base-files: introduce sysupgrade signature chain verification

Verify ucert signature chains in sysupgrade images in case ucert is installed and $CHECK_IMAGE_SIGNARURE = 1. Also make sure ucert host binary is present and generate a self-signed ucert in case $TOPDIR/key-build.ucert is missing. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
author: Daniel Golle <daniel@makrotopia.org> 2018-01-15 03:37:17 +0100
committer: Daniel Golle <daniel@makrotopia.org> 2018-08-08 02:22:54 +0200
commit: 8174853c78f88b854ac66a3f0a5380d36ededa9a (patch)
tree: 90db16f8c8ced86a8329cb98b87b7e593a435acc /package/base-files/files/sbin/sysupgrade
parent: ec78f03de589adc9bd47a02d723d7054510601dd (diff)
download: upstream-8174853c78f88b854ac66a3f0a5380d36ededa9a.tar.gz
upstream-8174853c78f88b854ac66a3f0a5380d36ededa9a.tar.bz2
upstream-8174853c78f88b854ac66a3f0a5380d36ededa9a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/package/base-files/files/sbin/sysupgrade b/package/base-files/files/sbin/sysupgrade
index c9615e54c3..3cebfb68e0 100755
--- a/package/base-files/files/sbin/sysupgrade
+++ b/package/base-files/files/sbin/sysupgrade
@@ -136,7 +136,7 @@ add_overlayfiles() {
 }
 
 # hooks
-sysupgrade_image_check="fwtool_check_image platform_check_image"
+sysupgrade_image_check="fwtool_check_signature fwtool_check_image platform_check_image"
 
 if [ $SAVE_OVERLAY = 1 ]; then
 	[ ! -d /overlay/upper/etc ] && {
author	Daniel Golle <daniel@makrotopia.org>	2018-01-15 03:37:17 +0100
committer	Daniel Golle <daniel@makrotopia.org>	2018-08-08 02:22:54 +0200
commit	8174853c78f88b854ac66a3f0a5380d36ededa9a (patch)
tree	90db16f8c8ced86a8329cb98b87b7e593a435acc /package/base-files/files/sbin/sysupgrade
parent	ec78f03de589adc9bd47a02d723d7054510601dd (diff)
download	upstream-8174853c78f88b854ac66a3f0a5380d36ededa9a.tar.gz upstream-8174853c78f88b854ac66a3f0a5380d36ededa9a.tar.bz2 upstream-8174853c78f88b854ac66a3f0a5380d36ededa9a.zip