-
Paul Spooren authored
This script allows image signing indipendend of the actual build process, to run on a master server after receiving freshly backed images. Idea is to avoid storying private keys on third party builders while still beeing to be able to sign packages. Run ./scripts/sign_images.sh with the following env vars: * TOP_DIR where to search for sysupgrade.bin images * BUILD_KEY place of key-build{,.pub,.ucert} * REMOVE_OTHER_SIGNATURES removes signatures added by e.g. buildbots Only sysupgrade.bin files are touched as factory.bin signatures wouldn't be evaluated on stock from. Signed-off-by:Paul Spooren <mail@aparcar.org>
Paul Spooren authoredThis script allows image signing indipendend of the actual build process, to run on a master server after receiving freshly backed images. Idea is to avoid storying private keys on third party builders while still beeing to be able to sign packages. Run ./scripts/sign_images.sh with the following env vars: * TOP_DIR where to search for sysupgrade.bin images * BUILD_KEY place of key-build{,.pub,.ucert} * REMOVE_OTHER_SIGNATURES removes signatures added by e.g. buildbots Only sysupgrade.bin files are touched as factory.bin signatures wouldn't be evaluated on stock from. Signed-off-by:
