swupdate: execute swupdate with verification within trustfence images
- While trying to update the system using signed swupdate packages, the swupdate binary requires a new parameter (-k) to specify the location of the public key that will be used to verify the update package. At the moment there is no way to check if a package is signed or not, so we asume that the existence of the public key in the recovery initramfs is enough to determine that we want to update the system using signed packages. https://jira.digi.com/browse/DEL-3775 Signed-off-by: David Escalona <david.escalona@digi.com>
This commit is contained in:
David Escalona
parent
6362b99205
commit
68430b1297
|
|
@ -21,6 +21,7 @@ ENV_BOOT_RECOVERY="boot_recovery"
|
||||||
ENV_RECOVERY_COMMAND="recovery_command"
|
ENV_RECOVERY_COMMAND="recovery_command"
|
||||||
|
|
||||||
SW_CONFIG="/etc/swupdate.cfg"
|
SW_CONFIG="/etc/swupdate.cfg"
|
||||||
|
PUBLIC_KEY="/etc/ssl/certs/key.pub"
|
||||||
|
|
||||||
USB_MOUNT_DIR="/run/media"
|
USB_MOUNT_DIR="/run/media"
|
||||||
UPDATE_MOUNT_DIR="/mnt/update"
|
UPDATE_MOUNT_DIR="/mnt/update"
|
||||||
|
|
@ -448,7 +449,11 @@ if [ -n "${update_package_bool}" ]; then
|
||||||
# Execute the progress binary.
|
# Execute the progress binary.
|
||||||
progress -wp &
|
progress -wp &
|
||||||
# Execute the software update.
|
# Execute the software update.
|
||||||
|
if [ -f "${PUBLIC_KEY}" ]; then
|
||||||
|
swupdate -f "${SW_CONFIG}" -i "${update_package}" -k "${PUBLIC_KEY}"
|
||||||
|
else
|
||||||
swupdate -f "${SW_CONFIG}" -i "${update_package}"
|
swupdate -f "${SW_CONFIG}" -i "${update_package}"
|
||||||
|
fi
|
||||||
if [ "$?" = "0" ]; then
|
if [ "$?" = "0" ]; then
|
||||||
log "Firmware update process succeed!"
|
log "Firmware update process succeed!"
|
||||||
else
|
else
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue