[Replicant] [vendor_replicant] [PATCH v2] Update key-migration.sh to sync with vendor_replicant-scripts
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Sun Oct 11 20:19:42 UTC 2020
The gen_key_migration_script script was modified to generate a
key-migration.sh script that can run multiple times.
In addition, prints were added to inform the user of the script
success of failure.
So we need to update the generated script as well for the changes
to be taken into account.
This modified version was generated with the following command in
the top directory of the replicant-6.0 source code:
$ ./vendor/replicant-scripts/images/gen_key_migration_script/gen_key_migration_script.py \
gen-script \
vendor/replicant/prebuilt/common/bin/key-migration.sh \
vendor/replicant-data/distros/releases/certificates/ \
vendor/replicant-security/
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org>
---
prebuilt/common/bin/key-migration.sh | 34 +++++++++++++---------------
1 file changed, 16 insertions(+), 18 deletions(-)
diff --git a/prebuilt/common/bin/key-migration.sh b/prebuilt/common/bin/key-migration.sh
index 9f04960b..81665199 100644
--- a/prebuilt/common/bin/key-migration.sh
+++ b/prebuilt/common/bin/key-migration.sh
@@ -14,21 +14,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-PACKAGES=/data/system/packages.xml
-PACKAGES_BACKUP=/data/system/packages-backup.xml
-MIGRATION_DONE=/data/system/.key-migration-done
-
-if [ -f ${MIGRATION_DONE} ]; then
- exit 0
-fi
-
-if [ ! -f ${PACKAGES_BACKUP} ] && [ ! -f ${PACKAGES} ]; then
- touch ${MIGRATION_DONE}
- exit 0
-fi
-
-if [ -f ${PACKAGES_BACKUP} ]; then
- mv ${PACKAGES_BACKUP} ${PACKAGES}
+PACKAGES="/data/system/packages.xml"
+
+if [ ! -f "${PACKAGES}" ]; then
+ echo "Cannot migrate keys due to missing ${PACKAGES}:"
+ echo "- If /data is not mounted, you might need to mount it"
+ echo "- If /data is already mounted, maybe the data partition is blank."
+ echo " In this case you can skip running this script."
+ exit 0
fi
#####################
@@ -483,7 +476,12 @@ sed \
"s#${old_replicant_4_2_0003_shared_PEM_pubkey}#${new_shared_PEM_pubkey}#g" \
-i ${PACKAGES}
-chmod 660 ${PACKAGES}
-chown system:system ${PACKAGES}
+if [ "$(find /data/system/packages.xml -perm 660)" != "${PACKAGES}" ] ; then
+ chmod 660 ${PACKAGES}
+fi
+
+if [ "$(find /data/system/packages.xml -user system -group system)" != "${PACKAGES}" ] ; then
+ chown system:system ${PACKAGES}
+fi
-touch ${MIGRATION_DONE}
\ No newline at end of file
+echo "Key migration done"
\ No newline at end of file
--
2.28.0
More information about the Replicant
mailing list