diff options
| author | Paul Spooren <mail@aparcar.org> | 2022-03-28 03:29:09 +0100 |
|---|---|---|
| committer | Paul Spooren <mail@aparcar.org> | 2022-03-29 21:41:06 +0100 |
| commit | 8822a8d850ba2df69b81289758959bb90643a696 (patch) | |
| tree | 33ad9112b2efa936a963405af8fcbfd50a44e763 /include | |
| parent | 5e34b316c5b3bf06a1d748cb5569d28b8334820f (diff) | |
| download | upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.gz upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.bz2 upstream-8822a8d850ba2df69b81289758959bb90643a696.zip | |
build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/image-commands.mk | 1 | ||||
| -rw-r--r-- | include/image.mk | 6 |
2 files changed, 4 insertions, 3 deletions
diff --git a/include/image-commands.mk b/include/image-commands.mk index b6593c138b..2d2d53cd65 100644 --- a/include/image-commands.mk +++ b/include/image-commands.mk @@ -81,6 +81,7 @@ metadata_json = \ define Build/append-metadata $(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@) + sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum" [ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \ cp "$(BUILD_KEY).ucert" "$@.ucert" ;\ usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\ diff --git a/include/image.mk b/include/image.mk index 35a5e291c6..b23e192c5d 100644 --- a/include/image.mk +++ b/include/image.mk @@ -493,9 +493,9 @@ define Device/Build/initramfs $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE) @mkdir -p $$(shell dirname $$@) DEVICE_ID="$(1)" \ - BIN_DIR="$(BIN_DIR)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ FILE_NAME="$$(notdir $$^)" \ + FILE_DIR="$(KDIR)/tmp" \ FILE_TYPE="kernel" \ FILE_FILESYSTEM="initramfs" \ DEVICE_IMG_PREFIX="$$(DEVICE_IMG_PREFIX)" \ @@ -600,9 +600,9 @@ define Device/Build/image $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX) @mkdir -p $$(shell dirname $$@) DEVICE_ID="$(DEVICE_NAME)" \ - BIN_DIR="$(BIN_DIR)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ FILE_NAME="$(DEVICE_IMG_NAME)" \ + FILE_DIR="$(KDIR)/tmp" \ FILE_TYPE=$(word 1,$(subst ., ,$(2))) \ FILE_FILESYSTEM="$(1)" \ DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \ @@ -646,9 +646,9 @@ define Device/Build/artifact $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) @mkdir -p $$(shell dirname $$@) DEVICE_ID="$(DEVICE_NAME)" \ - BIN_DIR="$(BIN_DIR)" \ SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ FILE_NAME="$(DEVICE_IMG_PREFIX)-$(1)" \ + FILE_DIR="$(KDIR)/tmp" \ FILE_TYPE="$(1)" \ DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \ DEVICE_VENDOR="$(DEVICE_VENDOR)" \ |