build: store sha256_unsigned in JSON

Introduce `sha256_unsigned` which is a checksum of the image _before_ a signature is attached. This is helpful to compare image reproducibility. Since the `.sha256sum` file is located in the $(KDIR) folder, switch $(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR) itself is not stored inside the resulting JSON file, so it can be replaced. Signed-off-by: Paul Spooren <mail@aparcar.org>
author: Paul Spooren <mail@aparcar.org> 2022-03-28 03:29:09 +0100
committer: Paul Spooren <mail@aparcar.org> 2022-03-29 21:41:06 +0100
commit: 8822a8d850ba2df69b81289758959bb90643a696 (patch)
tree: 33ad9112b2efa936a963405af8fcbfd50a44e763 /include/image-commands.mk
parent: 5e34b316c5b3bf06a1d748cb5569d28b8334820f (diff)
download: upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.gz
upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.bz2
upstream-8822a8d850ba2df69b81289758959bb90643a696.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/include/image-commands.mk b/include/image-commands.mk
index b6593c138b..2d2d53cd65 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -81,6 +81,7 @@ metadata_json = \
 
 define Build/append-metadata
 	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@)
+	sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum"
 	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
 		cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
 		usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
author	Paul Spooren <mail@aparcar.org>	2022-03-28 03:29:09 +0100
committer	Paul Spooren <mail@aparcar.org>	2022-03-29 21:41:06 +0100
commit	8822a8d850ba2df69b81289758959bb90643a696 (patch)
tree	33ad9112b2efa936a963405af8fcbfd50a44e763 /include/image-commands.mk
parent	5e34b316c5b3bf06a1d748cb5569d28b8334820f (diff)
download	upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.gz upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.bz2 upstream-8822a8d850ba2df69b81289758959bb90643a696.zip