| Message ID | 20240304101054.864948-2-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Make swupdate signing more | expand |
On Mon, 2024-03-04 at 11:08 +0100, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > Check for signing errors to avoid an unusable swu file. > > This also moves the siging out of the loop to generate > the cpio archive *.swu as the Messages from the signing > can lead to errors in the archive generation. > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > classes/swupdate.bbclass | 43 ++++++++++++++++++++++++++++---------- > -- > 1 file changed, 30 insertions(+), 13 deletions(-) > > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass > index 2c69892..be6a07f 100644 > --- a/classes/swupdate.bbclass > +++ b/classes/swupdate.bbclass > @@ -191,24 +191,41 @@ IMAGE_CMD:swu() { > > "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}" > done > cd "${PP_WORK}/$swu_file_base" > - for file in "${SWU_DESCRIPTION_FILE}" > ${SWU_ADDITIONAL_FILES}; do > - if [ "$file" = "${SWU_DESCRIPTION_FILE}" ] || \ > - grep -q "$file" > "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then > + cpio_files="${SWU_DESCRIPTION_FILE}" > + > + if [ -n "$sign" ]; then > + if ! /usr/bin/sign-swu \ > + "${SWU_DESCRIPTION_FILE}" > "${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" \ > + > /dev/null 2>&1 || \ > + [ ! -f > "${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" ]; then > + echo "Could not create swupdate signature file > '${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}'" 1>&2 > + exit 1 > + fi > + cpio_files="$cpio_files > ${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" > + fi > + > + # sw-description must be first file in *.swu > + for cpio_file in $cpio_files ${SWU_ADDITIONAL_FILES}; do > + if [ -f "$cpio_file" ]; then > # Set file timestamps for reproducible builds > if [ -n "${SOURCE_DATE_EPOCH}" ]; then > touch -d@"${SOURCE_DATE_EPOCH}" "$file" > fi > - echo "$file" > - if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = > "$file" ]; then > - sign-swu "$file" > "$file.${SWU_SIGNATURE_EXT}" > - # Set file timestamps for reproducible > builds > - if [ -n "${SOURCE_DATE_EPOCH}" ]; then > - touch -d@"${SOURCE_DATE_EPOCH}" > "$file.${SWU_SIGNATURE_EXT}" > - fi > - echo "$file.${SWU_SIGNATURE_EXT}" > - fi > + case "$cpio_file" in > + sw-description*) > + echo "$cpio_file" > + ;; > + *) > + if grep -q "$cpio_file" \ > + > "${WORKDIR}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then > + echo "$cpio_file" > + fi > + ;; > + esac > fi > - done | cpio -ovL --reproducible -H crc > > "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" > + done | cpio \ > + --verbose --dereference --create --reproducible -H We now have more options like --dereference. Does this have any effect on the cpio file, or is it just an expansion of -ovL (which would be appreciated anyways)? Please also add a note about this to the commit message. Felix > crc \ > + > > "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" > EOIMAGER > done > }
On 3/4/24 2:42 PM, Moessbauer, Felix (T CED OES-DE) wrote: > On Mon, 2024-03-04 at 11:08 +0100, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> Check for signing errors to avoid an unusable swu file. >> >> This also moves the siging out of the loop to generate >> the cpio archive *.swu as the Messages from the signing >> can lead to errors in the archive generation. >> >> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> --- >> classes/swupdate.bbclass | 43 ++++++++++++++++++++++++++++---------- >> -- >> 1 file changed, 30 insertions(+), 13 deletions(-) >> >> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass >> index 2c69892..be6a07f 100644 >> --- a/classes/swupdate.bbclass >> +++ b/classes/swupdate.bbclass >> @@ -191,24 +191,41 @@ IMAGE_CMD:swu() { >> >> "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}" >> done >> cd "${PP_WORK}/$swu_file_base" >> - for file in "${SWU_DESCRIPTION_FILE}" >> ${SWU_ADDITIONAL_FILES}; do >> - if [ "$file" = "${SWU_DESCRIPTION_FILE}" ] || \ >> - grep -q "$file" >> "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then >> + cpio_files="${SWU_DESCRIPTION_FILE}" >> + >> + if [ -n "$sign" ]; then >> + if ! /usr/bin/sign-swu \ >> + "${SWU_DESCRIPTION_FILE}" >> "${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" \ >> + > /dev/null 2>&1 || \ >> + [ ! -f >> "${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" ]; then >> + echo "Could not create swupdate signature file >> '${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}'" 1>&2 >> + exit 1 >> + fi >> + cpio_files="$cpio_files >> ${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" >> + fi >> + >> + # sw-description must be first file in *.swu >> + for cpio_file in $cpio_files ${SWU_ADDITIONAL_FILES}; do >> + if [ -f "$cpio_file" ]; then >> # Set file timestamps for reproducible builds >> if [ -n "${SOURCE_DATE_EPOCH}" ]; then >> touch -d@"${SOURCE_DATE_EPOCH}" "$file" >> fi >> - echo "$file" >> - if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = >> "$file" ]; then >> - sign-swu "$file" >> "$file.${SWU_SIGNATURE_EXT}" >> - # Set file timestamps for reproducible >> builds >> - if [ -n "${SOURCE_DATE_EPOCH}" ]; then >> - touch -d@"${SOURCE_DATE_EPOCH}" >> "$file.${SWU_SIGNATURE_EXT}" >> - fi >> - echo "$file.${SWU_SIGNATURE_EXT}" >> - fi >> + case "$cpio_file" in >> + sw-description*) >> + echo "$cpio_file" >> + ;; >> + *) >> + if grep -q "$cpio_file" \ >> + >> "${WORKDIR}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then >> + echo "$cpio_file" >> + fi >> + ;; >> + esac >> fi >> - done | cpio -ovL --reproducible -H crc > >> "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" >> + done | cpio \ >> + --verbose --dereference --create --reproducible -H > > We now have more options like --dereference. Does this have any effect > on the cpio file, or is it just an expansion of -ovL (which would be > appreciated anyways)? > Its just an expansion of -ovL as I expanded them during testing. I will send a v2 with an apended commit message. Quirin > Please also add a note about this to the commit message. > > Felix > >> crc \ >> + > >> "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" >> EOIMAGER >> done >> } >
diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 2c69892..be6a07f 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -191,24 +191,41 @@ IMAGE_CMD:swu() { "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}" done cd "${PP_WORK}/$swu_file_base" - for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do - if [ "$file" = "${SWU_DESCRIPTION_FILE}" ] || \ - grep -q "$file" "${PP_WORK}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then + cpio_files="${SWU_DESCRIPTION_FILE}" + + if [ -n "$sign" ]; then + if ! /usr/bin/sign-swu \ + "${SWU_DESCRIPTION_FILE}" "${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" \ + > /dev/null 2>&1 || \ + [ ! -f "${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" ]; then + echo "Could not create swupdate signature file '${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}'" 1>&2 + exit 1 + fi + cpio_files="$cpio_files ${SWU_DESCRIPTION_FILE}.${SWU_SIGNATURE_EXT}" + fi + + # sw-description must be first file in *.swu + for cpio_file in $cpio_files ${SWU_ADDITIONAL_FILES}; do + if [ -f "$cpio_file" ]; then # Set file timestamps for reproducible builds if [ -n "${SOURCE_DATE_EPOCH}" ]; then touch -d@"${SOURCE_DATE_EPOCH}" "$file" fi - echo "$file" - if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then - sign-swu "$file" "$file.${SWU_SIGNATURE_EXT}" - # Set file timestamps for reproducible builds - if [ -n "${SOURCE_DATE_EPOCH}" ]; then - touch -d@"${SOURCE_DATE_EPOCH}" "$file.${SWU_SIGNATURE_EXT}" - fi - echo "$file.${SWU_SIGNATURE_EXT}" - fi + case "$cpio_file" in + sw-description*) + echo "$cpio_file" + ;; + *) + if grep -q "$cpio_file" \ + "${WORKDIR}/$swu_file_base/${SWU_DESCRIPTION_FILE}"; then + echo "$cpio_file" + fi + ;; + esac fi - done | cpio -ovL --reproducible -H crc > "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" + done | cpio \ + --verbose --dereference --create --reproducible -H crc \ + > "${PP_DEPLOY}/${SWU_IMAGE_FILE}$swu_file_extension.swu" EOIMAGER done }