[meta-swupdate,v2,1/2] swupdate_class: split out common python functionality

Message ID 20180517093710.4155-1-raphael.freudiger@siemens.com
State Changes Requested
Headers show
Series
  • [meta-swupdate,v2,1/2] swupdate_class: split out common python functionality
Related show

Commit Message

Raphael Freudiger May 17, 2018, 9:37 a.m.
This is a preparation step to be able to use it as an fstype.

Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com>
---
 classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++
 classes/swupdate.bbclass        | 89 +----------------------------------------
 2 files changed, 91 insertions(+), 87 deletions(-)
 create mode 100644 classes/swupdate-common.bbclass

Comments

Stefano Babic June 4, 2018, 7:26 a.m. | #1
On 17/05/2018 11:37, Raphael Freudiger wrote:
> This is a preparation step to be able to use it as an fstype.
> 
> Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com>
> ---
>  classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++
>  classes/swupdate.bbclass        | 89 +----------------------------------------
>  2 files changed, 91 insertions(+), 87 deletions(-)
>  create mode 100644 classes/swupdate-common.bbclass
> 
> diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass
> new file mode 100644
> index 0000000..f53c55f
> --- /dev/null
> +++ b/classes/swupdate-common.bbclass
> @@ -0,0 +1,89 @@
> +def swupdate_is_hash_needed(s, filename):
> +    with open(os.path.join(s, "sw-description"), 'r') as f:
> +        for line in f:
> +            if line.find("@%s" % (filename)) != -1:
> +                return True
> +    return False
> +
> +def swupdate_get_sha256(s, filename):
> +    import hashlib
> +
> +    m = hashlib.sha256()
> +
> +    with open(os.path.join(s, filename), 'rb') as f:
> +        while True:
> +            data = f.read(1024)
> +            if not data:
> +                break
> +            m.update(data)
> +    return m.hexdigest()
> +
> +def swupdate_write_sha256(s, filename, hash):
> +    write_lines = []
> +
> +    with open(os.path.join(s, "sw-description"), 'r') as f:
> +        for line in f:
> +            write_lines.append(line.replace("@%s" % (filename), hash))
> +
> +    with open(os.path.join(s, "sw-description"), 'w+') as f:
> +        for line in write_lines:
> +            f.write(line)
> +
> +def prepare_sw_description(d, list_for_cpio):
> +
> +    for file in list_for_cpio:
> +        if file != 'sw-description' and swupdate_is_hash_needed(s, file):
> +            hash = swupdate_get_sha256(s, file)
> +            swupdate_write_sha256(s, file, hash)
> +
> +    signing = d.getVar('SWUPDATE_SIGNING', True)
> +    if signing == "1":
> +        bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
> +        signing = "RSA"
> +    if signing:
> +        if signing == "CUSTOM":
> +            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
> +            if sign_tool:
> +                ret = os.system(sign_tool)
> +                if ret != 0:
> +                    bb.fatal("Failed to sign with %s" % (sign_tool))
> +            else:
> +                bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
> +        elif signing == "RSA":
> +            privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
> +            if not privkey:
> +                bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
> +            if not os.path.exists(privkey):
> +                bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
> +            passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
> +            if passout:
> +                passout = "-passin file:'%s' " % (passout)
> +            else:
> +                passout = ""
> +            signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
> +                privkey,
> +                passout,
> +                os.path.join(s, 'sw-description.sig'),
> +                os.path.join(s, 'sw-description'))
> +            if os.system(signcmd) != 0:
> +                bb.fatal("Failed to sign sw-description with %s" % (privkey))
> +        elif signing == "CMS":
> +            cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
> +            if not cms_cert:
> +                bb.fatal("SWUPDATE_CMS_CERT is not set")
> +            if not os.path.exists(cms_cert):
> +                bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
> +            cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
> +            if not cms_key:
> +                bb.fatal("SWUPDATE_CMS_KEY isn't set")
> +            if not os.path.exists(cms_key):
> +                bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
> +            signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
> +                os.path.join(s, 'sw-description'),
> +                os.path.join(s, 'sw-description.sig'),
> +                cms_cert,
> +                cms_key)
> +            if os.system(signcmd) != 0:
> +                bb.fatal("Failed to sign sw-description with %s" % (privkey))
> +        else:
> +            bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
> index 02db631..e24b387 100644
> --- a/classes/swupdate.bbclass
> +++ b/classes/swupdate.bbclass
> @@ -11,43 +11,13 @@
>  # To use, add swupdate to the inherit clause and set
>  # set the images (all of them must be found in deploy directory)
>  # that are part of the compound image.
> +inherit swupdate-common.bbclass
>  
>  S = "${WORKDIR}/${PN}"
>  
>  DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}"
>  IMAGE_DEPENDS ?= ""
>  
> -def swupdate_is_hash_needed(s, filename):
> -    with open(os.path.join(s, "sw-description"), 'r') as f:
> -        for line in f:
> -            if line.find("@%s" % (filename)) != -1:
> -                return True
> -    return False
> -
> -def swupdate_get_sha256(s, filename):
> -    import hashlib
> -
> -    m = hashlib.sha256()
> -
> -    with open(os.path.join(s, filename), 'rb') as f:
> -        while True:
> -            data = f.read(1024)
> -            if not data:
> -                break
> -            m.update(data)
> -    return m.hexdigest()
> -
> -def swupdate_write_sha256(s, filename, hash):
> -    write_lines = []
> -
> -    with open(os.path.join(s, "sw-description"), 'r') as f:
> -        for line in f:
> -            write_lines.append(line.replace("@%s" % (filename), hash))
> -
> -    with open(os.path.join(s, "sw-description"), 'w+') as f:
> -        for line in write_lines:
> -            f.write(line)
> -
>  def swupdate_getdepends(d):
>      def adddep(depstr, deps):
>          for i in (depstr or "").split():
> @@ -136,62 +106,7 @@ python do_swuimage () {
>              shutil.copyfile(src, dst)
>              list_for_cpio.append(imagename)
>  
> -    for file in list_for_cpio:
> -        if file != 'sw-description' and swupdate_is_hash_needed(s, file):
> -            hash = swupdate_get_sha256(s, file)
> -            swupdate_write_sha256(s, file, hash)
> -
> -    signing = d.getVar('SWUPDATE_SIGNING', True)
> -    if signing == "1":
> -        bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
> -        signing = "RSA"
> -    if signing:
> -        if signing == "CUSTOM":
> -            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
> -            if sign_tool:
> -                ret = os.system(sign_tool)
> -                if ret != 0:
> -                    bb.fatal("Failed to sign with %s" % (sign_tool))
> -            else:
> -                bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
> -        elif signing == "RSA":
> -            privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
> -            if not privkey:
> -                bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
> -            if not os.path.exists(privkey):
> -                bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
> -            passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
> -            if passout:
> -                passout = "-passin file:'%s' " % (passout)
> -            else:
> -                passout = ""
> -            signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
> -                privkey,
> -                passout,
> -                os.path.join(s, 'sw-description.sig'),
> -                os.path.join(s, 'sw-description'))
> -            if os.system(signcmd) != 0:
> -                bb.fatal("Failed to sign sw-description with %s" % (privkey))
> -        elif signing == "CMS":
> -            cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
> -            if not cms_cert:
> -                bb.fatal("SWUPDATE_CMS_CERT is not set")
> -            if not os.path.exists(cms_cert):
> -                bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
> -            cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
> -            if not cms_key:
> -                bb.fatal("SWUPDATE_CMS_KEY isn't set")
> -            if not os.path.exists(cms_key):
> -                bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
> -            signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
> -                os.path.join(s, 'sw-description'),
> -                os.path.join(s, 'sw-description.sig'),
> -                cms_cert,
> -                cms_key)
> -            if os.system(signcmd) != 0:
> -                bb.fatal("Failed to sign sw-description with %s" % (privkey))
> -        else:
> -            bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
> +    prepare_sw_description(d, list_for_cpio)
>  
>      line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu')
>      os.system("cd " + s + ";" + line)
> 

Applied to -master and -sumo, thanks !

Best regards,
Stefano Babic
Stefano Babic June 4, 2018, 8:04 a.m. | #2
On 04/06/2018 09:26, Stefano Babic wrote:
> On 17/05/2018 11:37, Raphael Freudiger wrote:
>> This is a preparation step to be able to use it as an fstype.
>>
>> Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com>
>> ---
>>  classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++
>>  classes/swupdate.bbclass        | 89 +----------------------------------------
>>  2 files changed, 91 insertions(+), 87 deletions(-)
>>  create mode 100644 classes/swupdate-common.bbclass
>>
>> diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass
>> new file mode 100644
>> index 0000000..f53c55f
>> --- /dev/null
>> +++ b/classes/swupdate-common.bbclass
>> @@ -0,0 +1,89 @@
>> +def swupdate_is_hash_needed(s, filename):
>> +    with open(os.path.join(s, "sw-description"), 'r') as f:
>> +        for line in f:
>> +            if line.find("@%s" % (filename)) != -1:
>> +                return True
>> +    return False
>> +
>> +def swupdate_get_sha256(s, filename):
>> +    import hashlib
>> +
>> +    m = hashlib.sha256()
>> +
>> +    with open(os.path.join(s, filename), 'rb') as f:
>> +        while True:
>> +            data = f.read(1024)
>> +            if not data:
>> +                break
>> +            m.update(data)
>> +    return m.hexdigest()
>> +
>> +def swupdate_write_sha256(s, filename, hash):
>> +    write_lines = []
>> +
>> +    with open(os.path.join(s, "sw-description"), 'r') as f:
>> +        for line in f:
>> +            write_lines.append(line.replace("@%s" % (filename), hash))
>> +
>> +    with open(os.path.join(s, "sw-description"), 'w+') as f:
>> +        for line in write_lines:
>> +            f.write(line)
>> +
>> +def prepare_sw_description(d, list_for_cpio):
>> +
>> +    for file in list_for_cpio:
>> +        if file != 'sw-description' and swupdate_is_hash_needed(s, file):
>> +            hash = swupdate_get_sha256(s, file)
>> +            swupdate_write_sha256(s, file, hash)
>> +
>> +    signing = d.getVar('SWUPDATE_SIGNING', True)
>> +    if signing == "1":
>> +        bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
>> +        signing = "RSA"
>> +    if signing:
>> +        if signing == "CUSTOM":
>> +            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
>> +            if sign_tool:
>> +                ret = os.system(sign_tool)
>> +                if ret != 0:
>> +                    bb.fatal("Failed to sign with %s" % (sign_tool))
>> +            else:
>> +                bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
>> +        elif signing == "RSA":
>> +            privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
>> +            if not privkey:
>> +                bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
>> +            if not os.path.exists(privkey):
>> +                bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
>> +            passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
>> +            if passout:
>> +                passout = "-passin file:'%s' " % (passout)
>> +            else:
>> +                passout = ""
>> +            signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
>> +                privkey,
>> +                passout,
>> +                os.path.join(s, 'sw-description.sig'),
>> +                os.path.join(s, 'sw-description'))
>> +            if os.system(signcmd) != 0:
>> +                bb.fatal("Failed to sign sw-description with %s" % (privkey))
>> +        elif signing == "CMS":
>> +            cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
>> +            if not cms_cert:
>> +                bb.fatal("SWUPDATE_CMS_CERT is not set")
>> +            if not os.path.exists(cms_cert):
>> +                bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
>> +            cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
>> +            if not cms_key:
>> +                bb.fatal("SWUPDATE_CMS_KEY isn't set")
>> +            if not os.path.exists(cms_key):
>> +                bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
>> +            signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
>> +                os.path.join(s, 'sw-description'),
>> +                os.path.join(s, 'sw-description.sig'),
>> +                cms_cert,
>> +                cms_key)
>> +            if os.system(signcmd) != 0:
>> +                bb.fatal("Failed to sign sw-description with %s" % (privkey))
>> +        else:
>> +            bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
>> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
>> index 02db631..e24b387 100644
>> --- a/classes/swupdate.bbclass
>> +++ b/classes/swupdate.bbclass
>> @@ -11,43 +11,13 @@
>>  # To use, add swupdate to the inherit clause and set
>>  # set the images (all of them must be found in deploy directory)
>>  # that are part of the compound image.
>> +inherit swupdate-common.bbclass
>>  
>>  S = "${WORKDIR}/${PN}"
>>  
>>  DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}"
>>  IMAGE_DEPENDS ?= ""
>>  
>> -def swupdate_is_hash_needed(s, filename):
>> -    with open(os.path.join(s, "sw-description"), 'r') as f:
>> -        for line in f:
>> -            if line.find("@%s" % (filename)) != -1:
>> -                return True
>> -    return False
>> -
>> -def swupdate_get_sha256(s, filename):
>> -    import hashlib
>> -
>> -    m = hashlib.sha256()
>> -
>> -    with open(os.path.join(s, filename), 'rb') as f:
>> -        while True:
>> -            data = f.read(1024)
>> -            if not data:
>> -                break
>> -            m.update(data)
>> -    return m.hexdigest()
>> -
>> -def swupdate_write_sha256(s, filename, hash):
>> -    write_lines = []
>> -
>> -    with open(os.path.join(s, "sw-description"), 'r') as f:
>> -        for line in f:
>> -            write_lines.append(line.replace("@%s" % (filename), hash))
>> -
>> -    with open(os.path.join(s, "sw-description"), 'w+') as f:
>> -        for line in write_lines:
>> -            f.write(line)
>> -
>>  def swupdate_getdepends(d):
>>      def adddep(depstr, deps):
>>          for i in (depstr or "").split():
>> @@ -136,62 +106,7 @@ python do_swuimage () {
>>              shutil.copyfile(src, dst)
>>              list_for_cpio.append(imagename)
>>  
>> -    for file in list_for_cpio:
>> -        if file != 'sw-description' and swupdate_is_hash_needed(s, file):
>> -            hash = swupdate_get_sha256(s, file)
>> -            swupdate_write_sha256(s, file, hash)
>> -
>> -    signing = d.getVar('SWUPDATE_SIGNING', True)
>> -    if signing == "1":
>> -        bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
>> -        signing = "RSA"
>> -    if signing:
>> -        if signing == "CUSTOM":
>> -            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
>> -            if sign_tool:
>> -                ret = os.system(sign_tool)
>> -                if ret != 0:
>> -                    bb.fatal("Failed to sign with %s" % (sign_tool))
>> -            else:
>> -                bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
>> -        elif signing == "RSA":
>> -            privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
>> -            if not privkey:
>> -                bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
>> -            if not os.path.exists(privkey):
>> -                bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
>> -            passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
>> -            if passout:
>> -                passout = "-passin file:'%s' " % (passout)
>> -            else:
>> -                passout = ""
>> -            signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
>> -                privkey,
>> -                passout,
>> -                os.path.join(s, 'sw-description.sig'),
>> -                os.path.join(s, 'sw-description'))
>> -            if os.system(signcmd) != 0:
>> -                bb.fatal("Failed to sign sw-description with %s" % (privkey))
>> -        elif signing == "CMS":
>> -            cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
>> -            if not cms_cert:
>> -                bb.fatal("SWUPDATE_CMS_CERT is not set")
>> -            if not os.path.exists(cms_cert):
>> -                bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
>> -            cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
>> -            if not cms_key:
>> -                bb.fatal("SWUPDATE_CMS_KEY isn't set")
>> -            if not os.path.exists(cms_key):
>> -                bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
>> -            signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
>> -                os.path.join(s, 'sw-description'),
>> -                os.path.join(s, 'sw-description.sig'),
>> -                cms_cert,
>> -                cms_key)
>> -            if os.system(signcmd) != 0:
>> -                bb.fatal("Failed to sign sw-description with %s" % (privkey))
>> -        else:
>> -            bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
>> +    prepare_sw_description(d, list_for_cpio)
>>  
>>      line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu')
>>      os.system("cd " + s + ";" + line)
>>
> 
> Applied to -master and -sumo, thanks !

Wrong...there are regression issues.

With the patch applied, the sha is not set correctly. Can you take a
look and fix this ?

Best regards,
Stefano Babic

Patch

diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass
new file mode 100644
index 0000000..f53c55f
--- /dev/null
+++ b/classes/swupdate-common.bbclass
@@ -0,0 +1,89 @@ 
+def swupdate_is_hash_needed(s, filename):
+    with open(os.path.join(s, "sw-description"), 'r') as f:
+        for line in f:
+            if line.find("@%s" % (filename)) != -1:
+                return True
+    return False
+
+def swupdate_get_sha256(s, filename):
+    import hashlib
+
+    m = hashlib.sha256()
+
+    with open(os.path.join(s, filename), 'rb') as f:
+        while True:
+            data = f.read(1024)
+            if not data:
+                break
+            m.update(data)
+    return m.hexdigest()
+
+def swupdate_write_sha256(s, filename, hash):
+    write_lines = []
+
+    with open(os.path.join(s, "sw-description"), 'r') as f:
+        for line in f:
+            write_lines.append(line.replace("@%s" % (filename), hash))
+
+    with open(os.path.join(s, "sw-description"), 'w+') as f:
+        for line in write_lines:
+            f.write(line)
+
+def prepare_sw_description(d, list_for_cpio):
+
+    for file in list_for_cpio:
+        if file != 'sw-description' and swupdate_is_hash_needed(s, file):
+            hash = swupdate_get_sha256(s, file)
+            swupdate_write_sha256(s, file, hash)
+
+    signing = d.getVar('SWUPDATE_SIGNING', True)
+    if signing == "1":
+        bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
+        signing = "RSA"
+    if signing:
+        if signing == "CUSTOM":
+            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
+            if sign_tool:
+                ret = os.system(sign_tool)
+                if ret != 0:
+                    bb.fatal("Failed to sign with %s" % (sign_tool))
+            else:
+                bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
+        elif signing == "RSA":
+            privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
+            if not privkey:
+                bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
+            if not os.path.exists(privkey):
+                bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
+            passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
+            if passout:
+                passout = "-passin file:'%s' " % (passout)
+            else:
+                passout = ""
+            signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
+                privkey,
+                passout,
+                os.path.join(s, 'sw-description.sig'),
+                os.path.join(s, 'sw-description'))
+            if os.system(signcmd) != 0:
+                bb.fatal("Failed to sign sw-description with %s" % (privkey))
+        elif signing == "CMS":
+            cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
+            if not cms_cert:
+                bb.fatal("SWUPDATE_CMS_CERT is not set")
+            if not os.path.exists(cms_cert):
+                bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
+            cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
+            if not cms_key:
+                bb.fatal("SWUPDATE_CMS_KEY isn't set")
+            if not os.path.exists(cms_key):
+                bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
+            signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
+                os.path.join(s, 'sw-description'),
+                os.path.join(s, 'sw-description.sig'),
+                cms_cert,
+                cms_key)
+            if os.system(signcmd) != 0:
+                bb.fatal("Failed to sign sw-description with %s" % (privkey))
+        else:
+            bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 02db631..e24b387 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -11,43 +11,13 @@ 
 # To use, add swupdate to the inherit clause and set
 # set the images (all of them must be found in deploy directory)
 # that are part of the compound image.
+inherit swupdate-common.bbclass
 
 S = "${WORKDIR}/${PN}"
 
 DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}"
 IMAGE_DEPENDS ?= ""
 
-def swupdate_is_hash_needed(s, filename):
-    with open(os.path.join(s, "sw-description"), 'r') as f:
-        for line in f:
-            if line.find("@%s" % (filename)) != -1:
-                return True
-    return False
-
-def swupdate_get_sha256(s, filename):
-    import hashlib
-
-    m = hashlib.sha256()
-
-    with open(os.path.join(s, filename), 'rb') as f:
-        while True:
-            data = f.read(1024)
-            if not data:
-                break
-            m.update(data)
-    return m.hexdigest()
-
-def swupdate_write_sha256(s, filename, hash):
-    write_lines = []
-
-    with open(os.path.join(s, "sw-description"), 'r') as f:
-        for line in f:
-            write_lines.append(line.replace("@%s" % (filename), hash))
-
-    with open(os.path.join(s, "sw-description"), 'w+') as f:
-        for line in write_lines:
-            f.write(line)
-
 def swupdate_getdepends(d):
     def adddep(depstr, deps):
         for i in (depstr or "").split():
@@ -136,62 +106,7 @@  python do_swuimage () {
             shutil.copyfile(src, dst)
             list_for_cpio.append(imagename)
 
-    for file in list_for_cpio:
-        if file != 'sw-description' and swupdate_is_hash_needed(s, file):
-            hash = swupdate_get_sha256(s, file)
-            swupdate_write_sha256(s, file, hash)
-
-    signing = d.getVar('SWUPDATE_SIGNING', True)
-    if signing == "1":
-        bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
-        signing = "RSA"
-    if signing:
-        if signing == "CUSTOM":
-            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
-            if sign_tool:
-                ret = os.system(sign_tool)
-                if ret != 0:
-                    bb.fatal("Failed to sign with %s" % (sign_tool))
-            else:
-                bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
-        elif signing == "RSA":
-            privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
-            if not privkey:
-                bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
-            if not os.path.exists(privkey):
-                bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey))
-            passout = d.getVar('SWUPDATE_PASSWORD_FILE', True)
-            if passout:
-                passout = "-passin file:'%s' " % (passout)
-            else:
-                passout = ""
-            signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % (
-                privkey,
-                passout,
-                os.path.join(s, 'sw-description.sig'),
-                os.path.join(s, 'sw-description'))
-            if os.system(signcmd) != 0:
-                bb.fatal("Failed to sign sw-description with %s" % (privkey))
-        elif signing == "CMS":
-            cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
-            if not cms_cert:
-                bb.fatal("SWUPDATE_CMS_CERT is not set")
-            if not os.path.exists(cms_cert):
-                bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
-            cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
-            if not cms_key:
-                bb.fatal("SWUPDATE_CMS_KEY isn't set")
-            if not os.path.exists(cms_key):
-                bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
-            signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
-                os.path.join(s, 'sw-description'),
-                os.path.join(s, 'sw-description.sig'),
-                cms_cert,
-                cms_key)
-            if os.system(signcmd) != 0:
-                bb.fatal("Failed to sign sw-description with %s" % (privkey))
-        else:
-            bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
+    prepare_sw_description(d, list_for_cpio)
 
     line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu')
     os.system("cd " + s + ";" + line)