Skip to content

Commit

Permalink
only sign firmware when necessary
Browse files Browse the repository at this point in the history
  • Loading branch information
@tcsullivan
tcsullivan committed Oct 29, 2024
1 parent 367c08a commit 0307c10
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 67 deletions.
52 changes: 0 additions & 52 deletions .github/workflows/dummy_priv_key.pem
View file

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ jobs:
- name: Create header files
run: |
cp "${GITHUB_WORKSPACE}/.github/workflows/dummy_priv_key.pem" "${GITHUB_WORKSPACE}/priv_key.pem"
cp "${GITHUB_WORKSPACE}/noisemeter-device/config.h.example" "${GITHUB_WORKSPACE}/noisemeter-device/config.h"
python "${GITHUB_WORKSPACE}/noisemeter-device/certs.py" -s api.tracket.info > "${GITHUB_WORKSPACE}/noisemeter-device/certs.h"
Expand All @@ -33,3 +32,4 @@ jobs:

- name: Build PlatformIO Project (esp32-breadboard)
run: pio run -e esp32-breadboard

4 changes: 2 additions & 2 deletions .github/workflows/ota-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ jobs:
cp "${GITHUB_WORKSPACE}/noisemeter-device/config.h.example" "${GITHUB_WORKSPACE}/noisemeter-device/config.h"
python "${GITHUB_WORKSPACE}/noisemeter-device/certs.py" -s api.tracket.info > "${GITHUB_WORKSPACE}/noisemeter-device/certs.h"
- name: Build PlatformIO Project
run: pio run -e esp32-pcb
- name: Build signed firmware
run: pio run -t ota -e esp32-pcb

- name: Upload signed firmware
uses: djn24/add-asset-to-release@v1
Expand Down
19 changes: 8 additions & 11 deletions build_hooks.py
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
Import("env")

env.AddPostAction(
"$BUILD_DIR/${PROGNAME}.bin",
env.VerboseAction(
env.AddCustomTarget(
name="ota",
dependencies="$BUILD_DIR/${PROGNAME}.bin",
actions=[
"openssl dgst -sha256 -sign priv_key.pem -keyform PEM -out $BUILD_DIR/${PROGNAME}.sig -binary $BUILD_DIR/${PROGNAME}.bin",
"Creating OTA signature...")
)

env.AddPostAction(
"$BUILD_DIR/${PROGNAME}.bin",
env.VerboseAction(
"cat $BUILD_DIR/${PROGNAME}.sig $BUILD_DIR/${PROGNAME}.bin > ${PROGNAME}_signed.bin",
"Creating ${PROGNAME}_signed.bin")
"cat $BUILD_DIR/${PROGNAME}.sig $BUILD_DIR/${PROGNAME}.bin > ${PROGNAME}_signed.bin"
],
title="OTA Signing",
description="Create a signed OTA update"
)

2 changes: 1 addition & 1 deletion platformio.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ include_dir = noisemeter-device
default_envs = esp32-pcb

[env]
extra_scripts = post:build_hooks.py
extra_scripts = build_hooks.py
framework = arduino
platform = [email protected]
board_build.partitions = nmpartitions.csv
Expand Down

0 comments on commit 0307c10

Please sign in to comment.