Tools: add script to create an update tarball
This script is used to generate the tarball using the PSU image and MANIFEST
usage: generate-psu-tar [OPTION] <parameter>...
Options:
-i, --image <file> PSU FW image
-v, --version <version> PSU FW version
-model, --model <model> PSU FW model
-mf, --manufacture <version> PSU FW manufacture
-o, --outfile <filename> Outfile name
For example : -o psufw.tar
The default outfile name is image.tar,and
"image" is what you input.
-s, --sign <path> Sign the image. The optional path argument specifies
the private key file. Defaults to the bash variable
PRIVATE_KEY_PATH if available, or else uses the
open-source private key in this script.
-h, --help Display this help text and exit.
Tested: Use this script to generate the tarball for PSU update.
for example :
./generate-psu-tar -i PSU.hex -v 12-34 -model 432-1
-mf LITEON -o test.tar -s /home/chicago/test/private_key
./generate-psu-tar -i PSU.hex -v 12-34 -model 432-1
-mf LITEON -o test.tar -s test/private_key
./generate-psu-tar -i PSU.hex -v 12-34 -model 432-1 -mf LITEON -o test.tar -s
./generate-psu-tar -i PSU.hex -v 12-34 -model 432-1 -mf LITEON -o test.tar
./generate-psu-tar -i PSU.hex -v 12-34 -model 432-1 -mf LITEON
Signed-off-by: Chicago Duan <duanzhijia01@inspur.com>
Change-Id: I50ea116bc6e1e49d7fea3e0974453c442784fbe1
diff --git a/tools/generate-psu-tar b/tools/generate-psu-tar
new file mode 100755
index 0000000..83bc020
--- /dev/null
+++ b/tools/generate-psu-tar
@@ -0,0 +1,175 @@
+#!/bin/bash
+set -eo pipefail
+
+help=$'Generate Tarball with PSU image and MANIFEST Script
+usage: generate-psu-tar [OPTION] <parameter>...
+Options:
+ -i, --image <file> PSU FW image
+ -v, --version <version> PSU FW version
+ -model, --model <model> PSU FW model
+ -mf, --manufacture <version> PSU FW manufacture
+ -o, --outfile <filename> Outfile name
+ For example : -o psufw.tar
+ The default outfile name is image.tar,and
+ "image" is what you input.
+ -s, --sign <path> Sign the image. The optional path argument specifies
+ the private key file. Defaults to the bash variable
+ PRIVATE_KEY_PATH if available, or else uses the
+ open-source private key in this script.
+ -h, --help Display this help text and exit.
+'
+
+private_key=$'-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAPvSDLu6slkP1gri
+PaeQXL9ysD69J/HjbBCIQ0RPfeWBb75US1tRTjPP0Ub8CtH8ExVf8iF1ulsZA78B
+zIjBYZVp9pyD6LbpZ/hjV7rIH6dTNhoVpdA+F8LzmQ7cyhHG8l2JMvdunwF2uX5k
+D4WDcZt/ITKZNQNavPtmIyD5HprdAgMBAAECgYEAuQkTSi5ZNpAoWz76xtGRFSwU
+zUT4wQi3Mz6tDtjKTYXasiQGa0dHC1M9F8fDu6BZ9W7W4Dc9hArRcdzEighuxoI/
+nZI/0uL89iUEywnDEIHuS6D5JlZaj86/nx9YvQnO8F/seM+MX0EAWVrd5wC7aAF1
+h6Fu7ykZB4ggUjQAWwECQQD+AUiDOEO+8btLJ135dQfSGc5VFcZiequnKWVm6uXt
+rX771hEYjYMjLqWGFg9G4gE3GuABM5chMINuQQUivy8tAkEA/cxfy19XkjtqcMgE
+x/UDt6Nr+Ky/tk+4Y65WxPRDas0uxFOPk/vEjgVmz1k/TAy9G4giisluTvtmltr5
+DCLocQJBAJnRHx9PiD7uVhRJz6/L/iNuOzPtTsi+Loq5F83+O6T15qsM1CeBMsOw
+cM5FN5UeMcwz+yjfHAsePMkcmMaU7jUCQHlg9+N8upXuIo7Dqj2zOU7nMmkgvSNE
+5yuNImRZabC3ZolwaTdd7nf5r1y1Eyec5Ag5yENV6JKPe1Xkbb1XKJECQDngA0h4
+6ATvfP1Vrx4CbP11eKXbCsZ9OGPHSgyvVjn68oY5ZP3uPsIattoN7dE2BRfuJm7m
+F0nIdUAhR0yTfKM=
+-----END PRIVATE KEY-----
+'
+
+do_sign=false
+private_key_path="${PRIVATE_KEY_PATH}"
+image=""
+outfile=""
+version=""
+model=""
+manufacture=""
+declare -a partitions=()
+
+
+while [[ $# -gt 0 ]]; do
+ key="$1"
+ case $key in
+ -i|--image)
+ image="$2"
+ shift 2
+ ;;
+ -v|--version)
+ version="$2"
+ shift 2
+ ;;
+ -model|--model)
+ model="$2"
+ shift 2
+ ;;
+ -mf|--manufacture)
+ manufacture="$2"
+ shift 2
+ ;;
+ -o|--outfile)
+ outfile="$2"
+ shift 2
+ ;;
+ -s|--sign)
+ do_sign=true
+ if [[ ! -z "${2}" && "${2}" != -* ]]; then
+ private_key_path="$2"
+ shift 2
+ else
+ shift 1
+ fi
+ ;;
+ -h|--help)
+ echo "$help"
+ exit
+ ;;
+ *)
+ echo "Please enter the correct parameters."
+ echo "$help"
+ exit 1
+ ;;
+ esac
+done
+
+if [ ! -f "${image}" ]; then
+ echo "Please enter a valid PSU FW image file."
+ echo "$help"
+ exit 1
+fi
+
+if [ -z "${version}" ]; then
+ echo "Please enter a valid PSU FW image version."
+ echo "$help"
+ exit 1
+fi
+
+
+if [ -z "${model}" ]; then
+ echo "Please enter a valid PSU FW image model."
+ echo "$help"
+ exit 1
+fi
+
+if [ -z "${manufacture}" ]; then
+ echo "Please enter a valid PSU FW image manufacture."
+ echo "$help"
+ exit 1
+fi
+
+if [ -z "${outfile}" ]; then
+ outfile=`pwd`/$image.tar
+else
+ outfile=`pwd`/$outfile
+fi
+
+scratch_dir=`mktemp -d`
+trap "{ rm -r ${scratch_dir}; }" EXIT
+
+if [[ "${do_sign}" == true ]]; then
+ if [[ -z "${private_key_path}" ]]; then
+ private_key_path=${scratch_dir}/OpenBMC.priv
+ echo "${private_key}" > "${private_key_path}"
+ echo "Image is NOT secure!! Signing with the open private key!"
+ else
+ if [[ ! -f "${private_key_path}" ]]; then
+ echo "Couldn't find private key ${private_key_path}."
+ exit 1
+ fi
+
+ echo "Signing with ${private_key_path}."
+ fi
+
+ public_key_file=publickey
+ public_key_path=${scratch_dir}/$public_key_file
+ openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}"
+
+ cp ${private_key_path} ${scratch_dir}/private_key
+
+fi
+
+manifest_location="MANIFEST"
+files_to_sign="$manifest_location $public_key_file $image"
+
+cp ${image} ${scratch_dir}
+cd "${scratch_dir}"
+
+echo "Creating MANIFEST for the image"
+echo -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\
+extended_version=model=$model,manufacture=$manufacture" > $manifest_location
+
+if [[ "${do_sign}" == true ]]; then
+ private_key_name=$(basename "${private_key_path}")
+ key_type="${private_key_name%.*}"
+ echo KeyType="${key_type}" >> $manifest_location
+ echo HashType="RSA-SHA256" >> $manifest_location
+
+ for file in $files_to_sign; do
+ openssl dgst -sha256 -sign private_key -out "${file}.sig" $file
+ done
+
+ additional_files="*.sig"
+fi
+
+tar -cvf $outfile $files_to_sign $additional_files
+echo "PSU FW tarball at $outfile"
+exit