Signed software updates over USB

diff --git a/public.pem b/public.pem
new file mode 100644 (file)
index 0000000..728399b
--- /dev/null
+++ b/public.pem
@@ -0,0 +1,26 @@
+-----BEGIN PUBLIC KEY-----
+MIIEfDANBgkqhkiG9w0BAQEFAAOCBGkAMIIEZAKCBFsA0iSQYjN2/GnZu72q8Aaa
+T7Bc8//NNdNQ76jHpIgkfiwi+jsbQFOFDgsFpuERgRKr5ICumJgpPfY9/7NoVjpl
+OHwBykr0PRaX9gtktTc9+yOc5sDoj0PvYf8XpYjcLzqJ9363ath3555E5yuUXBEc
+X4GB4GUW8A9yUB6yszdzwqqJzCakWHDr4RahGpjpIuMAZgck9CtYWqeXkRATQrt0
+HFBgeeiM11AbDgdqDRBj7VTjHah6xZWlIEgrZSwWYuFGsWjHCmzfm1yCqRp0nysv
+hGJiFbz21vxSHnFLl/qfDrm1B2IdhfalN8tMdsCz2cepqm6MSPClzrgtHjTiv1P1
+vf4hK9sZ+2j0d8QcCxVuSNXe4Lx6U1kgxpEbs3cy/pWCNddZ8NpqL0YPhPzWvr4W
+DVFV6sf853Ei8Tv4MDOSQuDR8bY9JqxoPQ8ucFCsH4kzbxWDvJ397ZyL2iC7STP0
+ixqHfLS9RwqIRuJEfNgNM055nk41uiwTJNbULmP42SL9LcpVDsCgizWjBSdLIe8t
+yCk3OgyOdxDLzZkyUW5yrn4Bvz8F65hQ5x2heh2csqsonWkHFCSyni0nhh5xQwxw
+CcHJVZfwJ1YBSQPg/b9nKtW9icH49f9L9LLd+CDI850KzbG/hW+Z4RvLgyhyW062
+lR8JAos2Xksdd4T0IZqoq4uAOskXAmdyuRZzexy0oINQb1vtmVpaqJpWJuiW0X6F
+SqPUvDkH+OvPVD7sOmaqNyxz7QVqX6WyelulZt9oqd7cNNbm2D83SQunaoKaYR35
+r6YsZaUWJ+5IlJa4bPCN0DWPzWuWd96y8J1J/mvFS/1jWO2D/fkmVeAHPWWIXFGG
+s8pKdL6ZfUI17JUaS+t5MtqiiMwkKM89MaP1GR474Cq2Obq9oWhyc7PJL2EhyJt0
+XUxlXqkQO/eXvywCTS/oQDDNSnC67hg/82/Eph5/e1NSBakX40c6pAEqIg54Qx2U
+41hpeMCg+gZKq3tEpQtBW3MSyDPWCHY8oiVenjWTjTWOa05qSfW1C1EzBRi2ippd
+C1iqlQ7dfXDkDn/pTjRMMolM+IjlR5KfZRPHfIeFVnDu2o3Ns3mBpIVTHJ9ad+0y
+gQZFAnaUTmPsmATv27siPdvKSuLH+++sR4dEVhU0AnDQqA8cXYTmBU7XLY1czv9N
+7Fo4+im/VUBxrULD2iRJvJz2jFCnSFghoNuPnwfmR0pNizb+z/qZAQzwncJW+w/j
+v3W4bd25tFlJgBp89ahw7PEIR/CweiWFCJ5xkPAP3VVHKulL7Y0PtTNAEr7hNBP4
+7S8ZHX5svr6drIr8TuHjntwdrjeM+sm3PslrwesuiulVe0W1ce0vi7CDob3jTS6z
+5cOD83JR6BUp8/dS51tTTOBtlXkSHz9/f0Jhh6ZZMja9mxA3JSF7E7BDrpoKci/m
+Z6S8/DIdLebZY9pVlCYsbR4bPxhsquhPC25fiNJlyEKpcUQSMSbBheD9wwIDAQAB
+-----END PUBLIC KEY-----

diff --git a/start.sh b/start.sh
index 0cb29c7..ece8387 100755 (executable)
--- a/start.sh
+++ b/start.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-/home/pi/hdmi-switcher/usb-config.sh
+/home/pi/hdmi-switcher/update.sh
 printf "Starting video... "
 sleep 5
 printf "OK\n"

diff --git a/update.sh b/update.sh
new file mode 100755 (executable)
index 0000000..ecd5fd2
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+clear
+
+if [[ ! -e "/dev/sda1" ]]; then
+ exit 1
+fi
+
+printf "Found USB... "
+
+umount /dev/sda1 > /dev/null 2>&1
+mount /dev/sda1 > /dev/null 2>&1 || (printf "Mount failure\n" && exit 1)
+
+printf "\t\tMount OK\n"
+
+if [[ -e "/mnt/usb-update/config.ini" ]]; then
+  printf "Found config.ini... "
+  (cp /mnt/usb-update/config.ini ./ > /dev/null 2>&1 && printf "\tCopy OK\n") || printf "\tCopy failure\n"
+fi
+
+if [[ -e "/mnt/usb-update/video.mp4" ]]; then
+  printf "Found video.mp4... "
+  (cp /mnt/usb-update/video.mp4 ./ > /dev/null 2>&1 && printf "\tCopy OK\n") || printf "\tCopy failure\n"
+fi
+
+if [[ -e "/mnt/usb-update/update.zip" ]] && [[ -e "/mnt/usb-update/update.sig" ]]; then
+  printf "Updating software... "
+  openssl dgst -sha256 -verify public.pem -signature /mnt/usb-update/update.sig /mnt/usb-update/update.zip > /dev/null 2>&1
+  if [[ $? = 0 ]]; then
+    (unzip -o /mnt/usb-update/update.zip -d /home/pi > /dev/null 2>&1 && printf "\tOK\n") || printf "\tExtract failure\n"
+  else
+    printf "\tSignature failure\n"
+  fi
+fi
+
+umount /dev/sda1 > /dev/null 2>&1