From 6f20e4439571d7b6924be809111e0f15502e132d Mon Sep 17 00:00:00 2001 From: Cameron Ball Date: Thu, 26 Mar 2015 07:42:32 +0000 Subject: [PATCH] Signed software updates over USB --- public.pem | 26 ++++++++++++++++++++++++++ start.sh | 2 +- update.sh | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 public.pem create mode 100755 update.sh diff --git a/public.pem b/public.pem new file mode 100644 index 0000000..728399b --- /dev/null +++ b/public.pem @@ -0,0 +1,26 @@ +-----BEGIN PUBLIC KEY----- +MIIEfDANBgkqhkiG9w0BAQEFAAOCBGkAMIIEZAKCBFsA0iSQYjN2/GnZu72q8Aaa +T7Bc8//NNdNQ76jHpIgkfiwi+jsbQFOFDgsFpuERgRKr5ICumJgpPfY9/7NoVjpl +OHwBykr0PRaX9gtktTc9+yOc5sDoj0PvYf8XpYjcLzqJ9363ath3555E5yuUXBEc +X4GB4GUW8A9yUB6yszdzwqqJzCakWHDr4RahGpjpIuMAZgck9CtYWqeXkRATQrt0 +HFBgeeiM11AbDgdqDRBj7VTjHah6xZWlIEgrZSwWYuFGsWjHCmzfm1yCqRp0nysv +hGJiFbz21vxSHnFLl/qfDrm1B2IdhfalN8tMdsCz2cepqm6MSPClzrgtHjTiv1P1 +vf4hK9sZ+2j0d8QcCxVuSNXe4Lx6U1kgxpEbs3cy/pWCNddZ8NpqL0YPhPzWvr4W +DVFV6sf853Ei8Tv4MDOSQuDR8bY9JqxoPQ8ucFCsH4kzbxWDvJ397ZyL2iC7STP0 +ixqHfLS9RwqIRuJEfNgNM055nk41uiwTJNbULmP42SL9LcpVDsCgizWjBSdLIe8t +yCk3OgyOdxDLzZkyUW5yrn4Bvz8F65hQ5x2heh2csqsonWkHFCSyni0nhh5xQwxw +CcHJVZfwJ1YBSQPg/b9nKtW9icH49f9L9LLd+CDI850KzbG/hW+Z4RvLgyhyW062 +lR8JAos2Xksdd4T0IZqoq4uAOskXAmdyuRZzexy0oINQb1vtmVpaqJpWJuiW0X6F +SqPUvDkH+OvPVD7sOmaqNyxz7QVqX6WyelulZt9oqd7cNNbm2D83SQunaoKaYR35 +r6YsZaUWJ+5IlJa4bPCN0DWPzWuWd96y8J1J/mvFS/1jWO2D/fkmVeAHPWWIXFGG +s8pKdL6ZfUI17JUaS+t5MtqiiMwkKM89MaP1GR474Cq2Obq9oWhyc7PJL2EhyJt0 +XUxlXqkQO/eXvywCTS/oQDDNSnC67hg/82/Eph5/e1NSBakX40c6pAEqIg54Qx2U +41hpeMCg+gZKq3tEpQtBW3MSyDPWCHY8oiVenjWTjTWOa05qSfW1C1EzBRi2ippd +C1iqlQ7dfXDkDn/pTjRMMolM+IjlR5KfZRPHfIeFVnDu2o3Ns3mBpIVTHJ9ad+0y +gQZFAnaUTmPsmATv27siPdvKSuLH+++sR4dEVhU0AnDQqA8cXYTmBU7XLY1czv9N +7Fo4+im/VUBxrULD2iRJvJz2jFCnSFghoNuPnwfmR0pNizb+z/qZAQzwncJW+w/j +v3W4bd25tFlJgBp89ahw7PEIR/CweiWFCJ5xkPAP3VVHKulL7Y0PtTNAEr7hNBP4 +7S8ZHX5svr6drIr8TuHjntwdrjeM+sm3PslrwesuiulVe0W1ce0vi7CDob3jTS6z +5cOD83JR6BUp8/dS51tTTOBtlXkSHz9/f0Jhh6ZZMja9mxA3JSF7E7BDrpoKci/m +Z6S8/DIdLebZY9pVlCYsbR4bPxhsquhPC25fiNJlyEKpcUQSMSbBheD9wwIDAQAB +-----END PUBLIC KEY----- diff --git a/start.sh b/start.sh index 0cb29c7..ece8387 100755 --- a/start.sh +++ b/start.sh @@ -1,5 +1,5 @@ #!/bin/bash -/home/pi/hdmi-switcher/usb-config.sh +/home/pi/hdmi-switcher/update.sh printf "Starting video... " sleep 5 printf "OK\n" diff --git a/update.sh b/update.sh new file mode 100755 index 0000000..ecd5fd2 --- /dev/null +++ b/update.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +clear + +if [[ ! -e "/dev/sda1" ]]; then + exit 1 +fi + +printf "Found USB... " + +umount /dev/sda1 > /dev/null 2>&1 +mount /dev/sda1 > /dev/null 2>&1 || (printf "Mount failure\n" && exit 1) + +printf "\t\tMount OK\n" + +if [[ -e "/mnt/usb-update/config.ini" ]]; then + printf "Found config.ini... " + (cp /mnt/usb-update/config.ini ./ > /dev/null 2>&1 && printf "\tCopy OK\n") || printf "\tCopy failure\n" +fi + +if [[ -e "/mnt/usb-update/video.mp4" ]]; then + printf "Found video.mp4... " + (cp /mnt/usb-update/video.mp4 ./ > /dev/null 2>&1 && printf "\tCopy OK\n") || printf "\tCopy failure\n" +fi + +if [[ -e "/mnt/usb-update/update.zip" ]] && [[ -e "/mnt/usb-update/update.sig" ]]; then + printf "Updating software... " + openssl dgst -sha256 -verify public.pem -signature /mnt/usb-update/update.sig /mnt/usb-update/update.zip > /dev/null 2>&1 + if [[ $? = 0 ]]; then + (unzip -o /mnt/usb-update/update.zip -d /home/pi > /dev/null 2>&1 && printf "\tOK\n") || printf "\tExtract failure\n" + else + printf "\tSignature failure\n" + fi +fi + +umount /dev/sda1 > /dev/null 2>&1 -- 2.11.0