diff options
author | Paul Spooren <mail@aparcar.org> | 2022-03-28 03:29:09 +0100 |
---|---|---|
committer | Paul Spooren <mail@aparcar.org> | 2022-03-29 21:41:06 +0100 |
commit | 8822a8d850ba2df69b81289758959bb90643a696 (patch) | |
tree | 33ad9112b2efa936a963405af8fcbfd50a44e763 /scripts | |
parent | 5e34b316c5b3bf06a1d748cb5569d28b8334820f (diff) | |
download | upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.gz upstream-8822a8d850ba2df69b81289758959bb90643a696.tar.bz2 upstream-8822a8d850ba2df69b81289758959bb90643a696.zip |
build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/json_add_image_info.py | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/scripts/json_add_image_info.py b/scripts/json_add_image_info.py index 4608996f02..9aa2a19e45 100755 --- a/scripts/json_add_image_info.py +++ b/scripts/json_add_image_info.py @@ -11,8 +11,8 @@ if len(argv) != 2: exit(1) json_path = Path(argv[1]) -bin_dir = Path(getenv("BIN_DIR")) -file_path = bin_dir / getenv("FILE_NAME") +file_path = Path(getenv("FILE_DIR")) / getenv("FILE_NAME") + if not file_path.is_file(): print("Skip JSON creation for non existing file", file_path) @@ -37,7 +37,14 @@ def get_titles(): device_id = getenv("DEVICE_ID") -file_hash = hashlib.sha256(file_path.read_bytes()).hexdigest() +hash_file = hashlib.sha256(file_path.read_bytes()).hexdigest() + +if file_path.with_suffix(file_path.suffix + ".sha256sum").exists(): + hash_unsigned = ( + file_path.with_suffix(file_path.suffix + ".sha256sum").read_text().strip() + ) +else: + hash_unsigned = hash_file file_info = { "metadata_version": 1, @@ -52,7 +59,8 @@ file_info = { { "type": getenv("FILE_TYPE"), "name": getenv("FILE_NAME"), - "sha256": file_hash, + "sha256": hash_file, + "sha256_unsigned": hash_unsigned, } ], "device_packages": getenv("DEVICE_PACKAGES").split(), |