS8iTrtKAq+yYmj uejaJ3gAuiaU5Shv9PL+P25zGlwJtqEADYjiSrzO1ZRgM1M31tlH7f0wjYIrV6LP 5P5HYFVDFujsiWY9oUZ+PFaCWPRQ2P47zF3ocbiqD9TbFSwNfq5B2WPLCURExQAh XT/GH8Devz2M79CWKjvDMQutZ8dcLZx6JNhpre5JoNbAxE2u9jIM++srSb41zArE 2lcy2tqNAWJV5jhFz5DZ451kvz7AKLaehWYj7D+TvX4V4UwpAoIBAQDanvWQCoop Loh5s5tYwHB/iFE+jzVvyrytfRcDIjrBaCDCQrObgh/fllk44h9DpKHbM4nYlMpU GXOsQCVkE/SiJakzeXfoecCJ3ebp+mlBILs79AWlfETJFLx1FKJQOQoraoICVFxx jcI/OvGlABRLvRYhNnq22//IgLlyKWfO0yS6FASIjriIjDwibKZqHt+DJ98Lv2d+ 1fsOw/Ai7e2e3nK0+2vmXusZAwpcPuTYb+5LOnHE7GbPecuM22BSTiUAekoHq3/k fdYw+od4B4BJB0bAnRVu7y+TQXRkZ462RvP05AYXUzudjknv48mFuBslrybr3f50 aIwtFADeJrHbAoIBAQCYcEwnabaWZrjX+BZoiFd58eQMNNugrI7fzi06vrDJFdCf AY0NGRoAxPlvFTmTIOaZ+LO9bd5r60FMeiLBAwhLoKdv+HEOsysXXVhunM1FOKFA 69rLvuJSlGmt0x/b35BZOABPNTSRD+15vVlrr75BmbL1kl2/BrcGJ0qwuOHS62KY IziDXejpCqV7UuAlfmqs1eYSnn3RdoFy0yTYcphVIQXlPSqPl5PQI5LyamRtcpp2 Rx8ko9W4MneIUzmCbJA5iCQxny5aRWZsAXg4qwYn9JAGJRGMGQdFdsirkKRcxNvK 6zz+xydNm8gHmy7wK3QBlVtVnJxmKwDQI9zHTQYJAoIBAQDVKrXJ81zv9r1/3U8V 5N5MnACL/VtfW9FJYHU1ywR7XSrEAAHdGa42dwUcX++YJ0ji0YgRNFNsWTzesdVD lemsyQgIduIiPcUtKL9lWZOTu3SVasSurVLstllj1/DERDnUR4/o8ZUJ6+2Bddn0 xvUDPKX9UH+rGSx4tnscA5+CnYJsJeSdunvYONTRxBsn0l6iJhhn/gPOOpsHtKnL hS9y/vfd3GFDST33L23EsFa3a7xwgdY460D8AIgnGij7V9Lgel0AyYp0ovZc34uD z9yYWI32dbRWbMZ40RPKaudOeDSbjlMaH0A7ymfxjqwKxI9D2VscFWNs4hv8QErw Uc6NAoIBAQCmWWyARU/x4m7K4vNAWjD2Qx6R7PAdLs/6ZBqWw0RSpRHlYr73Qggw dCK+LrsR0O7y1KW2WUfrJmzHEdFQEYcZ1vZWeN85dMLVhYmazSXlaIegRE4FmMUa DbzViUJA60Y4D/l6QWqdhxdZZe81QgqyLPXAv/e5esxRIi8yvEYhCx4pq7QtWYBm tvQnPaZd8emlKARivF2ecGDlWzhf4NotDDtFRT4jOHZKUC58uVjbiXJ445Vimqlb Da7noVGwDQ93Ib1qyAilzFY5gWDeMyCnSQpnlVRHQ/8vlwLDsZs1kVau6k8WlcpM JbmuCRNy7YvALVTzyQsQ4yw87BoONt1L -----END PRIVATE KEY----- ' do_sign=false # shellcheck disable=SC2153 private_key_path="${PRIVATE_KEY_PATH}" image="" outfile="" version="" model="" manufacturer="" machineName="" while [[ $# -gt 0 ]]; do key="$1" case $key in --image) image="$2" shift 2 ;; --version) version="$2" shift 2 ;; --model) model="$2" shift 2 ;; --manufacturer) manufacturer="$2" shift 2 ;; --machineName) machineName="$2" shift 2 ;; --outfile) outfile="$2" shift 2 ;; --sign) do_sign=true if [[ -n "${2}" && "${2}" != -* ]]; then private_key_path="$2" shift 2 else shift 1 fi ;; --help) echo "$help" exit ;; *) echo "Please enter the correct parameters." echo "$help" exit 1 ;; esac done if [ ! -f "${image}" ]; then echo "Please enter a valid PSU FW image file." echo "$help" exit 1 fi if [ -z "${version}" ]; then echo "Please enter a valid PSU FW image version." echo "$help" exit 1 fi if [ -z "${model}" ]; then echo "Please enter a valid PSU FW image model." echo "$help" exit 1 fi if [ -z "${manufacturer}" ]; then echo "Please enter a valid PSU FW image manufacturer." echo "$help" exit 1 fi if [ -z "${outfile}" ]; then outfile=$(pwd)/$image.tar else outfile=$(pwd)/$outfile fi scratch_dir=$(mktemp -d) # shellcheck disable=SC2064 trap "{ rm -r ${scratch_dir}; }" EXIT if [[ "${do_sign}" == true ]]; then if [[ -z "${private_key_path}" ]]; then private_key_path=${scratch_dir}/OpenBMC.priv echo "${private_key}" > "${private_key_path}" echo "Image is NOT secure!! Signing with the open private key!" else if [[ ! -f "${private_key_path}" ]]; then echo "Couldn't find private key ${private_key_path}." exit 1 fi echo "Signing with ${private_key_path}." fi public_key_file=publickey public_key_path=${scratch_dir}/$public_key_file openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}" cp "${private_key_path}" "${scratch_dir}/private_key" fi manifest_location="MANIFEST" files_to_sign="$manifest_location $public_key_file $image" cp "${image}" "${scratch_dir}" cd "${scratch_dir}" echo "Creating MANIFEST for the image" echo -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\ extended_version=model=$model,manufacturer=$manufacturer" > $manifest_location if [[ -n "${machineName}" ]]; then echo -e "MachineName=${machineName}" >> $manifest_location fi if [[ "${do_sign}" == true ]]; then private_key_name=$(basename "${private_key_path}") key_type="${private_key_name%.*}" echo KeyType="${key_type}" >> $manifest_location echo HashType="RSA-SHA256" >> $manifest_location for file in $files_to_sign; do openssl dgst -sha256 -sign private_key -out "${file}.sig" "$file" done additional_files="*.sig" fi # shellcheck disable=SC2086 # Do not quote the files variables since they list multiple files # and tar would assume to be a single file name within quotes tar -cvf $outfile $files_to_sign $additional_files echo "PSU FW tarball at $outfile" exit