DivestOS/Scripts/Generate_Signing_Keys.sh

65 lines
2.9 KiB
Bash
Raw Normal View History

2020-12-12 09:50:27 -05:00
#!/bin/sh
2020-11-17 10:11:40 -05:00
#DivestOS: A privacy focused mobile distribution
#Copyright (c) 2018-2021 Divested Computing Group
2020-11-15 08:16:23 -05:00
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
umask 0022;
set -uo pipefail;
source "$DOS_SCRIPTS_COMMON/Shell.sh";
2018-06-23 00:21:48 -04:00
2021-03-01 21:05:42 -05:00
#Reference (MIT): https://grapheneos.org/build#generating-release-signing-keys
2018-06-29 00:55:21 -04:00
type='rsa'; #Options: rsa, ec
#source build/envsetup.sh && breakfast lineage_sailfish-user && make -j20 generate_verity_key otatools;
2020-12-03 21:47:27 -05:00
#source ../../Scripts/Generate_Signing_Keys.sh $device;
mkdir -p "$DOS_SIGNING_KEYS/NEW";
if [[ -d "$DOS_SIGNING_KEYS" ]]; then
cd "$DOS_SIGNING_KEYS/NEW";
mkdir $1; cd $1;
desc="/O=Divested Computing Group/CN=DivestOS for $1/emailAddress=support@divestos.org";
sed -i '/blank for none/,+1 d' "$DOS_BUILD_BASE"/development/tools/make_key;
sed -i 's/4096/2048/' "$DOS_BUILD_BASE"/development/tools/make_key;
"$DOS_BUILD_BASE"/development/tools/make_key releasekey "$desc" "$type";
sed -i 's/2048/4096/' "$DOS_BUILD_BASE"/development/tools/make_key;
"$DOS_BUILD_BASE"/development/tools/make_key extra "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key bluetooth "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key sdk_sandbox "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key future-1 "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key future-2 "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key future-3 "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key future-4 "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key media "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key networkstack "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key platform "$desc" "$type";
"$DOS_BUILD_BASE"/development/tools/make_key shared "$desc" "$type";
sed -i 's/4096/2048/' "$DOS_BUILD_BASE"/development/tools/make_key;
"$DOS_BUILD_BASE"/development/tools/make_key verity "$desc" "$type";
"$DOS_BUILD_BASE"/out/host/linux-x86/bin/generate_verity_key -convert verity.x509.pem verity_key;
openssl x509 -outform der -in verity.x509.pem -out verifiedboot_relkeys.der.x509;
openssl genrsa -out avb.pem 4096;
"$DOS_BUILD_BASE"/external/avb/avbtool extract_public_key --key avb.pem --output avb_pkmd.bin;
cd "$DOS_BUILD_BASE";
echo "Be sure to move your new $1 keys into place (out of NEW)!";
else
echo "Signing key directory does not exist!"
fi;