build: add script to sign packages
authorPaul Spooren <mail@aparcar.org>
Tue, 24 Sep 2019 22:32:56 +0000 (12:32 -1000)
committerJohn Crispin <john@phrozen.org>
Mon, 21 Oct 2019 12:07:08 +0000 (14:07 +0200)
commit2ae5100d707057c29ed2ebdd0ae31b50a333f95b
tree794f35cfc87ec2f38590d6bae36c32e277af8706
parent4a45e69d190f72ed94878487b271ed7651dd9efa
build: add script to sign packages

This script allows image signing indipendend of the actual build
process, to run on a master server after receiving freshly backed
images. Idea is to avoid storying private keys on third party builders
while still beeing to be able to sign packages.

Run ./scripts/sign_images.sh with the following env vars:

* TOP_DIR where to search for sysupgrade.bin images
* BUILD_KEY place of key-build{,.pub,.ucert}
* REMOVE_OTHER_SIGNATURES removes signatures added by e.g. buildbots

Only sysupgrade.bin files are touched as factory.bin signatures wouldn't
be evaluated on stock from.

Signed-off-by: Paul Spooren <mail@aparcar.org>
scripts/sign_images.sh [new file with mode: 0755]