From a5cf20d1974f8247ed87fad4a61216cc75eddfdb Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Mon, 28 Mar 2022 03:29:09 +0100 Subject: build: store sha256_unsigned in JSON Introduce `sha256_unsigned` which is a checksum of the image _before_ a signature is attached. This is helpful to compare image reproducibility. Since the `.sha256sum` file is located in the $(KDIR) folder, switch $(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR) itself is not stored inside the resulting JSON file, so it can be replaced. Signed-off-by: Paul Spooren (cherry picked from commit 8822a8d850ba2df69b81289758959bb90643a696) --- scripts/json_add_image_info.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'scripts') diff --git a/scripts/json_add_image_info.py b/scripts/json_add_image_info.py index 4608996f02..9aa2a19e45 100755 --- a/scripts/json_add_image_info.py +++ b/scripts/json_add_image_info.py @@ -11,8 +11,8 @@ if len(argv) != 2: exit(1) json_path = Path(argv[1]) -bin_dir = Path(getenv("BIN_DIR")) -file_path = bin_dir / getenv("FILE_NAME") +file_path = Path(getenv("FILE_DIR")) / getenv("FILE_NAME") + if not file_path.is_file(): print("Skip JSON creation for non existing file", file_path) @@ -37,7 +37,14 @@ def get_titles(): device_id = getenv("DEVICE_ID") -file_hash = hashlib.sha256(file_path.read_bytes()).hexdigest() +hash_file = hashlib.sha256(file_path.read_bytes()).hexdigest() + +if file_path.with_suffix(file_path.suffix + ".sha256sum").exists(): + hash_unsigned = ( + file_path.with_suffix(file_path.suffix + ".sha256sum").read_text().strip() + ) +else: + hash_unsigned = hash_file file_info = { "metadata_version": 1, @@ -52,7 +59,8 @@ file_info = { { "type": getenv("FILE_TYPE"), "name": getenv("FILE_NAME"), - "sha256": file_hash, + "sha256": hash_file, + "sha256_unsigned": hash_unsigned, } ], "device_packages": getenv("DEVICE_PACKAGES").split(), -- cgit v1.2.3