From c5cb6551027da10d04f39ed1c04e166cc4878652 Mon Sep 17 00:00:00 2001 From: Daniel Drake Date: Thu, 13 Sep 2012 21:59:01 +0000 Subject: Revert "Always ship kernel/initramfs in zip files" This reverts commit 41b5c8982e70ea61fde8aac6d2ed4bbe90458dc0. It breaks boot on XO-1.75; the kernel boots but can't find dtree/atb. --- diff --git a/modules/base/kspost.50.zip_bootfiles.nochroot.inc b/modules/base/kspost.50.zip_bootfiles.nochroot.inc deleted file mode 100644 index 8477ae2..0000000 --- a/modules/base/kspost.50.zip_bootfiles.nochroot.inc +++ /dev/null @@ -1,46 +0,0 @@ -# Put the unsigned kernel/initramfs in zip files and remove the originals -# This avoids duplication for signed builds (where these zips will be signed -# later), where otherwise we would be shipped both signed and unsigned kernels -# and losing some disk space. - -# Create zip files -create_unsigned_zip() { - local infile=$1 - local tgt=$2 - - cd $INSTALL_ROOT/boot - [ -e $1 ] || return - - cp $1 data.img - zip -j -n .img ${tgt}.zip data.img - rm -f data.img -} - -create_unsigned_zip vmlinuz runos -create_unsigned_zip initrd.img runrd -create_unsigned_zip actrd.img actrd - -# Remove original copies -remove_original() { - local name=$1 - - cd $INSTALL_ROOT/boot - [ -e "$name" ] || return - - if [ -L "$name" ]; then - dest=$(readlink $name) - rm -rf "$dest" - fi - - rm -f $name -} - -remove_original vmlinuz -remove_original actrd.img -remove_original initrd.img - -# symlink actXX to runXX (or the other way) if any of them are missing -[ -e $INSTALL_ROOT/boot/actos.zip ] || ln -s runos.zip $INSTALL_ROOT/boot/actos.zip -[ -e $INSTALL_ROOT/boot/actrd.zip ] || ln -s runrd.zip $INSTALL_ROOT/boot/actrd.zip -[ -e $INSTALL_ROOT/boot/runos.zip ] || ln -s actos.zip $INSTALL_ROOT/boot/runos.zip -[ -e $INSTALL_ROOT/boot/runrd.zip ] || ln -s actrd.zip $INSTALL_ROOT/boot/runrd.zip diff --git a/modules/signing/preimage.10.extract.sh b/modules/signing/preimage.10.extract.sh index 489f8b4..5a7a471 100644 --- a/modules/signing/preimage.10.extract.sh +++ b/modules/signing/preimage.10.extract.sh @@ -14,20 +14,31 @@ mkdir -p $tgt found=0 echo "Extracting content for signing..." +if [ -e "$fsmount/boot/bootfw.zip" ]; then + cp $fsmount/boot/bootfw.zip $tgt + found=1 +fi -copy_out_file() { - local name=$1 - local path="$fsmount"/boot/${1}.zip - [ -f "$path"] || return - cp $path $tgt +if [ -e "$fsmount/boot/vmlinuz" ]; then + cp $fsmount/boot/vmlinuz $tgt/data.img + zip -j -n .img $tgt/runos.zip $tgt/data.img + rm -f $tgt/data.img found=1 -} +fi + +if [ -e "$fsmount/boot/initrd.img" ]; then + cp $fsmount/boot/initrd.img $tgt/data.img + zip -j -n .img $tgt/runrd.zip $tgt/data.img + rm -f $tgt/data.img + found=1 +elif [ -e "$fsmount/boot/olpcrd.img" ]; then + cp $fsmount/boot/olpcrd.img $tgt/data.img + zip -j -n .img $tgt/runrd.zip $tgt/data.img + rm -f $tgt/data.img + found=1 +fi -copy_out bootfw -copy_out runos -copy_out runrd -copy_out actos -copy_out actrd [ "$found" == "1" ] || exit 0 zip -j $outzip $tgt/* + diff --git a/modules/signing/preimage.40.sign-os.sh b/modules/signing/preimage.40.sign-os.sh index 6756eb6..19ddc3b 100644 --- a/modules/signing/preimage.40.sign-os.sh +++ b/modules/signing/preimage.40.sign-os.sh @@ -8,23 +8,29 @@ okey=$(read_config signing okey) bios_crypto=$(read_config signing bios_crypto_path) [ -n "$bios_crypto" -a -d "$bios_crypto" ] || exit 0 -sign_os() { - local path="$fsmount"/boot/$1.zip - [ -f "$path" ] || return - +if [ -e "$fsmount/boot/vmlinuz" ]; then + echo "Signing kernel..." pushd $bios_crypto/build - unzip "$path" - mv data.img tmp.img + ./sign-os.sh $okey $fsmount/boot/vmlinuz $fsmount/boot/runos.zip + popd + [ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip +fi - rm -f $path - ./sign-os.sh $okey tmp.img $path +if [ -e "$fsmount/boot/initrd.img" ]; then + echo "Signing initramfs..." + pushd $bios_crypto/build + ./sign-os.sh $okey $fsmount/boot/initrd.img $fsmount/boot/runrd.zip + popd +fi - rm -f tmp.img +if [ -e "$fsmount/boot/actrd.img" ]; then + echo "Signing activation initramfs..." + pushd $bios_crypto/build + $bios_crypto/build/sign-os.sh $okey $fsmount/boot/actrd.img $fsmount/boot/actrd.zip popd -} +fi + +# If no separate activation initramfs was provided, assume that the regular +# initramfs also handles activation. +[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip -echo "Signing initramfs/kernel..." -sign_os runos -sign_os actos -sign_os runrd -sign_os actrd diff --git a/modules/signing/preimage.50.addsignedcontent.sh b/modules/signing/preimage.50.addsignedcontent.sh index 3ad5f19..c110329 100644 --- a/modules/signing/preimage.50.addsignedcontent.sh +++ b/modules/signing/preimage.50.addsignedcontent.sh @@ -12,7 +12,14 @@ rm -rf $signdir mkdir -p $signdir unzip $content -d $signdir for sfile in bootfw.zip runos.zip runrd.zip actos.zip actrd.zip; do - [ -e $signdir/$sfile ] && cp --remove-destination $signdir/$sfile $fsmount/boot/$sfile + [ -e $signdir/$sfile ] && cp $signdir/$sfile $fsmount/boot/$sfile done rm -rf $signdir + +# symlink actXX to runXX (or the other way) if any of them are missing +[ -e $fsmount/boot/actos.zip ] || ln -s runos.zip $fsmount/boot/actos.zip +[ -e $fsmount/boot/actrd.zip ] || ln -s runrd.zip $fsmount/boot/actrd.zip +[ -e $fsmount/boot/runos.zip ] || ln -s actos.zip $fsmount/boot/runos.zip +[ -e $fsmount/boot/runrd.zip ] || ln -s actrd.zip $fsmount/boot/runrd.zip + -- cgit v0.9.1