From bd9e7c5d6b4568464bfd42aa6df8de9ebe47d35a Mon Sep 17 00:00:00 2001 From: Carl Kittelberger Date: Fri, 26 May 2017 21:48:15 +0200 Subject: [PATCH] Sign firmware with private key stored as Jenkins credentials. --- .config | 3 ++- Jenkinsfile | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.config b/.config index d314751..37e9ccd 100644 --- a/.config +++ b/.config @@ -2131,7 +2131,8 @@ FREETZ_CHECK_CHANGED=y # FREETZ_FWMOD_SKIP_MODIFY is not set # FREETZ_FWMOD_SKIP_PACK is not set # FREETZ_FWMOD_FORCE_PACK is not set -# FREETZ_FWMOD_SIGN is not set +FREETZ_FWMOD_SIGN=y +FREETZ_FWMOD_SIGN_PRIVATE_KEY_PASSWORD="VUJ2XN7tYNiqmTYUcdGFcNq91BlmKjbz" # FREETZ_FWMOD_USBROOT is not set # FREETZ_FWMOD_NFSROOT is not set diff --git a/Jenkinsfile b/Jenkinsfile index f037480..b9b3ea8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,6 +16,18 @@ node("linux && amd64 && docker") { apt install -y bc """ + withCredentials([ + file(credentialsId: 'freetz.image_signing.asc', variable: 'FREETZ_IMAGE_SIGNING_ASC'), + file(credentialsId: 'freetz.image_signing.key', variable: 'FREETZ_IMAGE_SIGNING_KEY'), + file(credentialsId: 'freetz.image_signing.pem', variable: 'FREETZ_IMAGE_SIGNING_PEM'), + ]) { + sh """ + cp \"\${FREETZ_IMAGE_SIGNING_ASC}\" "\${HOME}/.freetz.image_signing.asc" + cp \"\${FREETZ_IMAGE_SIGNING_KEY}\" "\${HOME}/.freetz.image_signing.key" + cp \"\${FREETZ_IMAGE_SIGNING_PEM}\" "\${HOME}/.freetz.image_signing.pem" + """ + } + stage("Build") { ansiColor('xterm') { sh """