blob: 606a2911062bed4acd094a7edae0794490a897ab [file] [log] [blame] [edit]
#!/bin/bash
# Copyright 2017 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Load common constants and variables.
. "$(dirname "$0")/common.sh"
load_shflags || exit 1
FLAGS_HELP="Usage: ${PROG} <image.bin|rootfs_dir> <public_key.pem>
Installs the container verification public key <public_key.pem> to
<image.bin|rootfs_dir>.
"
# Parse command line.
FLAGS "$@" || exit 1
eval set -- "${FLAGS_ARGV}"
# Abort on error.
set -e
main() {
if [[ $# -ne 2 ]]; then
flags_help
exit 1
fi
local image="$1"
local pub_key="$2"
local loopdev
local rootfs
local key_location="/usr/share/misc/"
if [[ -d "${image}" ]]; then
rootfs="${image}"
else
loopdev=$(loopback_partscan "${image}")
rootfs=$(make_temp_dir)
mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
fi
# Imageloader likes DER as a runtime format as it's easier to read.
local tmpfile=$(make_temp_file)
openssl pkey -pubin -in "${pub_key}" -out "${tmpfile}" -pubout -outform DER
sudo install \
-D -o root -g root -m 644 \
"${tmpfile}" "${rootfs}/${key_location}/oci-container-key-pub.der"
info "Container verification key was installed." \
"Do not forget to resign the image!"
}
main "$@"