1#!/bin/bash
2set -eo pipefail
3
4help=$(cat <<EOF
5Generate Tarball with PSU image and MANIFEST Script
6usage: generate-psu-tar [OPTION] <parameter>...
7Options:
8   --image        <file>          PSU FW image
9   --version      <version>       PSU FW version
10   --model        <model>         PSU FW model
11   --manufacturer <version>       PSU FW manufacturer
12   --machineName  <machineName>   Optionally specify the target machine name of this image.
13   --outfile      <filename>      Outfile name
14		                  For example : -o psufw.tar
15                                  The default outfile name is image.tar,and
16                                  "image" is what you input.
17   --sign         <path>          Sign the image. The optional path argument specifies
18                                  the private key file. Defaults to the bash variable
19                                  PRIVATE_KEY_PATH if available, or else uses the
20                                  open-source private key in this script.
21   --help                         Display this help text and exit.
22EOF
23)
24
25private_key=$'-----BEGIN PRIVATE KEY-----
26MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDO7vWM6ZOylO6T
27lxDiRWgKCFauAxMVM4A7NmgZxfV73xqTzAtIzzF9CIKUEhqMT4LhNy1rU2oUUivH
284BZO2oC6yFafEPVla2oYAeWtXJmQTixYgJplKQCtLzFtb57DQJpl9Od0RVFC61yg
294LihsiENnRjncLPP7OkL68ssiELu+WxazDtewmVYQEHOMWQa2zDh9yrWsblLAyo4
30gsG9rdwWjqIUnZkoeJuT7zks4Jes4qAtQUuZhCxMcvwvOq8od3e4nLVFnyUOGMpE
31jdDDGddKh5e+9BJGqkfsLCT9UFTYi62Ifuxl1Gp963cZLapJS0CneHIrG3gapiCO
32ea4TH/xySfts2jpl7DnEIUo3Qs0rZrOLQDLVVXvRJvHdsVoZcSRCD8Jf0YTQ6tT7
33j3ejUOH8j3DGkgKRHGtH7yyCgmDyPYVQdEu3q4E1NBwODAyxppYGBqkwpSGRnf6q
34E6i5rQJuoPCm3rb9ZmoHVzeb8HW3ofYfNnZNuae/2LdEtJ/cFs8ILXP5AKiaKpmS
35H4GB8GUcgRMITGI1pcXhevO2wHi0ReJkme+m5GpuVIg9LpTs6YvvNoFeu6ux7up/
36TjTa+Zdy3tLUZvvIIlS2Asu32uiGBFjZ2WiLeHq+ScaDsSyEJQkoYLqv+3MoPKhy
37iX4yanZCwG3yx68RDe9qQBt6WXqAEwIDAQABAoICAA6OxAqKQiA9lv0eEwuAC34t
38MP/j6ntC2MIRpUgu44K34tRD9gVEwjwEFb+Z+HEnhNMYQSM8RomwcDELBDa+63B4
39eJOPK1xbrqaKt6A3E/yRa1A8l+AG/uuwFr+WqyocSOBkVsYYvEtDaIxO0t5ZPDcL
40dr2NcbDuf0Sd7XiwC1lphaRrmr+jWGLZfmellN/IzMsQytw4u4rZ6aX5GO0hpoqV
41tTRTE/vDZFqHaVPNZw48ET2tysY9hKpKKpCeBcWIhg0gRSZlOEOiHdStz2JyVnGB
42UX0XCZQcFZw5TM7fUGC9jtM77qCJTYaXQpUsX77xQtalRA7hS1VAm6i6SbNBvE4j
43le2JWBmOCbh9A/Dqnxh/3R2ZpsbffMG3O4KLkObquP8QGsItxwZYm4Bo37/HS6ki
441Ilym014DUT1+mTybi+2TjlPgh2LeECo1lbgFRJ/p9Vs7TJV2jeVPKDHF72cVvp2
45Ly6dGQVtBPz7/HpvxwYA5TJstNWgiU1sZPwgVzhgeZEKt5DO3Da6DVoXt96/tHk4
46577MA9P4qYLJldq5rfFW3IeyGUjLZ1yLmmDWj2Hz2IQe/YqrHHQH5UO6xxhrjuCa
47FrAOv7wJxmmbhZ9AptmR0PnmTU79LM8gxyNY9nn0R+XMJd/3UvrrjzJWw+LUGdhC
48zG0pF0JGMb71wHwlmmUpAoIBAQDyUHAcpgWtCl70qVpHnAG6WnsRP6ZS0dtBjqnN
49l9GachlNLOyQHfKcs7Vj7dkrcumSTbZ7zzgsazQcwfJMEvVq2RS8iTrtKAq+yYmj
50uejaJ3gAuiaU5Shv9PL+P25zGlwJtqEADYjiSrzO1ZRgM1M31tlH7f0wjYIrV6LP
515P5HYFVDFujsiWY9oUZ+PFaCWPRQ2P47zF3ocbiqD9TbFSwNfq5B2WPLCURExQAh
52XT/GH8Devz2M79CWKjvDMQutZ8dcLZx6JNhpre5JoNbAxE2u9jIM++srSb41zArE
532lcy2tqNAWJV5jhFz5DZ451kvz7AKLaehWYj7D+TvX4V4UwpAoIBAQDanvWQCoop
54Loh5s5tYwHB/iFE+jzVvyrytfRcDIjrBaCDCQrObgh/fllk44h9DpKHbM4nYlMpU
55GXOsQCVkE/SiJakzeXfoecCJ3ebp+mlBILs79AWlfETJFLx1FKJQOQoraoICVFxx
56jcI/OvGlABRLvRYhNnq22//IgLlyKWfO0yS6FASIjriIjDwibKZqHt+DJ98Lv2d+
571fsOw/Ai7e2e3nK0+2vmXusZAwpcPuTYb+5LOnHE7GbPecuM22BSTiUAekoHq3/k
58fdYw+od4B4BJB0bAnRVu7y+TQXRkZ462RvP05AYXUzudjknv48mFuBslrybr3f50
59aIwtFADeJrHbAoIBAQCYcEwnabaWZrjX+BZoiFd58eQMNNugrI7fzi06vrDJFdCf
60AY0NGRoAxPlvFTmTIOaZ+LO9bd5r60FMeiLBAwhLoKdv+HEOsysXXVhunM1FOKFA
6169rLvuJSlGmt0x/b35BZOABPNTSRD+15vVlrr75BmbL1kl2/BrcGJ0qwuOHS62KY
62IziDXejpCqV7UuAlfmqs1eYSnn3RdoFy0yTYcphVIQXlPSqPl5PQI5LyamRtcpp2
63Rx8ko9W4MneIUzmCbJA5iCQxny5aRWZsAXg4qwYn9JAGJRGMGQdFdsirkKRcxNvK
646zz+xydNm8gHmy7wK3QBlVtVnJxmKwDQI9zHTQYJAoIBAQDVKrXJ81zv9r1/3U8V
655N5MnACL/VtfW9FJYHU1ywR7XSrEAAHdGa42dwUcX++YJ0ji0YgRNFNsWTzesdVD
66lemsyQgIduIiPcUtKL9lWZOTu3SVasSurVLstllj1/DERDnUR4/o8ZUJ6+2Bddn0
67xvUDPKX9UH+rGSx4tnscA5+CnYJsJeSdunvYONTRxBsn0l6iJhhn/gPOOpsHtKnL
68hS9y/vfd3GFDST33L23EsFa3a7xwgdY460D8AIgnGij7V9Lgel0AyYp0ovZc34uD
69z9yYWI32dbRWbMZ40RPKaudOeDSbjlMaH0A7ymfxjqwKxI9D2VscFWNs4hv8QErw
70Uc6NAoIBAQCmWWyARU/x4m7K4vNAWjD2Qx6R7PAdLs/6ZBqWw0RSpRHlYr73Qggw
71dCK+LrsR0O7y1KW2WUfrJmzHEdFQEYcZ1vZWeN85dMLVhYmazSXlaIegRE4FmMUa
72DbzViUJA60Y4D/l6QWqdhxdZZe81QgqyLPXAv/e5esxRIi8yvEYhCx4pq7QtWYBm
73tvQnPaZd8emlKARivF2ecGDlWzhf4NotDDtFRT4jOHZKUC58uVjbiXJ445Vimqlb
74Da7noVGwDQ93Ib1qyAilzFY5gWDeMyCnSQpnlVRHQ/8vlwLDsZs1kVau6k8WlcpM
75JbmuCRNy7YvALVTzyQsQ4yw87BoONt1L
76-----END PRIVATE KEY-----
77'
78
79do_sign=false
80# shellcheck disable=SC2153
81private_key_path="${PRIVATE_KEY_PATH}"
82image=""
83outfile=""
84version=""
85model=""
86manufacturer=""
87machineName=""
88
89
90while [[ $# -gt 0 ]]; do
91  key="$1"
92  case $key in
93    --image)
94      image="$2"
95      shift 2
96      ;;
97    --version)
98      version="$2"
99      shift 2
100      ;;
101    --model)
102      model="$2"
103      shift 2
104      ;;
105    --manufacturer)
106      manufacturer="$2"
107      shift 2
108      ;;
109    --machineName)
110      machineName="$2"
111      shift 2
112      ;;
113    --outfile)
114      outfile="$2"
115      shift 2
116      ;;
117    --sign)
118      do_sign=true
119      if [[ -n "${2}"  && "${2}" != -* ]]; then
120        private_key_path="$2"
121        shift 2
122      else
123        shift 1
124      fi
125      ;;
126    --help)
127      echo "$help"
128      exit
129      ;;
130    *)
131      echo "Please enter the correct parameters."
132      echo "$help"
133      exit 1
134      ;;
135  esac
136done
137
138if [ ! -f "${image}" ]; then
139  echo "Please enter a valid PSU FW image file."
140  echo "$help"
141  exit 1
142fi
143
144if [  -z "${version}" ]; then
145  echo "Please enter a valid PSU FW image version."
146  echo "$help"
147  exit 1
148fi
149
150
151if [  -z "${model}" ]; then
152  echo "Please enter a valid PSU FW image model."
153  echo "$help"
154  exit 1
155fi
156
157if [  -z "${manufacturer}" ]; then
158  echo "Please enter a valid PSU FW image manufacturer."
159  echo "$help"
160  exit 1
161fi
162
163if [  -z "${outfile}" ]; then
164    outfile=$(pwd)/$image.tar
165else
166    outfile=$(pwd)/$outfile
167fi
168
169scratch_dir=$(mktemp -d)
170# shellcheck disable=SC2064
171trap "{ rm -r ${scratch_dir}; }" EXIT
172
173if [[ "${do_sign}" == true ]]; then
174  if [[ -z "${private_key_path}" ]]; then
175    private_key_path=${scratch_dir}/OpenBMC.priv
176    echo "${private_key}" > "${private_key_path}"
177    echo "Image is NOT secure!! Signing with the open private key!"
178  else
179    if [[ ! -f "${private_key_path}" ]]; then
180      echo "Couldn't find private key ${private_key_path}."
181      exit 1
182    fi
183
184    echo "Signing with ${private_key_path}."
185  fi
186
187  public_key_file=publickey
188  public_key_path=${scratch_dir}/$public_key_file
189  openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}"
190
191  cp "${private_key_path}" "${scratch_dir}/private_key"
192
193fi
194
195manifest_location="MANIFEST"
196files_to_sign="$manifest_location $public_key_file $image"
197
198cp "${image}" "${scratch_dir}"
199cd "${scratch_dir}"
200
201echo "Creating MANIFEST for the image"
202echo -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\
203extended_version=model=$model,manufacturer=$manufacturer" > $manifest_location
204
205if [[ -n "${machineName}" ]]; then
206    echo -e "MachineName=${machineName}" >> $manifest_location
207fi
208
209if [[ "${do_sign}" == true ]]; then
210  private_key_name=$(basename "${private_key_path}")
211  key_type="${private_key_name%.*}"
212  echo KeyType="${key_type}" >> $manifest_location
213  echo HashType="RSA-SHA256" >> $manifest_location
214
215  for file in $files_to_sign; do
216    openssl dgst -sha256 -sign private_key -out "${file}.sig" "$file"
217  done
218
219  additional_files="*.sig"
220fi
221
222# shellcheck disable=SC2086
223# Do not quote the files variables since they list multiple files
224# and tar would assume to be a single file name within quotes
225tar -cvf $outfile $files_to_sign $additional_files
226echo "PSU FW tarball at $outfile"
227exit
228