| #!/bin/sh |
| |
| # Copyright (c) 2013 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| HELP="USAGE: encrypted_import [flags] |
| This script is used to copy files validated with the output of sha256sum to |
| a new directory. The caller is expected to create and manage both the source |
| and target directories as needed, mostly to make sure permissions are handled |
| correctly. |
| |
| To move files from one directory to another while validating them: |
| encrypted_import /path/from /output/validation /path/to |
| |
| This is intended for safely importing files from the unencrypted to encrypted |
| portions of the stateful partition. |
| " |
| |
| # Die on error |
| set -e |
| |
| export LC_ALL=C |
| |
| copy_with_validation() { |
| local from validation to file |
| |
| from="$(readlink -m "$1")" |
| validation="$(readlink -m "$2")" |
| to="$(readlink -m "$3")" |
| |
| echo "Copy ${from} -> ${to}, validated by ${validation}." |
| |
| # Move files into protected temp location for validation. |
| local processing |
| processing="$(mktemp -d "${to}/import_tmp.XXXXXXXXXX")" |
| trap "rm -rf '${processing}'" EXIT |
| |
| for file in $(awk '{ print $2 }' "${validation}"); do |
| mkdir -p "${processing}/$(dirname "${file}")" |
| cp -- "${from}/${file}" "${processing}/${file}" |
| done |
| |
| # Validate the files being imported. Note that we will exit |
| # on failure because of the "set -e" above. |
| cd "${processing}" |
| sha256sum --check --strict --quiet "${validation}" |
| |
| for file in $(awk '{ print $2 }' "${validation}"); do |
| mkdir -p "${to}/$(dirname "${file}")" |
| mv -- "${processing}/${file}" "${to}/${file}" |
| done |
| } |
| |
| if [ $# -eq 3 ]; then |
| copy_with_validation "$@" |
| else |
| echo "${HELP}" |
| exit 1 |
| fi |