-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtecff-sign-firmware-manifest
executable file
·43 lines (43 loc) · 1.46 KB
/
tecff-sign-firmware-manifest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/bin/bash
if [ "$1" != "stable" ] && [ "$1" != "beta" ]; then
echo "please supply branch (beta|stable) as a parameter"
exit 1
fi
BUILD_SRV="[email protected]"
LPATH="$(mktemp)"
PATH1="/var/lib/jenkins/jobs"
PATH2="lastSuccessful/archive/output/images/sysupgrade"
JOB_BETA="site-ffa-beta"
JOB_STAB="site-ffa-stable"
SCRIPT_PATH="$(dirname -- "${BASH_SOURCE[0]}")"
SIGNSH_SRC="https://raw.githubusercontent.com/freifunk-gluon/gluon/master/contrib/sign.sh"
SIGNSH="${SCRIPT_PATH}/gluon-sign.sh"
if [ ! -x "$SIGNSH" ]; then
echo "please make sure $SIGNSH exists and is executable."
echo "you can download it like this:"
echo "sudo wget $SIGNSH_SRC -O $SIGNSH"
exit 1
fi
if ! command -v ecdsasign &> /dev/null ; then
echo "make sure you have installed ecdsautil/ecdsasign as it is needed by $SIGNSH !"
exit 1
fi
if [ "$1" = "beta" ]; then
RPATH="$PATH1/$JOB_BETA/$PATH2/beta.manifest"
else
RPATH="$PATH1/$JOB_STAB/$PATH2/stable.manifest"
fi
# read signature secret from user input
read -sp "insert your signature secret: " SECRET
# load manifest from buildserver
scp $BUILD_SRV:$RPATH $LPATH
# create temporary file for signature secret
SECFILE="$(mktemp)"
# save signature secret to file for usage in signature script
echo $SECRET > $SECFILE
$SIGNSH $SECFILE $LPATH
# copy manifest back to the buildserver
scp $LPATH $BUILD_SRV:$RPATH
rm $LPATH
rm $SECFILE
echo "if there was no error message until this point, the file was signed successfully and copied back to the buildserver."