| Message ID | 20220509101512.677739-1-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [isar-cip-core,v2] swupdate: Update SRCREV | expand |
On 09.05.22 12:15, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > Update SWUpdate to commit https://salsa.debian.org/debian/swupdate/ > 344548c816b555c58ec199f31e45703897d23fb5. > > This contains the upstream version of the patches: > -debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch > -debian-rules-Add-Embedded-Lua-handler-option.patch > -debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch > -Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch > > The available build options are now documented in ${S}/debian/README.Debian. > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > > Changes in V2: > - fix build by setting backport option > > ...SWUpdate-USB-service-and-Udev-rules.patch} | 24 ++++------- > ...onfig-Make-image-encryption-optional.patch | 42 ------------------- > ...les-Add-Embedded-Lua-handler-option.patch} | 10 ++--- > ...es-Add-option-to-disable-fs-creation.patch | 16 +++---- > ...ules-Add-option-to-disable-webserver.patch | 18 ++++---- > ...h-to-fix-bootloader_env_get-for-EBG.patch} | 11 ++--- > ...Make-CONFIG_HW_COMPATIBILTY-optional.patch | 40 ------------------ > ...repare-build-for-isar-debian-buster.patch} | 34 +++------------ > ...option-to-disable-CONFIG_HASH_VERIFY.patch | 29 ------------- > .../swupdate/swupdate_2021.11-1+debian-gbp.bb | 20 ++++----- > 10 files changed, 50 insertions(+), 194 deletions(-) > rename recipes-core/swupdate/files/{0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch => 0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch} (65%) > delete mode 100644 recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch > rename recipes-core/swupdate/files/{0006-debian-rules-Add-Embedded-Lua-handler-option.patch => 0002-debian-rules-Add-Embedded-Lua-handler-option.patch} (83%) > rename recipes-core/swupdate/files/{0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch => 0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch} (89%) > delete mode 100644 recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch > rename recipes-core/swupdate/files/{0010-debian-prepare-build-for-isar-debian-buster.patch => 0006-debian-prepare-build-for-isar-debian-buster.patch} (58%) > delete mode 100644 recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch > > diff --git a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch > similarity index 65% > rename from recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch > rename to recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch > index 90c8d98..239b389 100644 > --- a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch > +++ b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch > @@ -1,7 +1,7 @@ > -From db391d1dd34806ae6694205b08b4661318bef37b Mon Sep 17 00:00:00 2001 > +From 7925d016efc3e9ebac10a465f165135f21c5d799 Mon Sep 17 00:00:00 2001 > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > Date: Mon, 7 Feb 2022 09:28:39 +0100 > -Subject: [PATCH 07/10] debian: Remove SWUpdate USB service and Udev rules > +Subject: [PATCH 1/6] debian: Remove SWUpdate USB service and Udev rules > > The current implementation will install an abitrary SWUpdate binary > from a plug-in USB stick. This is a major security risk for devices > @@ -13,16 +13,14 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > debian/rules | 1 - > debian/swupdate.swupdate-usb@.service | 8 -------- > - debian/swupdate.udev | 2 -- > - 3 files changed, 11 deletions(-) > + 2 files changed, 9 deletions(-) > delete mode 100644 debian/swupdate.swupdate-usb@.service > - delete mode 100644 debian/swupdate.udev > > diff --git a/debian/rules b/debian/rules > -index 12eb0ba..76fce01 100755 > +index 95d4d48f..ff8b6726 100755 > --- a/debian/rules > +++ b/debian/rules > -@@ -101,7 +101,6 @@ override_dh_auto_install: > +@@ -79,7 +79,6 @@ override_dh_auto_install: > override_dh_installsystemd: > dh_installsystemd --no-start > dh_installsystemd --name=swupdate-progress > @@ -32,7 +30,7 @@ index 12eb0ba..76fce01 100755 > override_dh_gencontrol: > diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service > deleted file mode 100644 > -index eda9d15..0000000 > +index eda9d153..00000000 > --- a/debian/swupdate.swupdate-usb@.service > +++ /dev/null > @@ -1,8 +0,0 @@ > @@ -44,14 +42,6 @@ index eda9d15..0000000 > -ExecStartPre=/bin/mount /dev/%I /mnt > -ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu" > -ExecStopPost=/bin/umount /mnt > -diff --git a/debian/swupdate.udev b/debian/swupdate.udev > -deleted file mode 100644 > -index b4efd0b..0000000 > ---- a/debian/swupdate.udev > -+++ /dev/null > -@@ -1,2 +0,0 @@ > --ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service" > -- > -- > -2.34.1 > +2.35.1 > > diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch > deleted file mode 100644 > index aa20ab6..0000000 > --- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch > +++ /dev/null > @@ -1,42 +0,0 @@ > -From 5d78de76eab1218494c714e9816152e4d821fa86 Mon Sep 17 00:00:00 2001 > -From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > -Date: Wed, 29 Sep 2021 15:28:21 +0200 > -Subject: [PATCH 01/10] debian/config: Make image encryption optional > - > -This can be use to ease the setup with SWUpdate. > - > -Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > ---- > - debian/configs/defconfig | 1 - > - debian/rules | 3 +++ > - 2 files changed, 3 insertions(+), 1 deletion(-) > - > -diff --git a/debian/configs/defconfig b/debian/configs/defconfig > -index 02681e5..b34168e 100644 > ---- a/debian/configs/defconfig > -+++ b/debian/configs/defconfig > -@@ -3,7 +3,6 @@ CONFIG_HW_COMPATIBILITY=y > - CONFIG_DOWNLOAD=y > - CONFIG_DOWNLOAD_SSL=y > - CONFIG_SIGALG_CMS=y > --CONFIG_ENCRYPTED_IMAGES=y > - CONFIG_SURICATTA=y > - CONFIG_SURICATTA_SSL=y > - CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y > -diff --git a/debian/rules b/debian/rules > -index 864add2..08b74a1 100755 > ---- a/debian/rules > -+++ b/debian/rules > -@@ -41,6 +41,9 @@ endif > - ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES))) > - echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig > - endif > -+ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES))) > -+ echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig > -+endif > - ifneq (,$(filter pkg.swupdate.p11,$(DEB_BUILD_PROFILES))) > - echo CONFIG_PKCS11=y >> configs/debian_defconfig > - endif > --- > -2.34.1 > - > diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch > similarity index 83% > rename from recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch > rename to recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch > index 1d6a247..9ca5002 100644 > --- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch > +++ b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch > @@ -1,7 +1,7 @@ > -From 19969a388e414db84e54a706e9227c301b0408a2 Mon Sep 17 00:00:00 2001 > +From d262afcf95e617eace2f4207d4690587841d8882 Mon Sep 17 00:00:00 2001 > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > Date: Wed, 29 Sep 2021 11:32:41 +0200 > -Subject: [PATCH 06/10] debian/rules: Add Embedded Lua handler option > +Subject: [PATCH 2/6] debian/rules: Add Embedded Lua handler option > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > @@ -9,10 +9,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > 1 file changed, 5 insertions(+) > > diff --git a/debian/rules b/debian/rules > -index 19870e9..12eb0ba 100755 > +index ff8b6726..e1df4f06 100755 > --- a/debian/rules > +++ b/debian/rules > -@@ -68,7 +68,12 @@ ifneq (,$(LUA_VERSION)) > +@@ -51,7 +51,12 @@ ifneq (,$(LUA_VERSION)) > echo CONFIG_LUAPKG=\"lua$(LUA_VERSION)\" >> configs/debian_defconfig > echo CONFIG_LUASCRIPTHANDLER=y >> configs/debian_defconfig > echo CONFIG_HANDLER_IN_LUA=y >> configs/debian_defconfig > @@ -26,5 +26,5 @@ index 19870e9..12eb0ba 100755 > echo CONFIG_EXTRA_LDFLAGS=\"$(LDFLAGS)\" >> configs/debian_defconfig > echo CONFIG_EXTRA_LDLIBS=\"$(LDLIBS)\" >> configs/debian_defconfig > -- > -2.34.1 > +2.35.1 > > diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch > index 08ba9b9..c6f84ce 100644 > --- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch > +++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch > @@ -1,7 +1,7 @@ > -From 17d962a9b43f5debaed85affc6dccb2c471bffe9 Mon Sep 17 00:00:00 2001 > +From 404d1f73f791babf3dd4546fa5f671f7717d6179 Mon Sep 17 00:00:00 2001 > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > Date: Mon, 4 Oct 2021 17:15:56 +0200 > -Subject: [PATCH 03/10] debian/rules: Add option to disable fs creation > +Subject: [PATCH 3/6] debian/rules: Add option to disable fs creation > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > @@ -10,7 +10,7 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > 2 files changed, 9 insertions(+), 6 deletions(-) > > diff --git a/debian/configs/defconfig b/debian/configs/defconfig > -index b34168e..d011deb 100644 > +index ad28854c..d8e260b6 100644 > --- a/debian/configs/defconfig > +++ b/debian/configs/defconfig > @@ -9,12 +9,6 @@ CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y > @@ -27,12 +27,12 @@ index b34168e..d011deb 100644 > CONFIG_RAW=y > CONFIG_RDIFFHANDLER=y > diff --git a/debian/rules b/debian/rules > -index 6705140..983e122 100755 > +index e1df4f06..2ed88ad2 100755 > --- a/debian/rules > +++ b/debian/rules > -@@ -45,6 +45,15 @@ endif > - ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES))) > - echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig > +@@ -44,6 +44,15 @@ endif > + ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES))) > + echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig > endif > +ifeq (,$(filter pkg.swupdate.nocreatefs,$(DEB_BUILD_PROFILES))) > + echo CONFIG_DISKPART=y >> configs/debian_defconfig > @@ -47,5 +47,5 @@ index 6705140..983e122 100755 > echo CONFIG_PKCS11=y >> configs/debian_defconfig > endif > -- > -2.34.1 > +2.35.1 > > diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch > index eaa6fcf..c670ee9 100644 > --- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch > +++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch > @@ -1,7 +1,7 @@ > -From a02a6d4385f314601ef5c7094ecb26f5b5c3f134 Mon Sep 17 00:00:00 2001 > +From 9e5313a9fe784e55bcf25dc0b61573aeedcc11ee Mon Sep 17 00:00:00 2001 > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > Date: Mon, 4 Oct 2021 17:27:11 +0200 > -Subject: [PATCH 04/10] debian/rules: Add option to disable webserver > +Subject: [PATCH 4/6] debian/rules: Add option to disable webserver > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > @@ -10,10 +10,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/debian/configs/defconfig b/debian/configs/defconfig > -index d011deb..337fcce 100644 > +index d8e260b6..c365f9ce 100644 > --- a/debian/configs/defconfig > +++ b/debian/configs/defconfig > -@@ -6,8 +6,6 @@ CONFIG_SIGALG_CMS=y > +@@ -6,8 +6,6 @@ CONFIG_ENCRYPTED_IMAGES=y > CONFIG_SURICATTA=y > CONFIG_SURICATTA_SSL=y > CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y > @@ -23,12 +23,12 @@ index d011deb..337fcce 100644 > CONFIG_UNIQUEUUID=y > CONFIG_RAW=y > diff --git a/debian/rules b/debian/rules > -index 983e122..6078ed8 100755 > +index 2ed88ad2..58742a6b 100755 > --- a/debian/rules > +++ b/debian/rules > -@@ -39,6 +39,10 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES))) > - else > - echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig > +@@ -41,6 +41,10 @@ endif > + ifeq (,$(filter pkg.swupdate.nohwcompat,$(DEB_BUILD_PROFILES))) > + echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig > endif > +ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES))) > + echo CONFIG_WEBSERVER=y >> configs/debian_defconfig > @@ -38,5 +38,5 @@ index 983e122..6078ed8 100755 > echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig > endif > -- > -2.34.1 > +2.35.1 > > diff --git a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch > similarity index 89% > rename from recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch > rename to recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch > index fd263ee..793bd7a 100644 > --- a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch > +++ b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch > @@ -1,9 +1,10 @@ > -From 09a736a651ae05378d9ef8018589c9f834b729a6 Mon Sep 17 00:00:00 2001 > +From 962f4b81ac1202e536628bfac822a22b8d7b0b3a Mon Sep 17 00:00:00 2001 > From: Jan Kiszka <jan.kiszka@siemens.com> > Date: Tue, 12 Apr 2022 08:01:21 +0200 > -Subject: [PATCH 09/10] debian: Add patch to fix bootloader_env_get for EBG > +Subject: [PATCH 5/6] debian: Add patch to fix bootloader_env_get for EBG > > Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > +Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > ...ix-do_env_get-for-anything-but-globa.patch | 38 +++++++++++++++++++ > debian/patches/series | 1 + > @@ -12,7 +13,7 @@ Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> > > diff --git a/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch > new file mode 100644 > -index 0000000..f99f7ee > +index 00000000..f99f7ee6 > --- /dev/null > +++ b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch > @@ -0,0 +1,38 @@ > @@ -55,12 +56,12 @@ index 0000000..f99f7ee > +2.34.1 > + > diff --git a/debian/patches/series b/debian/patches/series > -index 8c5564a..98628a7 100644 > +index 8c5564ae..98628a77 100644 > --- a/debian/patches/series > +++ b/debian/patches/series > @@ -1 +1,2 @@ > use-gcc-compiler.diff > +0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch > -- > -2.34.1 > +2.35.1 > > diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch > deleted file mode 100644 > index eb19e5f..0000000 > --- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch > +++ /dev/null > @@ -1,40 +0,0 @@ > -From 8315d5ff8168fca1bd3752764e71f98e8b55f2ad Mon Sep 17 00:00:00 2001 > -From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > -Date: Tue, 5 Oct 2021 10:56:25 +0200 > -Subject: [PATCH 05/10] debian: Make CONFIG_HW_COMPATIBILTY optional > - > -Add option for qemu. > - > -Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > ---- > - debian/configs/defconfig | 1 - > - debian/rules | 3 +++ > - 2 files changed, 3 insertions(+), 1 deletion(-) > - > -diff --git a/debian/configs/defconfig b/debian/configs/defconfig > -index 337fcce..6fc1137 100644 > ---- a/debian/configs/defconfig > -+++ b/debian/configs/defconfig > -@@ -1,5 +1,4 @@ > - CONFIG_SYSTEMD=y > --CONFIG_HW_COMPATIBILITY=y > - CONFIG_DOWNLOAD=y > - CONFIG_DOWNLOAD_SSL=y > - CONFIG_SIGALG_CMS=y > -diff --git a/debian/rules b/debian/rules > -index 6078ed8..19870e9 100755 > ---- a/debian/rules > -+++ b/debian/rules > -@@ -39,6 +39,9 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES))) > - else > - echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig > - endif > -+ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES))) > -+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig > -+endif > - ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES))) > - echo CONFIG_WEBSERVER=y >> configs/debian_defconfig > - echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig > --- > -2.34.1 > - > diff --git a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch > similarity index 58% > rename from recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch > rename to recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch > index 1d476e9..f3b9bfc 100644 > --- a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch > +++ b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch > @@ -1,25 +1,24 @@ > -From c9661853aea11f090b5936363b0bae10fe6ebed6 Mon Sep 17 00:00:00 2001 > +From 33ce7123621f5da43cc8be730e916451abe84239 Mon Sep 17 00:00:00 2001 > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > Date: Wed, 29 Sep 2021 16:17:03 +0200 > -Subject: [PATCH 10/10] debian: prepare build for isar debian buster > +Subject: [PATCH 6/6] debian: prepare build for isar debian buster > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > debian/compat | 1 + > debian/control | 10 +++++----- > - debian/rules | 4 +++- > - 3 files changed, 9 insertions(+), 6 deletions(-) > + 2 files changed, 6 insertions(+), 5 deletions(-) > create mode 100644 debian/compat > > diff --git a/debian/compat b/debian/compat > new file mode 100644 > -index 0000000..f599e28 > +index 00000000..f599e28b > --- /dev/null > +++ b/debian/compat > @@ -0,0 +1 @@ > +10 > diff --git a/debian/control b/debian/control > -index 192c4a2..9318fa1 100644 > +index 192c4a2a..9318fa12 100644 > --- a/debian/control > +++ b/debian/control > @@ -4,7 +4,7 @@ Priority: optional > @@ -46,27 +45,6 @@ index 192c4a2..9318fa1 100644 > libubootenv-dev <pkg.swupdate.uboot>, > libebgenv-dev <pkg.swupdate.efibootguard> | efibootguard-dev <pkg.swupdate.efibootguard>, > libcmocka-dev, > -diff --git a/debian/rules b/debian/rules > -index 4dc9e17..370ca3d 100755 > ---- a/debian/rules > -+++ b/debian/rules > -@@ -19,13 +19,15 @@ endif > - > - override_dh_auto_configure: > - cp debian/configs/defconfig configs/debian_defconfig > --ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES))) > -+ifneq (,$(filter pkg.swupdate.mtd,$(DEB_BUILD_PROFILES))) > - echo CONFIG_MTD=y >> configs/debian_defconfig > -+ifneq (,$(filter pkg.swupdate.ubi,$(DEB_BUILD_PROFILES))) > - echo CONFIG_SWUFORWARDER_HANDLER=y >> configs/debian_defconfig > - echo CONFIG_CFI=y >> configs/debian_defconfig > - echo CONFIG_CFIHAMMING1=y >> configs/debian_defconfig > - echo CONFIG_UBIVOL=y >> configs/debian_defconfig > - echo CONFIG_SSBLSWITCH=y >> configs/debian_defconfig > -+endif > - else > - echo "# CONFIG_MTD is not set" >> configs/debian_defconfig > - endif > -- > -2.34.1 > +2.35.1 > > diff --git a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch b/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch > deleted file mode 100644 > index a5207ee..0000000 > --- a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch > +++ /dev/null > @@ -1,29 +0,0 @@ > -From 2776a4817eb91be3df001e04d548a702e9f5291a Mon Sep 17 00:00:00 2001 > -From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > -Date: Mon, 14 Feb 2022 12:27:43 +0100 > -Subject: [PATCH 08/10] Add Profile option to disable CONFIG_HASH_VERIFY > - > -This change also enables CONFIG_HASH_VERIFY by default. > - > -Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > ---- > - debian/rules | 3 +++ > - 1 file changed, 3 insertions(+) > - > -diff --git a/debian/rules b/debian/rules > -index 76fce01..4dc9e17 100755 > ---- a/debian/rules > -+++ b/debian/rules > -@@ -42,6 +42,9 @@ endif > - ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES))) > - echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig > - endif > -+ifeq (,$(filter pkg.swupdate.nohashverify,$(DEB_BUILD_PROFILES))) > -+ echo CONFIG_HASH_VERIFY=y >> configs/debian_defconfig > -+endif > - ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES))) > - echo CONFIG_WEBSERVER=y >> configs/debian_defconfig > - echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig > --- > -2.34.1 > - > diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb > index 7edefe7..086911b 100644 > --- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb > +++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb > @@ -13,23 +13,20 @@ inherit dpkg-gbp > include swupdate.inc > > SRC_URI = "git://salsa.debian.org/debian/swupdate.git;protocol=https;branch=debian/master" > -SRCREV ="debian/2021.11-1" > +SRCREV ="344548c816b555c58ec199f31e45703897d23fb5" > > # add options to DEB_BUILD_PROFILES > -SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \ > - file://0002-debian-rules-Add-CONFIG_MTD.patch \ > +SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \ > + file://0002-debian-rules-Add-Embedded-Lua-handler-option.patch \ > file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \ > file://0004-debian-rules-Add-option-to-disable-webserver.patch \ > - file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \ > - file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \ > - file://0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \ > - file://0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch \ > - file://0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch" > + file://0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch" > > # end patching for dm-verity based images > > -# deactivate signing and encryption for simple a/b rootfs update > -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning pkg.swupdate.noencryption" > +# deactivate signing and hardware compability for simple a/b rootfs update > +DEB_BUILD_PROFILES += "pkg.swupdate.nosigning" > +DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat" > > # add cross build and deactivate testing for arm based builds > DEB_BUILD_PROFILES += "cross nocheck" > @@ -40,11 +37,12 @@ DEB_BUILD_PROFILES += "cross nocheck" > # DEB_BUILD_PROFILES += "pkg.swupdate.embeddedlua" > > # modify for debian buster build > -SRC_URI_append_buster = " file://0010-debian-prepare-build-for-isar-debian-buster.patch" > +SRC_URI_append_buster = " file://0006-debian-prepare-build-for-isar-debian-buster.patch" > > # disable create filesystem due to missing symbols in debian buster > # disable webserver due to missing symbols in debian buster > DEB_BUILD_PROFILES_append_buster = " \ > + pkg.swupdate.bpo \ > pkg.swupdate.nocreatefs \ > pkg.swupdate.nowebserver " > # In debian buster the git-compression defaults to gz and does not detect other Thanks, applied. Jan
diff --git a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch similarity index 65% rename from recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch rename to recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch index 90c8d98..239b389 100644 --- a/recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch +++ b/recipes-core/swupdate/files/0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch @@ -1,7 +1,7 @@ -From db391d1dd34806ae6694205b08b4661318bef37b Mon Sep 17 00:00:00 2001 +From 7925d016efc3e9ebac10a465f165135f21c5d799 Mon Sep 17 00:00:00 2001 From: Quirin Gylstorff <quirin.gylstorff@siemens.com> Date: Mon, 7 Feb 2022 09:28:39 +0100 -Subject: [PATCH 07/10] debian: Remove SWUpdate USB service and Udev rules +Subject: [PATCH 1/6] debian: Remove SWUpdate USB service and Udev rules The current implementation will install an abitrary SWUpdate binary from a plug-in USB stick. This is a major security risk for devices @@ -13,16 +13,14 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> --- debian/rules | 1 - debian/swupdate.swupdate-usb@.service | 8 -------- - debian/swupdate.udev | 2 -- - 3 files changed, 11 deletions(-) + 2 files changed, 9 deletions(-) delete mode 100644 debian/swupdate.swupdate-usb@.service - delete mode 100644 debian/swupdate.udev diff --git a/debian/rules b/debian/rules -index 12eb0ba..76fce01 100755 +index 95d4d48f..ff8b6726 100755 --- a/debian/rules +++ b/debian/rules -@@ -101,7 +101,6 @@ override_dh_auto_install: +@@ -79,7 +79,6 @@ override_dh_auto_install: override_dh_installsystemd: dh_installsystemd --no-start dh_installsystemd --name=swupdate-progress @@ -32,7 +30,7 @@ index 12eb0ba..76fce01 100755 override_dh_gencontrol: diff --git a/debian/swupdate.swupdate-usb@.service b/debian/swupdate.swupdate-usb@.service deleted file mode 100644 -index eda9d15..0000000 +index eda9d153..00000000 --- a/debian/swupdate.swupdate-usb@.service +++ /dev/null @@ -1,8 +0,0 @@ @@ -44,14 +42,6 @@ index eda9d15..0000000 -ExecStartPre=/bin/mount /dev/%I /mnt -ExecStart=/bin/sh -c "swupdate-client -v /mnt/*.swu" -ExecStopPost=/bin/umount /mnt -diff --git a/debian/swupdate.udev b/debian/swupdate.udev -deleted file mode 100644 -index b4efd0b..0000000 ---- a/debian/swupdate.udev -+++ /dev/null -@@ -1,2 +0,0 @@ --ACTION=="add", KERNEL=="sd*", SUBSYSTEM=="block", ENV{ID_BUS}=="usb", ENV{ID_FS_USAGE}=="filesystem", TAG+="systemd", ENV{SYSTEMD_WANTS}+="swupdate-usb@%k.service" -- -- -2.34.1 +2.35.1 diff --git a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch b/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch deleted file mode 100644 index aa20ab6..0000000 --- a/recipes-core/swupdate/files/0001-debian-config-Make-image-encryption-optional.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 5d78de76eab1218494c714e9816152e4d821fa86 Mon Sep 17 00:00:00 2001 -From: Quirin Gylstorff <quirin.gylstorff@siemens.com> -Date: Wed, 29 Sep 2021 15:28:21 +0200 -Subject: [PATCH 01/10] debian/config: Make image encryption optional - -This can be use to ease the setup with SWUpdate. - -Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> ---- - debian/configs/defconfig | 1 - - debian/rules | 3 +++ - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/debian/configs/defconfig b/debian/configs/defconfig -index 02681e5..b34168e 100644 ---- a/debian/configs/defconfig -+++ b/debian/configs/defconfig -@@ -3,7 +3,6 @@ CONFIG_HW_COMPATIBILITY=y - CONFIG_DOWNLOAD=y - CONFIG_DOWNLOAD_SSL=y - CONFIG_SIGALG_CMS=y --CONFIG_ENCRYPTED_IMAGES=y - CONFIG_SURICATTA=y - CONFIG_SURICATTA_SSL=y - CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y -diff --git a/debian/rules b/debian/rules -index 864add2..08b74a1 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -41,6 +41,9 @@ endif - ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES))) - echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig - endif -+ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES))) -+ echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig -+endif - ifneq (,$(filter pkg.swupdate.p11,$(DEB_BUILD_PROFILES))) - echo CONFIG_PKCS11=y >> configs/debian_defconfig - endif --- -2.34.1 - diff --git a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch similarity index 83% rename from recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch rename to recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch index 1d6a247..9ca5002 100644 --- a/recipes-core/swupdate/files/0006-debian-rules-Add-Embedded-Lua-handler-option.patch +++ b/recipes-core/swupdate/files/0002-debian-rules-Add-Embedded-Lua-handler-option.patch @@ -1,7 +1,7 @@ -From 19969a388e414db84e54a706e9227c301b0408a2 Mon Sep 17 00:00:00 2001 +From d262afcf95e617eace2f4207d4690587841d8882 Mon Sep 17 00:00:00 2001 From: Quirin Gylstorff <quirin.gylstorff@siemens.com> Date: Wed, 29 Sep 2021 11:32:41 +0200 -Subject: [PATCH 06/10] debian/rules: Add Embedded Lua handler option +Subject: [PATCH 2/6] debian/rules: Add Embedded Lua handler option Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> --- @@ -9,10 +9,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> 1 file changed, 5 insertions(+) diff --git a/debian/rules b/debian/rules -index 19870e9..12eb0ba 100755 +index ff8b6726..e1df4f06 100755 --- a/debian/rules +++ b/debian/rules -@@ -68,7 +68,12 @@ ifneq (,$(LUA_VERSION)) +@@ -51,7 +51,12 @@ ifneq (,$(LUA_VERSION)) echo CONFIG_LUAPKG=\"lua$(LUA_VERSION)\" >> configs/debian_defconfig echo CONFIG_LUASCRIPTHANDLER=y >> configs/debian_defconfig echo CONFIG_HANDLER_IN_LUA=y >> configs/debian_defconfig @@ -26,5 +26,5 @@ index 19870e9..12eb0ba 100755 echo CONFIG_EXTRA_LDFLAGS=\"$(LDFLAGS)\" >> configs/debian_defconfig echo CONFIG_EXTRA_LDLIBS=\"$(LDLIBS)\" >> configs/debian_defconfig -- -2.34.1 +2.35.1 diff --git a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch index 08ba9b9..c6f84ce 100644 --- a/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch +++ b/recipes-core/swupdate/files/0003-debian-rules-Add-option-to-disable-fs-creation.patch @@ -1,7 +1,7 @@ -From 17d962a9b43f5debaed85affc6dccb2c471bffe9 Mon Sep 17 00:00:00 2001 +From 404d1f73f791babf3dd4546fa5f671f7717d6179 Mon Sep 17 00:00:00 2001 From: Quirin Gylstorff <quirin.gylstorff@siemens.com> Date: Mon, 4 Oct 2021 17:15:56 +0200 -Subject: [PATCH 03/10] debian/rules: Add option to disable fs creation +Subject: [PATCH 3/6] debian/rules: Add option to disable fs creation Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> --- @@ -10,7 +10,7 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/debian/configs/defconfig b/debian/configs/defconfig -index b34168e..d011deb 100644 +index ad28854c..d8e260b6 100644 --- a/debian/configs/defconfig +++ b/debian/configs/defconfig @@ -9,12 +9,6 @@ CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y @@ -27,12 +27,12 @@ index b34168e..d011deb 100644 CONFIG_RAW=y CONFIG_RDIFFHANDLER=y diff --git a/debian/rules b/debian/rules -index 6705140..983e122 100755 +index e1df4f06..2ed88ad2 100755 --- a/debian/rules +++ b/debian/rules -@@ -45,6 +45,15 @@ endif - ifeq (,$(filter pkg.swupdate.noencryption,$(DEB_BUILD_PROFILES))) - echo CONFIG_ENCRYPTED_IMAGES=y >> configs/debian_defconfig +@@ -44,6 +44,15 @@ endif + ifeq (,$(filter pkg.swupdate.nosigning,$(DEB_BUILD_PROFILES))) + echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig endif +ifeq (,$(filter pkg.swupdate.nocreatefs,$(DEB_BUILD_PROFILES))) + echo CONFIG_DISKPART=y >> configs/debian_defconfig @@ -47,5 +47,5 @@ index 6705140..983e122 100755 echo CONFIG_PKCS11=y >> configs/debian_defconfig endif -- -2.34.1 +2.35.1 diff --git a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch index eaa6fcf..c670ee9 100644 --- a/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch +++ b/recipes-core/swupdate/files/0004-debian-rules-Add-option-to-disable-webserver.patch @@ -1,7 +1,7 @@ -From a02a6d4385f314601ef5c7094ecb26f5b5c3f134 Mon Sep 17 00:00:00 2001 +From 9e5313a9fe784e55bcf25dc0b61573aeedcc11ee Mon Sep 17 00:00:00 2001 From: Quirin Gylstorff <quirin.gylstorff@siemens.com> Date: Mon, 4 Oct 2021 17:27:11 +0200 -Subject: [PATCH 04/10] debian/rules: Add option to disable webserver +Subject: [PATCH 4/6] debian/rules: Add option to disable webserver Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> --- @@ -10,10 +10,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/configs/defconfig b/debian/configs/defconfig -index d011deb..337fcce 100644 +index d8e260b6..c365f9ce 100644 --- a/debian/configs/defconfig +++ b/debian/configs/defconfig -@@ -6,8 +6,6 @@ CONFIG_SIGALG_CMS=y +@@ -6,8 +6,6 @@ CONFIG_ENCRYPTED_IMAGES=y CONFIG_SURICATTA=y CONFIG_SURICATTA_SSL=y CONFIG_UPDATE_STATE_CHOICE_BOOTLOADER=y @@ -23,12 +23,12 @@ index d011deb..337fcce 100644 CONFIG_UNIQUEUUID=y CONFIG_RAW=y diff --git a/debian/rules b/debian/rules -index 983e122..6078ed8 100755 +index 2ed88ad2..58742a6b 100755 --- a/debian/rules +++ b/debian/rules -@@ -39,6 +39,10 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES))) - else - echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig +@@ -41,6 +41,10 @@ endif + ifeq (,$(filter pkg.swupdate.nohwcompat,$(DEB_BUILD_PROFILES))) + echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig endif +ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES))) + echo CONFIG_WEBSERVER=y >> configs/debian_defconfig @@ -38,5 +38,5 @@ index 983e122..6078ed8 100755 echo CONFIG_SIGNED_IMAGES=y >> configs/debian_defconfig endif -- -2.34.1 +2.35.1 diff --git a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch similarity index 89% rename from recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch rename to recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch index fd263ee..793bd7a 100644 --- a/recipes-core/swupdate/files/0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch +++ b/recipes-core/swupdate/files/0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch @@ -1,9 +1,10 @@ -From 09a736a651ae05378d9ef8018589c9f834b729a6 Mon Sep 17 00:00:00 2001 +From 962f4b81ac1202e536628bfac822a22b8d7b0b3a Mon Sep 17 00:00:00 2001 From: Jan Kiszka <jan.kiszka@siemens.com> Date: Tue, 12 Apr 2022 08:01:21 +0200 -Subject: [PATCH 09/10] debian: Add patch to fix bootloader_env_get for EBG +Subject: [PATCH 5/6] debian: Add patch to fix bootloader_env_get for EBG Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> +Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> --- ...ix-do_env_get-for-anything-but-globa.patch | 38 +++++++++++++++++++ debian/patches/series | 1 + @@ -12,7 +13,7 @@ Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> diff --git a/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch new file mode 100644 -index 0000000..f99f7ee +index 00000000..f99f7ee6 --- /dev/null +++ b/debian/patches/0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch @@ -0,0 +1,38 @@ @@ -55,12 +56,12 @@ index 0000000..f99f7ee +2.34.1 + diff --git a/debian/patches/series b/debian/patches/series -index 8c5564a..98628a7 100644 +index 8c5564ae..98628a77 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ use-gcc-compiler.diff +0001-bootloader-EBG-fix-do_env_get-for-anything-but-globa.patch -- -2.34.1 +2.35.1 diff --git a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch b/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch deleted file mode 100644 index eb19e5f..0000000 --- a/recipes-core/swupdate/files/0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8315d5ff8168fca1bd3752764e71f98e8b55f2ad Mon Sep 17 00:00:00 2001 -From: Quirin Gylstorff <quirin.gylstorff@siemens.com> -Date: Tue, 5 Oct 2021 10:56:25 +0200 -Subject: [PATCH 05/10] debian: Make CONFIG_HW_COMPATIBILTY optional - -Add option for qemu. - -Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> ---- - debian/configs/defconfig | 1 - - debian/rules | 3 +++ - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/debian/configs/defconfig b/debian/configs/defconfig -index 337fcce..6fc1137 100644 ---- a/debian/configs/defconfig -+++ b/debian/configs/defconfig -@@ -1,5 +1,4 @@ - CONFIG_SYSTEMD=y --CONFIG_HW_COMPATIBILITY=y - CONFIG_DOWNLOAD=y - CONFIG_DOWNLOAD_SSL=y - CONFIG_SIGALG_CMS=y -diff --git a/debian/rules b/debian/rules -index 6078ed8..19870e9 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -39,6 +39,9 @@ else ifneq (,$(filter pkg.swupdate.efibootguard,$(DEB_BUILD_PROFILES))) - else - echo CONFIG_BOOTLOADER_NONE=y >> configs/debian_defconfig - endif -+ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES))) -+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig -+endif - ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES))) - echo CONFIG_WEBSERVER=y >> configs/debian_defconfig - echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig --- -2.34.1 - diff --git a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch similarity index 58% rename from recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch rename to recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch index 1d476e9..f3b9bfc 100644 --- a/recipes-core/swupdate/files/0010-debian-prepare-build-for-isar-debian-buster.patch +++ b/recipes-core/swupdate/files/0006-debian-prepare-build-for-isar-debian-buster.patch @@ -1,25 +1,24 @@ -From c9661853aea11f090b5936363b0bae10fe6ebed6 Mon Sep 17 00:00:00 2001 +From 33ce7123621f5da43cc8be730e916451abe84239 Mon Sep 17 00:00:00 2001 From: Quirin Gylstorff <quirin.gylstorff@siemens.com> Date: Wed, 29 Sep 2021 16:17:03 +0200 -Subject: [PATCH 10/10] debian: prepare build for isar debian buster +Subject: [PATCH 6/6] debian: prepare build for isar debian buster Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> --- debian/compat | 1 + debian/control | 10 +++++----- - debian/rules | 4 +++- - 3 files changed, 9 insertions(+), 6 deletions(-) + 2 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 debian/compat diff --git a/debian/compat b/debian/compat new file mode 100644 -index 0000000..f599e28 +index 00000000..f599e28b --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control -index 192c4a2..9318fa1 100644 +index 192c4a2a..9318fa12 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional @@ -46,27 +45,6 @@ index 192c4a2..9318fa1 100644 libubootenv-dev <pkg.swupdate.uboot>, libebgenv-dev <pkg.swupdate.efibootguard> | efibootguard-dev <pkg.swupdate.efibootguard>, libcmocka-dev, -diff --git a/debian/rules b/debian/rules -index 4dc9e17..370ca3d 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -19,13 +19,15 @@ endif - - override_dh_auto_configure: - cp debian/configs/defconfig configs/debian_defconfig --ifeq (,$(filter pkg.swupdate.bpo,$(DEB_BUILD_PROFILES))) -+ifneq (,$(filter pkg.swupdate.mtd,$(DEB_BUILD_PROFILES))) - echo CONFIG_MTD=y >> configs/debian_defconfig -+ifneq (,$(filter pkg.swupdate.ubi,$(DEB_BUILD_PROFILES))) - echo CONFIG_SWUFORWARDER_HANDLER=y >> configs/debian_defconfig - echo CONFIG_CFI=y >> configs/debian_defconfig - echo CONFIG_CFIHAMMING1=y >> configs/debian_defconfig - echo CONFIG_UBIVOL=y >> configs/debian_defconfig - echo CONFIG_SSBLSWITCH=y >> configs/debian_defconfig -+endif - else - echo "# CONFIG_MTD is not set" >> configs/debian_defconfig - endif -- -2.34.1 +2.35.1 diff --git a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch b/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch deleted file mode 100644 index a5207ee..0000000 --- a/recipes-core/swupdate/files/0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2776a4817eb91be3df001e04d548a702e9f5291a Mon Sep 17 00:00:00 2001 -From: Quirin Gylstorff <quirin.gylstorff@siemens.com> -Date: Mon, 14 Feb 2022 12:27:43 +0100 -Subject: [PATCH 08/10] Add Profile option to disable CONFIG_HASH_VERIFY - -This change also enables CONFIG_HASH_VERIFY by default. - -Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> ---- - debian/rules | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/debian/rules b/debian/rules -index 76fce01..4dc9e17 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -42,6 +42,9 @@ endif - ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES))) - echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig - endif -+ifeq (,$(filter pkg.swupdate.nohashverify,$(DEB_BUILD_PROFILES))) -+ echo CONFIG_HASH_VERIFY=y >> configs/debian_defconfig -+endif - ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES))) - echo CONFIG_WEBSERVER=y >> configs/debian_defconfig - echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig --- -2.34.1 - diff --git a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb index 7edefe7..086911b 100644 --- a/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb +++ b/recipes-core/swupdate/swupdate_2021.11-1+debian-gbp.bb @@ -13,23 +13,20 @@ inherit dpkg-gbp include swupdate.inc SRC_URI = "git://salsa.debian.org/debian/swupdate.git;protocol=https;branch=debian/master" -SRCREV ="debian/2021.11-1" +SRCREV ="344548c816b555c58ec199f31e45703897d23fb5" # add options to DEB_BUILD_PROFILES -SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \ - file://0002-debian-rules-Add-CONFIG_MTD.patch \ +SRC_URI += "file://0001-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \ + file://0002-debian-rules-Add-Embedded-Lua-handler-option.patch \ file://0003-debian-rules-Add-option-to-disable-fs-creation.patch \ file://0004-debian-rules-Add-option-to-disable-webserver.patch \ - file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \ - file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \ - file://0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \ - file://0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch \ - file://0009-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch" + file://0005-debian-Add-patch-to-fix-bootloader_env_get-for-EBG.patch" # end patching for dm-verity based images -# deactivate signing and encryption for simple a/b rootfs update -DEB_BUILD_PROFILES += "pkg.swupdate.nosigning pkg.swupdate.noencryption" +# deactivate signing and hardware compability for simple a/b rootfs update +DEB_BUILD_PROFILES += "pkg.swupdate.nosigning" +DEB_BUILD_PROFILES += "pkg.swupdate.nohwcompat" # add cross build and deactivate testing for arm based builds DEB_BUILD_PROFILES += "cross nocheck" @@ -40,11 +37,12 @@ DEB_BUILD_PROFILES += "cross nocheck" # DEB_BUILD_PROFILES += "pkg.swupdate.embeddedlua" # modify for debian buster build -SRC_URI_append_buster = " file://0010-debian-prepare-build-for-isar-debian-buster.patch" +SRC_URI_append_buster = " file://0006-debian-prepare-build-for-isar-debian-buster.patch" # disable create filesystem due to missing symbols in debian buster # disable webserver due to missing symbols in debian buster DEB_BUILD_PROFILES_append_buster = " \ + pkg.swupdate.bpo \ pkg.swupdate.nocreatefs \ pkg.swupdate.nowebserver " # In debian buster the git-compression defaults to gz and does not detect other