From da431a78985da7a1ff474aa8d960cf5d7ad1f88d Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Tue, 27 Mar 2018 12:57:42 -0700
Subject: [PATCH] cr50 release: use signer executable installed on chroot

A new ebuild allows to install codesigner as /usr/bin/cr50-codesigner,
let's make use of it instead of manually copied instance of the
signer.

BRANCH=none
BUG=b:74100307
TEST=verified that error message is generated if cr50-codesigner is
     not installed, and that signing succeeds once cr50-codesigner is
     installed.

Change-Id: I468803443e7b052a8ecb074ee80f63f588888985
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/982495
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
---
 util/signer/bs | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/util/signer/bs b/util/signer/bs
index 8815e97d29..5ab29b24b9 100755
--- a/util/signer/bs
+++ b/util/signer/bs
@@ -25,7 +25,9 @@ ec.RW_B.elf in build/cr50/RW as inputs and util/signer/ec_RW-manifest-dev.json
 as the manifest, and places the newly signed images into build/cr50/ec.bin.
 
 The only outside dependency of this script is the signing utility itself,
-which is expected to be available as \$HOME/bin/codesigner.
+which is expected to be available as /usr/bin/cr50-codesigner.
+
+The utility can be installed by running 'sudo emerge cr50-utils',
 
 The following command line options are accepted:
 
@@ -105,8 +107,11 @@ tweak_manifest () {
   sed -i "s/\"fuses\": {/${sub}\"fuses\": {/" "${tmpf}"
 }
 
-# This is the suggested location of the codesigner utility.
-BIN_ROOT="${HOME}/bin"
+SIGNER="cr50-codesigner"
+if ! sudo which "${SIGNER}" 2>/dev/null > /dev/null; then
+  echo "${SIGNER} is not available, try running 'sudo emerge cr50-utils'" >&2
+  exit 1
+fi
 
 # This is where the new signed image will be pasted into.
 : ${RESULT_FILE=build/cr50/ec.bin}
@@ -202,7 +207,7 @@ for elf in ${elves[@]}; do
 
   # Make sure this file is not owned by root
   touch "${signed_file}"
-  sudo ${BIN_ROOT}/codesigner ${signer_command_params[@]} \
+  sudo "${SIGNER}" ${signer_command_params[@]} \
     -i ${elf} -o "${signed_file}"
   if [[ ! -s "${signed_file}" ]]; then
     echo "${progname}: error: empty signed file ${signed_file}" >&2