1#!/bin/bash 2# Copyright 2017 The ChromiumOS Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6# Load common constants and variables. 7. "$(dirname "$0")/common.sh" 8 9load_shflags || exit 1 10 11FLAGS_HELP="Usage: ${PROG} <image.bin|rootfs_dir> <public_key.pem> 12 13Installs the container verification public key <public_key.pem> to 14<image.bin|rootfs_dir>. 15" 16 17# Parse command line. 18FLAGS "$@" || exit 1 19eval set -- "${FLAGS_ARGV}" 20 21# Abort on error. 22set -e 23 24main() { 25 if [[ $# -ne 2 ]]; then 26 flags_help 27 exit 1 28 fi 29 30 local image="$1" 31 local pub_key="$2" 32 local loopdev 33 local rootfs 34 local key_location="/usr/share/misc/" 35 36 if [[ -d "${image}" ]]; then 37 rootfs="${image}" 38 else 39 loopdev=$(loopback_partscan "${image}") 40 rootfs=$(make_temp_dir) 41 mount_loop_image_partition "${loopdev}" 3 "${rootfs}" 42 fi 43 44 # Imageloader likes DER as a runtime format as it's easier to read. 45 local tmpfile=$(make_temp_file) 46 openssl pkey -pubin -in "${pub_key}" -out "${tmpfile}" -pubout -outform DER 47 48 sudo install \ 49 -D -o root -g root -m 644 \ 50 "${tmpfile}" "${rootfs}/${key_location}/oci-container-key-pub.der" 51 info "Container verification key was installed." \ 52 "Do not forget to resign the image!" 53} 54 55main "$@" 56