blob: e38fd5f27877e20c8c771ffc4099a806976504ab [file] [log] [blame]
# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
HELP="USAGE: encrypted_import [flags]
This script is used to copy files validated with the output of sha256sum to
a new directory. The caller is expected to create and manage both the source
and target directories as needed, mostly to make sure permissions are handled
To move files from one directory to another while validating them:
encrypted_import /path/from /output/validation /path/to
This is intended for safely importing files from the unencrypted to encrypted
portions of the stateful partition.
# Die on error
set -e
export LC_ALL=C
copy_with_validation() {
local from validation to file
from="$(readlink -m "$1")"
validation="$(readlink -m "$2")"
to="$(readlink -m "$3")"
echo "Copy ${from} -> ${to}, validated by ${validation}."
# Move files into protected temp location for validation.
local processing
processing="$(mktemp -d "${to}/import_tmp.XXXXXXXXXX")"
trap "rm -rf '${processing}'" EXIT
for file in $(awk '{ print $2 }' "${validation}"); do
mkdir -p "${processing}/$(dirname "${file}")"
cp -- "${from}/${file}" "${processing}/${file}"
# Validate the files being imported. Note that we will exit
# on failure because of the "set -e" above.
cd "${processing}"
sha256sum --check --strict --quiet "${validation}"
for file in $(awk '{ print $2 }' "${validation}"); do
mkdir -p "${to}/$(dirname "${file}")"
mv -- "${processing}/${file}" "${to}/${file}"
if [ $# -eq 3 ]; then
copy_with_validation "$@"
echo "${HELP}"
exit 1