diff options
| author | Paul Spooren <mail@aparcar.org> | 2022-03-28 03:29:09 +0100 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2022-04-06 14:03:58 +0100 |
| commit | a5cf20d1974f8247ed87fad4a61216cc75eddfdb (patch) | |
| tree | 7c257a05a557fe487f9675fd65f5591342223c1b /include | |
| parent | ca83af21ccd510d260d20775a50045e7afca7211 (diff) | |
| download | upstream-a5cf20d1974f8247ed87fad4a61216cc75eddfdb.tar.gz upstream-a5cf20d1974f8247ed87fad4a61216cc75eddfdb.tar.bz2 upstream-a5cf20d1974f8247ed87fad4a61216cc75eddfdb.zip | |
build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 8822a8d850ba2df69b81289758959bb90643a696)
Diffstat (limited to 'include')
| -rw-r--r-- | include/image-commands.mk | 1 | ||||
| -rw-r--r-- | include/image.mk | 6 |
2 files changed, 4 insertions, 3 deletions
diff --git a/include/image-commands.mk b/include/image-commands.mk index b6593c138b..2d2d53cd65 100644 --- a/include/image-commands.mk +++ b/include/image-commands.mk @@ -81,6 +81,7 @@ metadata_json = \ define Build/append-metadata $(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@) + sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum" [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \ cp "$(BUILD_KEY).ucert" "$@.ucert" ;\ usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\ diff --git a/include/image.mk b/include/image.mk index a7b04bac6b..1703c39797 100644 --- a/include/image.mk +++ b/include/image.mk @@ -492,9 +492,9 @@ define Device/Build/initramfs $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE) @mkdir -p $$(shell dirname $$@) DEVICE_ID="$(1)" \ - BIN_DIR="$(BIN_DIR)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ FILE_NAME="$$(notdir $$^)" \ + FILE_DIR="$(KDIR)/tmp" \ FILE_TYPE="kernel" \ FILE_FILESYSTEM="initramfs" \ DEVICE_IMG_PREFIX="$$(DEVICE_IMG_PREFIX)" \ @@ -599,9 +599,9 @@ define Device/Build/image $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX) @mkdir -p $$(shell dirname $$@) DEVICE_ID="$(DEVICE_NAME)" \ - BIN_DIR="$(BIN_DIR)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ FILE_NAME="$(DEVICE_IMG_NAME)" \ + FILE_DIR="$(KDIR)/tmp" \ FILE_TYPE=$(word 1,$(subst ., ,$(2))) \ FILE_FILESYSTEM="$(1)" \ DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \ @@ -645,9 +645,9 @@ define Device/Build/artifact $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) @mkdir -p $$(shell dirname $$@) DEVICE_ID="$(DEVICE_NAME)" \ - BIN_DIR="$(BIN_DIR)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ FILE_NAME="$(DEVICE_IMG_PREFIX)-$(1)" \ + FILE_DIR="$(KDIR)/tmp" \ FILE_TYPE="$(1)" \ DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \ DEVICE_VENDOR="$(DEVICE_VENDOR)" \ |