diff --git a/build_uboot.sh b/build_uboot.sh index 12974bf..dcc9bd0 100755 --- a/build_uboot.sh +++ b/build_uboot.sh @@ -138,10 +138,29 @@ gen_nexell_image() if [ "$SECURE_BOOT" == "enable" ] && [ "$RSA_SIGN_TOOL" != "" ] ; then + chmod a+x ${RSA_SIGN_TOOL} ${RSA_SIGN_TOOL} -sign $TARGET_DIR/${output_file} fi } +check_rsa_sign_tool() +{ + if [ "${TARGET_BOARD}" == "artik530s" ] || [ "${TARGET_BOARD}" == "artik533s" ] || [ "${TARGET_BOARD}" == "artik710s" ]; then + test -e $SECURE_PREBUILT_DIR/${TARGET_BOARD}_codesigner && cp -f $SECURE_PREBUILT_DIR/${TARGET_BOARD}_codesigner ${RSA_SIGN_TOOL} + if [ ! -e ${RSA_SIGN_TOOL} ]; then + echo -e "\e[1;31mERROR: cannot find ${RSA_SIGN_TOOL}\e[0m" + echo -e "\e[1;31mBuild process has been terminated since the mandatory security binaries do not exist in your source code.\e[0m" + echo -e "\e[1;31mPlease download those files from artik.io with SLA agreement to continue to build.\e[0m" + echo -e "\e[1;31mOnce you download those files, please locate them to the following path.\e[0m" + echo -e "" + echo -e "\e[1;31m${TARGET_BOARD}_codesigner\e[0m" + echo -e "\e[1;31mcopy to ../boot-firmwares-${TARGET_BOARD}/\e[0m" + + exit 1 + fi + fi +} + trap 'error ${LINENO} ${?}' ERR parse_options "$@" @@ -155,6 +174,8 @@ else fi fi +check_rsa_sign_tool + test -d $TARGET_DIR || mkdir -p $TARGET_DIR pushd $UBOOT_DIR diff --git a/build_ubuntu.sh b/build_ubuntu.sh index 5dd2041..c34a56f 100755 --- a/build_ubuntu.sh +++ b/build_ubuntu.sh @@ -14,6 +14,7 @@ PREBUILT_MODULE_DIR= IMG_DIR= UBUNTU_NAME= PREBUILT_REPO_DIR= +TARGET_BOARD= print_usage() { @@ -30,6 +31,7 @@ print_usage() echo "--use-prebuilt-repo Use prebuilt repository" echo "--img-dir Image generation directory" echo "-n|--ubuntu-name Ubuntu image name" + echo "-b [TARGET_BOARD] Target board ex) -b artik710|artik530|artik5|artik10" exit 0 } @@ -77,6 +79,9 @@ parse_options() -n|--ubuntu-name) UBUNTU_NAME="$2" shift ;; + -b) + TARGET_BOARD="$2" + shift ;; *) shift ;; esac @@ -186,6 +191,30 @@ find_unused_port() done } +restrictive_pkg_check() +{ + if [ "$SECURE_PREBUILT_DIR/debs" != "" ]; then + cp -f $SECURE_PREBUILT_DIR/debs/*.deb $DEST_DIR/debs + fi + if [ "${TARGET_BOARD}" == "artik530s" ] || [ "${TARGET_BOARD}" == "artik533s" ] || [ "${TARGET_BOARD}" == "artik710s" ]; then + RESTRICTIVE_PKG_LIST=`cat config/${TARGET_BOARD}_secure.list` + for l in $RESTRICTIVE_PKG_LIST + do + if [ "${l##*.}" == "deb" ] && [ ! -f $l ]; then + echo -e "\e[1;31mERROR: cannot find ${l}\e[0m" + echo -e "\e[1;31mBuild process has been terminated since the mandatory security binaries do not exist in your source code.\e[0m" + echo -e "\e[1;31mPlease download those files from artik.io with SLA agreement to continue to build.\e[0m" + echo -e "\e[1;31mOnce you download those files, please locate them to the following path.\e[0m" + echo -e "" + echo -e "\e[1;31mdeb files\e[0m" + echo -e "\e[1;31mcopy to ../ubuntu-build-service/prebuilt/${ARCH}/${TARGET_BOARD}/\e[0m" + + exit 1 + fi + done + fi +} + trap abnormal_exit INT ERR package_check sbuild sponge python3 @@ -202,6 +231,8 @@ if [ "$PREBUILT_REPO_DIR" != "" ]; then cp -rf $PREBUILT_REPO_DIR/* $DEST_DIR/debs fi +restrictive_pkg_check + start_local_server $DEST_DIR/debs $PORT pushd ../ diff --git a/mksdboot.sh b/mksdboot.sh index e92da26..b1a6c54 100755 --- a/mksdboot.sh +++ b/mksdboot.sh @@ -39,6 +39,7 @@ gen_nexell_image_mon() input_file=bl_mon.img if [ "$RSA_SIGN_TOOL" != "" ]; then + chmod a+x ${RSA_SIGN_TOOL} ${RSA_SIGN_TOOL} -sign $TARGET_DIR/${input_file} fi fi @@ -54,6 +55,7 @@ gen_nexell_image_secure() fi if [ "$RSA_SIGN_TOOL" != "" ]; then + chmod a+x ${RSA_SIGN_TOOL} ${RSA_SIGN_TOOL} -sign $TARGET_DIR/${input_file} fi } diff --git a/release.sh b/release.sh index 8a10240..9fb5014 100755 --- a/release.sh +++ b/release.sh @@ -121,6 +121,44 @@ parse_options() done } +check_restrictive_pkg() +{ + if [ "${TARGET_BOARD}" == "artik530s" ] || [ "${TARGET_BOARD}" == "artik533s" ] || [ "${TARGET_BOARD}" == "artik710s" ]; then + if [ "$SECURE_PREBUILT_DIR" != "" ]; then + cp -f $SECURE_PREBUILT_DIR/${TARGET_BOARD}_codesigner $PREBUILT_DIR + cp -f $SECURE_PREBUILT_DIR/secureos.img $PREBUILT_DIR + + test ! -d $UBUNTU_MODULE_DEB_DIR && mkdir -p $UBUNTU_MODULE_DEB_DIR + cp -f $SECURE_PREBUILT_DIR/debs/*.deb $UBUNTU_MODULE_DEB_DIR + fi + RESTRICTIVE_PKG_LIST=`cat config/${TARGET_BOARD}_secure.list` + for l in $RESTRICTIVE_PKG_LIST + do + if [ $FULL_BUILD ]; then + if [ ! -f $l ]; then + echo -e "ERROR: cannot find ${l}-\e[0m" + echo -e "Build process has been terminated since the mandatory security binaries do not exist in your source code.\e[0m" + echo -e "Please download those files from artik.io with SLA agreement to continue to build.\e[0m" + echo -e "Once you download those files, please locate them to the following path." + echo -e "" + echo -e "1. secureos.img or fip-secure.img\e[0m" + echo -e " copy to ../boot-firmwares-${TARGET_BOARD}/\e[0m" + echo -e "2. ${TARGET_BOARD}_codesigner" + echo -e " copy to ../boot-firmwares-${TARGET_BOARD}/\e[0m" + echo -e "3. deb files\e[0m" + echo -e " copy to ../ubuntu-build-service/prebuilt/${ARCH}/${TARGET_BOARD}/\e[0m" + + exit 1 + fi + else + if [ ! -f $l ] && [ "${l##*.}" == "deb" ]; then + continue + fi + fi + done + fi +} + package_check() { command -v $1 >/dev/null 2>&1 || { echo >&2 "${1} not installed. Please install \"sudo apt-get install $2\""; exit 1; } @@ -171,6 +209,8 @@ then . $CONFIG_FILE fi +check_restrictive_pkg + if [ "$BUILD_DATE" == "" ]; then BUILD_DATE=`date +"%Y%m%d.%H%M%S"` fi @@ -240,7 +280,8 @@ if $FULL_BUILD ; then --arch $BUILD_ARCH --chroot xenial-amd64-${BUILD_ARCH} \ --dest-dir $TARGET_DIR $SKIP_UBUNTU_BUILD \ --prebuilt-dir ../ubuntu-build-service/prebuilt/$BUILD_ARCH \ - --img-dir $UBUNTU_IMG_DIR + --img-dir $UBUNTU_IMG_DIR \ + -b ${BUILD_TARGET} else if [ "$FEDORA_PREBUILT_RPM_DIR" != "" ]; then PREBUILD_ADD_CMD="-r $FEDORA_PREBUILT_RPM_DIR"