3 files changed, 27 insertions, 51 deletions

diff --git a/modules/signing/preimage.10.extract.sh b/modules/signing/preimage.10.extract.sh
index 5a7a471..489f8b4 100644
--- a/modules/signing/preimage.10.extract.sh
+++ b/modules/signing/preimage.10.extract.sh
@@ -14,31 +14,20 @@ mkdir -p $tgt
 
 found=0
 echo "Extracting content for signing..."
-if [ -e "$fsmount/boot/bootfw.zip" ]; then
-	cp $fsmount/boot/bootfw.zip $tgt
-	found=1
-fi
 
-if [ -e "$fsmount/boot/vmlinuz" ]; then
-	cp $fsmount/boot/vmlinuz $tgt/data.img
-	zip -j -n .img $tgt/runos.zip $tgt/data.img
-	rm -f $tgt/data.img
+copy_out_file() {
+	local name=$1
+	local path="$fsmount"/boot/${1}.zip
+	[ -f "$path"] || return
+	cp $path $tgt
 	found=1
-fi
-
-if [ -e "$fsmount/boot/initrd.img" ]; then
-	cp $fsmount/boot/initrd.img $tgt/data.img
-	zip -j -n .img $tgt/runrd.zip $tgt/data.img
-	rm -f $tgt/data.img
-	found=1
-elif [ -e "$fsmount/boot/olpcrd.img" ]; then
-	cp $fsmount/boot/olpcrd.img $tgt/data.img
-	zip -j -n .img $tgt/runrd.zip $tgt/data.img
-	rm -f $tgt/data.img
-	found=1
-fi
+}
 
+copy_out bootfw
+copy_out runos
+copy_out runrd
+copy_out actos
+copy_out actrd
 [ "$found" == "1" ] || exit 0
 
 zip -j $outzip $tgt/*
-
diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh
index 19ddc3b..6756eb6 100644
--- a/modules/signing/preimage.40.sign-os.sh
+++ b/modules/signing/preimage.40.sign-os.sh
@@ -8,29 +8,23 @@ okey=$(read_config signing okey)
 bios_crypto=$(read_config signing bios_crypto_path)
 [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0
 
-if [ -e "$fsmount/boot/vmlinuz" ]; then
-	echo "Signing kernel..."
-	pushd $bios_crypto/build
-	./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip
-	popd
-	[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip
-fi
+sign_os() {
+	local path="$fsmount"/boot/$1.zip
+	[ -f "$path" ] || return
 
-if [ -e "$fsmount/boot/initrd.img" ]; then
-	echo "Signing initramfs..."
 	pushd $bios_crypto/build
-	./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip
-	popd
-fi
+	unzip "$path"
+	mv data.img tmp.img
 
-if [ -e "$fsmount/boot/actrd.img" ]; then
-	echo "Signing activation initramfs..."
-	pushd $bios_crypto/build
-	$bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip
-	popd
-fi
+	rm -f $path
+	./sign-os.sh $okey tmp.img $path
 
-# If no separate activation initramfs was provided, assume that the regular
-# initramfs also handles activation.
-[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip
+	rm -f tmp.img
+	popd
+}
 
+echo "Signing initramfs/kernel..."
+sign_os runos
+sign_os actos
+sign_os runrd
+sign_os actrd
diff --git a/modules/signing/preimage.50.addsignedcontent.sh b/modules/signing/preimage.50.addsignedcontent.sh
index c110329..3ad5f19 100644
--- a/modules/signing/preimage.50.addsignedcontent.sh
+++ b/modules/signing/preimage.50.addsignedcontent.sh
@@ -12,14 +12,7 @@ rm -rf $signdir
 mkdir -p $signdir
 unzip $content -d $signdir
 for sfile in bootfw.zip runos.zip runrd.zip actos.zip actrd.zip; do
-	[ -e $signdir/$sfile ] && cp $signdir/$sfile $fsmount/boot/$sfile
+	[ -e $signdir/$sfile ] && cp --remove-destination $signdir/$sfile $fsmount/boot/$sfile
 done
 
 rm -rf $signdir
-
-# symlink actXX to runXX (or the other way) if any of them are missing
-[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip
-[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip
-[ -e $fsmount/boot/runos.zip ] || ln -s actos.zip $fsmount/boot/runos.zip
-[ -e $fsmount/boot/runrd.zip ] || ln -s actrd.zip $fsmount/boot/runrd.zip
-