Always ship kernel/initramfs in zip files

We now ship the kernel/initramfs in zip files only.
This reduces duplication for when images get signed, and it allows
us to ship a simplified olpc.fth.

This implements the plan here:
http://lists.laptop.org/pipermail/devel/2012-March/034439.html

This didn't work on first attempt because we hit a firmware bug
on XO-1.75 (#12107). Now that we have a fix, and a workaround for
old firmware versions, give this change another spin.

1 files changed, 15 insertions, 21 deletions

diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh
index 19ddc3b..6756eb6 100644
--- a/modules/signing/preimage.40.sign-os.sh
+++ b/modules/signing/preimage.40.sign-os.sh
@@ -8,29 +8,23 @@ okey=$(read_config signing okey)
 bios_crypto=$(read_config signing bios_crypto_path)
 [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0
 
-if [ -e "$fsmount/boot/vmlinuz" ]; then
-	echo "Signing kernel..."
-	pushd $bios_crypto/build
-	./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip
-	popd
-	[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip
-fi
+sign_os() {
+	local path="$fsmount"/boot/$1.zip
+	[ -f "$path" ] || return
 
-if [ -e "$fsmount/boot/initrd.img" ]; then
-	echo "Signing initramfs..."
 	pushd $bios_crypto/build
-	./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip
-	popd
-fi
+	unzip "$path"
+	mv data.img tmp.img
 
-if [ -e "$fsmount/boot/actrd.img" ]; then
-	echo "Signing activation initramfs..."
-	pushd $bios_crypto/build
-	$bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip
-	popd
-fi
+	rm -f $path
+	./sign-os.sh $okey tmp.img $path
 
-# If no separate activation initramfs was provided, assume that the regular
-# initramfs also handles activation.
-[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip
+	rm -f tmp.img
+	popd
+}
 
+echo "Signing initramfs/kernel..."
+sign_os runos
+sign_os actos
+sign_os runrd
+sign_os actrd