| Message ID | 20180507121251.13088-1-raphael.freudiger@siemens.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [meta-swupdate,1/3] swupdate_class: split out a base class | expand |
Hi Raphael, On 07/05/2018 14:12, Raphael Freudiger wrote: > The base class can be used in images directly instead of a separate update image. > This is useful when only files from one image are used anyway. > I will ask to split your patches to help review. You change at once swupdate.class and swupdate-base.class and itis difficult to check what you have additionally changed after moving. My proposal: - first patch simply move the file, and swupdate.class just include swupdate-base.class - second patch makes the changes From the commit message, I understand that your (special, but frequent) use case is when the whole software contains rootfs as single image, and kernel is part of rootfs. If this is the case, the logical expectation in Yocto is that the image can be beuilt with an additional format type and it is enough to add IMAGE_FSTYPES += "swu" in a image recipe. > Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com> > --- > classes/swupdate-base.bbclass | 177 ++++++++++++++++++++++++++++++++++++++++++ > classes/swupdate.bbclass | 158 +------------------------------------ > 2 files changed, 178 insertions(+), 157 deletions(-) > create mode 100644 classes/swupdate-base.bbclass > > diff --git a/classes/swupdate-base.bbclass b/classes/swupdate-base.bbclass > new file mode 100644 > index 0000000..d46375d > --- /dev/null > +++ b/classes/swupdate-base.bbclass > @@ -0,0 +1,177 @@ > +# Copyright (C) 2015 Stefano Babic <sbabic@denx.de> > +# > +# Some parts from the patch class > +# > +# swupdate allows to generate a compound image for the > +# in the "swupdate" format, used for updating the targets > +# in field. > +# See also http://sbabic.github.io/swupdate/ > +# > +# > +# To use, add swupdate to the inherit clause and set > +# set the images (all of them must be found in deploy directory) > +# that are part of the compound image. > + > +DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" > +SWUPDATE_DIR ?= "${IMGDEPLOYDIR}" > + > +def swupdate_is_hash_needed(s, filename): > + with open(os.path.join(s, "sw-description"), 'r') as f: > + for line in f: > + if line.find("@%s" % (filename)) != -1: > + return True > + return False > + > +def swupdate_get_sha256(s, filename): > + import hashlib > + > + m = hashlib.sha256() > + > + with open(os.path.join(s, filename), 'rb') as f: > + while True: > + data = f.read(1024) > + if not data: > + break > + m.update(data) > + return m.hexdigest() > + > +def swupdate_write_sha256(s, filename, hash): > + write_lines = [] > + > + with open(os.path.join(s, "sw-description"), 'r') as f: > + for line in f: > + write_lines.append(line.replace("@%s" % (filename), hash)) > + > + with open(os.path.join(s, "sw-description"), 'w+') as f: > + for line in write_lines: > + f.write(line) > + > +def swupdate_getdepends(d): > + def adddep(depstr, deps): > + for i in (depstr or "").split(): > + if i not in deps: > + deps.append(i) > + > + deps = [] > + images = (d.getVar('IMAGE_DEPENDS', True) or "").split() > + for image in images: > + adddep(image , deps) > + > + depstr = "" > + for dep in deps: > + depstr += " " + dep + ":do_build" > + return depstr > + > +python do_swuimage () { > + import shutil > + > + workdir = d.getVar('WORKDIR', True) > + images = (d.getVar('SWUPDATE_IMAGES', True) or "").split() > + s = d.getVar('S', True) > + shutil.copyfile(os.path.join(workdir, "sw-description"), os.path.join(s, "sw-description")) > + fetch = bb.fetch2.Fetch([], d) > + list_for_cpio = ["sw-description"] > + > + if d.getVar('SWUPDATE_SIGNING', True): > + list_for_cpio.append('sw-description.sig') > + > + for url in fetch.urls: > + local = fetch.localpath(url) > + filename = os.path.basename(local) > + if (filename != 'sw-description'): > + shutil.copyfile(local, os.path.join(s, "%s" % filename )) > + list_for_cpio.append(filename) > + > +# SWUPDATE_IMAGES refers to images in the DEPLOY directory > +# If they are not there, additional file can be added > +# by fetching from URLs > + deploydir = d.getVar('DEPLOY_DIR_IMAGE', True) > + imgdeploydir = d.getVar('IMGDEPLOYDIR', True) > + swupdate_dir = d.getVar('SWUPDATE_DIR', True) > + > + for image in images: > + fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, True) or "").split() > + if not fstypes: > + fstypes = [""] > + > + for fstype in fstypes: > + > + appendmachine = d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True) > + if appendmachine == None: > + imagebase = image + '-' + d.getVar('MACHINE', True) > + else: > + imagebase = image > + > + imagename = imagebase + fstype > + src = os.path.join(imgdeploydir, "%s" % imagename) > + if not os.path.exists(src): > + src = os.path.join(deploydir, "%s" % imagename) > + if not os.path.exists(src): > + bb.fatal("File %s could not be found" % imagename) > + dst = os.path.join(s, "%s" % imagename) > + shutil.copyfile(src, dst) > + list_for_cpio.append(imagename) > + > + for file in list_for_cpio: > + if file != 'sw-description' and swupdate_is_hash_needed(s, file): > + hash = swupdate_get_sha256(s, file) > + swupdate_write_sha256(s, file, hash) > + > + signing = d.getVar('SWUPDATE_SIGNING', True) > + if signing == "1": > + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') > + signing = "RSA" > + if signing: > + if signing == "CUSTOM": > + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) > + if sign_tool: > + ret = os.system(sign_tool) > + if ret != 0: > + bb.fatal("Failed to sign with %s" % (sign_tool)) > + else: > + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") > + elif signing == "RSA": > + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) > + if not privkey: > + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") > + if not os.path.exists(privkey): > + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) > + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) > + if passout: > + passout = "-passin file:'%s' " % (passout) > + else: > + passout = "" > + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( > + privkey, > + passout, > + os.path.join(s, 'sw-description.sig'), > + os.path.join(s, 'sw-description')) > + if os.system(signcmd) != 0: > + bb.fatal("Failed to sign sw-description with %s" % (privkey)) > + elif signing == "CMS": > + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) > + if not cms_cert: > + bb.fatal("SWUPDATE_CMS_CERT is not set") > + if not os.path.exists(cms_cert): > + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) > + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) > + if not cms_key: > + bb.fatal("SWUPDATE_CMS_KEY isn't set") > + if not os.path.exists(cms_key): > + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) > + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( > + os.path.join(s, 'sw-description'), > + os.path.join(s, 'sw-description.sig'), > + cms_cert, > + cms_key) > + if os.system(signcmd) != 0: > + bb.fatal("Failed to sign sw-description with %s" % (privkey)) > + else: > + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); > + > + line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(swupdate_dir,d.getVar('IMAGE_NAME', True) + '.swu') > + os.system("cd " + s + ";" + line) > + > + line = 'ln -sf ' + d.getVar('IMAGE_NAME', True) + '.swu ' + d.getVar('IMAGE_LINK_NAME', True) + '.swu' > + os.system("cd " + swupdate_dir + "; " + line) > +} > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass > index 02db631..6ad16d4 100644 > --- a/classes/swupdate.bbclass > +++ b/classes/swupdate.bbclass > @@ -11,59 +11,12 @@ > # To use, add swupdate to the inherit clause and set > # set the images (all of them must be found in deploy directory) > # that are part of the compound image. > +inherit swupdate-base > > S = "${WORKDIR}/${PN}" > > -DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" > IMAGE_DEPENDS ?= "" > > -def swupdate_is_hash_needed(s, filename): > - with open(os.path.join(s, "sw-description"), 'r') as f: > - for line in f: > - if line.find("@%s" % (filename)) != -1: > - return True > - return False > - > -def swupdate_get_sha256(s, filename): > - import hashlib > - > - m = hashlib.sha256() > - > - with open(os.path.join(s, filename), 'rb') as f: > - while True: > - data = f.read(1024) > - if not data: > - break > - m.update(data) > - return m.hexdigest() > - > -def swupdate_write_sha256(s, filename, hash): > - write_lines = [] > - > - with open(os.path.join(s, "sw-description"), 'r') as f: > - for line in f: > - write_lines.append(line.replace("@%s" % (filename), hash)) > - > - with open(os.path.join(s, "sw-description"), 'w+') as f: > - for line in write_lines: > - f.write(line) > - > -def swupdate_getdepends(d): > - def adddep(depstr, deps): > - for i in (depstr or "").split(): > - if i not in deps: > - deps.append(i) > - > - deps = [] > - images = (d.getVar('IMAGE_DEPENDS', True) or "").split() > - for image in images: > - adddep(image , deps) > - > - depstr = "" > - for dep in deps: > - depstr += " " + dep + ":do_build" > - return depstr > - > IMGDEPLOYDIR = "${WORKDIR}/deploy-${PN}-swuimage" > > do_swuimage[dirs] = "${TOPDIR}" > @@ -91,115 +44,6 @@ python () { > d.appendVarFlag('do_swuimage', 'depends', deps) > } > > -python do_swuimage () { > - import shutil > - > - workdir = d.getVar('WORKDIR', True) > - images = (d.getVar('SWUPDATE_IMAGES', True) or "").split() > - s = d.getVar('S', True) > - shutil.copyfile(os.path.join(workdir, "sw-description"), os.path.join(s, "sw-description")) > - fetch = bb.fetch2.Fetch([], d) > - list_for_cpio = ["sw-description"] > - > - if d.getVar('SWUPDATE_SIGNING', True): > - list_for_cpio.append('sw-description.sig') > - > - for url in fetch.urls: > - local = fetch.localpath(url) > - filename = os.path.basename(local) > - if (filename != 'sw-description'): > - shutil.copyfile(local, os.path.join(s, "%s" % filename )) > - list_for_cpio.append(filename) > - > -# SWUPDATE_IMAGES refers to images in the DEPLOY directory > -# If they are not there, additional file can be added > -# by fetching from URLs > - deploydir = d.getVar('DEPLOY_DIR_IMAGE', True) > - imgdeploydir = d.getVar('IMGDEPLOYDIR', True) > - > - for image in images: > - fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, True) or "").split() > - if not fstypes: > - fstypes = [""] > - > - for fstype in fstypes: > - > - appendmachine = d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True) > - if appendmachine == None: > - imagebase = image + '-' + d.getVar('MACHINE', True) > - else: > - imagebase = image > - > - imagename = imagebase + fstype > - src = os.path.join(deploydir, "%s" % imagename) > - dst = os.path.join(s, "%s" % imagename) > - shutil.copyfile(src, dst) > - list_for_cpio.append(imagename) > - > - for file in list_for_cpio: > - if file != 'sw-description' and swupdate_is_hash_needed(s, file): > - hash = swupdate_get_sha256(s, file) > - swupdate_write_sha256(s, file, hash) > - > - signing = d.getVar('SWUPDATE_SIGNING', True) > - if signing == "1": > - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') > - signing = "RSA" > - if signing: > - if signing == "CUSTOM": > - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) > - if sign_tool: > - ret = os.system(sign_tool) > - if ret != 0: > - bb.fatal("Failed to sign with %s" % (sign_tool)) > - else: > - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") > - elif signing == "RSA": > - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) > - if not privkey: > - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") > - if not os.path.exists(privkey): > - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) > - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) > - if passout: > - passout = "-passin file:'%s' " % (passout) > - else: > - passout = "" > - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( > - privkey, > - passout, > - os.path.join(s, 'sw-description.sig'), > - os.path.join(s, 'sw-description')) > - if os.system(signcmd) != 0: > - bb.fatal("Failed to sign sw-description with %s" % (privkey)) > - elif signing == "CMS": > - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) > - if not cms_cert: > - bb.fatal("SWUPDATE_CMS_CERT is not set") > - if not os.path.exists(cms_cert): > - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) > - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) > - if not cms_key: > - bb.fatal("SWUPDATE_CMS_KEY isn't set") > - if not os.path.exists(cms_key): > - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) > - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( > - os.path.join(s, 'sw-description'), > - os.path.join(s, 'sw-description.sig'), > - cms_cert, > - cms_key) > - if os.system(signcmd) != 0: > - bb.fatal("Failed to sign sw-description with %s" % (privkey)) > - else: > - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); > - > - line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') > - os.system("cd " + s + ";" + line) > - > - line = 'ln -sf ' + d.getVar('IMAGE_NAME', True) + '.swu ' + d.getVar('IMAGE_LINK_NAME', True) + '.swu' > - os.system("cd " + imgdeploydir + "; " + line) > -} > - > COMPRESSIONTYPES = "" > PACKAGE_ARCH = "${MACHINE_ARCH}" > > Best regards, Stefano Babic
Hi Stefano An FSTYPE requires a IMAGE_CMD written as a shell script and not as a python function. But all the swupdate functionality is in python, therefore it cannot be used as IMAGE_CMD directly. I will update the patches. Regards Raphael > -----Ursprüngliche Nachricht----- > Von: Stefano Babic [mailto:sbabic@denx.de] > Gesendet: Mittwoch, 16. Mai 2018 12:29 > An: Freudiger, Raphael (BT CPS R&D ZG FW CCP); > swupdate@googlegroups.com > Betreff: Re: [swupdate] [meta-swupdate][PATCH 1/3] swupdate_class: split out a > base class > > Hi Raphael, > > On 07/05/2018 14:12, Raphael Freudiger wrote: > > The base class can be used in images directly instead of a separate update > image. > > This is useful when only files from one image are used anyway. > > > > I will ask to split your patches to help review. You change at once swupdate.class > and swupdate-base.class and itis difficult to check what you have additionally > changed after moving. My proposal: > > - first patch simply move the file, and swupdate.class just include swupdate- > base.class > - second patch makes the changes > > From the commit message, I understand that your (special, but frequent) use > case is when the whole software contains rootfs as single image, and kernel is > part of rootfs. > > If this is the case, the logical expectation in Yocto is that the image can be beuilt > with an additional format type and it is enough to add IMAGE_FSTYPES += "swu" > in a image recipe. > > > Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com> > > --- > > classes/swupdate-base.bbclass | 177 > ++++++++++++++++++++++++++++++++++++++++++ > > classes/swupdate.bbclass | 158 +------------------------------------ > > 2 files changed, 178 insertions(+), 157 deletions(-) create mode > > 100644 classes/swupdate-base.bbclass > > > > diff --git a/classes/swupdate-base.bbclass > > b/classes/swupdate-base.bbclass new file mode 100644 index > > 0000000..d46375d > > --- /dev/null > > +++ b/classes/swupdate-base.bbclass > > @@ -0,0 +1,177 @@ > > +# Copyright (C) 2015 Stefano Babic <sbabic@denx.de> # # Some parts > > +from the patch class # # swupdate allows to generate a compound image > > +for the # in the "swupdate" format, used for updating the targets # > > +in field. > > +# See also http://sbabic.github.io/swupdate/ # # # To use, add > > +swupdate to the inherit clause and set # set the images (all of them > > +must be found in deploy directory) # that are part of the compound > > +image. > > + > > +DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) > else ''}" > > +SWUPDATE_DIR ?= "${IMGDEPLOYDIR}" > > + > > +def swupdate_is_hash_needed(s, filename): > > + with open(os.path.join(s, "sw-description"), 'r') as f: > > + for line in f: > > + if line.find("@%s" % (filename)) != -1: > > + return True > > + return False > > + > > +def swupdate_get_sha256(s, filename): > > + import hashlib > > + > > + m = hashlib.sha256() > > + > > + with open(os.path.join(s, filename), 'rb') as f: > > + while True: > > + data = f.read(1024) > > + if not data: > > + break > > + m.update(data) > > + return m.hexdigest() > > + > > +def swupdate_write_sha256(s, filename, hash): > > + write_lines = [] > > + > > + with open(os.path.join(s, "sw-description"), 'r') as f: > > + for line in f: > > + write_lines.append(line.replace("@%s" % (filename), > > + hash)) > > + > > + with open(os.path.join(s, "sw-description"), 'w+') as f: > > + for line in write_lines: > > + f.write(line) > > + > > +def swupdate_getdepends(d): > > + def adddep(depstr, deps): > > + for i in (depstr or "").split(): > > + if i not in deps: > > + deps.append(i) > > + > > + deps = [] > > + images = (d.getVar('IMAGE_DEPENDS', True) or "").split() > > + for image in images: > > + adddep(image , deps) > > + > > + depstr = "" > > + for dep in deps: > > + depstr += " " + dep + ":do_build" > > + return depstr > > + > > +python do_swuimage () { > > + import shutil > > + > > + workdir = d.getVar('WORKDIR', True) > > + images = (d.getVar('SWUPDATE_IMAGES', True) or "").split() > > + s = d.getVar('S', True) > > + shutil.copyfile(os.path.join(workdir, "sw-description"), os.path.join(s, "sw- > description")) > > + fetch = bb.fetch2.Fetch([], d) > > + list_for_cpio = ["sw-description"] > > + > > + if d.getVar('SWUPDATE_SIGNING', True): > > + list_for_cpio.append('sw-description.sig') > > + > > + for url in fetch.urls: > > + local = fetch.localpath(url) > > + filename = os.path.basename(local) > > + if (filename != 'sw-description'): > > + shutil.copyfile(local, os.path.join(s, "%s" % filename )) > > + list_for_cpio.append(filename) > > + > > +# SWUPDATE_IMAGES refers to images in the DEPLOY directory # If they > > +are not there, additional file can be added # by fetching from URLs > > + deploydir = d.getVar('DEPLOY_DIR_IMAGE', True) > > + imgdeploydir = d.getVar('IMGDEPLOYDIR', True) > > + swupdate_dir = d.getVar('SWUPDATE_DIR', True) > > + > > + for image in images: > > + fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, > True) or "").split() > > + if not fstypes: > > + fstypes = [""] > > + > > + for fstype in fstypes: > > + > > + appendmachine = > d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True) > > + if appendmachine == None: > > + imagebase = image + '-' + d.getVar('MACHINE', True) > > + else: > > + imagebase = image > > + > > + imagename = imagebase + fstype > > + src = os.path.join(imgdeploydir, "%s" % imagename) > > + if not os.path.exists(src): > > + src = os.path.join(deploydir, "%s" % imagename) > > + if not os.path.exists(src): > > + bb.fatal("File %s could not be found" % imagename) > > + dst = os.path.join(s, "%s" % imagename) > > + shutil.copyfile(src, dst) > > + list_for_cpio.append(imagename) > > + > > + for file in list_for_cpio: > > + if file != 'sw-description' and swupdate_is_hash_needed(s, file): > > + hash = swupdate_get_sha256(s, file) > > + swupdate_write_sha256(s, file, hash) > > + > > + signing = d.getVar('SWUPDATE_SIGNING', True) > > + if signing == "1": > > + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to > "RSA". It is advised to set it to "RSA" if using RSA signing.') > > + signing = "RSA" > > + if signing: > > + if signing == "CUSTOM": > > + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) > > + if sign_tool: > > + ret = os.system(sign_tool) > > + if ret != 0: > > + bb.fatal("Failed to sign with %s" % (sign_tool)) > > + else: > > + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") > > + elif signing == "RSA": > > + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) > > + if not privkey: > > + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") > > + if not os.path.exists(privkey): > > + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % > (privkey)) > > + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) > > + if passout: > > + passout = "-passin file:'%s' " % (passout) > > + else: > > + passout = "" > > + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( > > + privkey, > > + passout, > > + os.path.join(s, 'sw-description.sig'), > > + os.path.join(s, 'sw-description')) > > + if os.system(signcmd) != 0: > > + bb.fatal("Failed to sign sw-description with %s" % (privkey)) > > + elif signing == "CMS": > > + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) > > + if not cms_cert: > > + bb.fatal("SWUPDATE_CMS_CERT is not set") > > + if not os.path.exists(cms_cert): > > + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) > > + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) > > + if not cms_key: > > + bb.fatal("SWUPDATE_CMS_KEY isn't set") > > + if not os.path.exists(cms_key): > > + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) > > + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey > '%s' -outform DER -nosmimecap -binary" % ( > > + os.path.join(s, 'sw-description'), > > + os.path.join(s, 'sw-description.sig'), > > + cms_cert, > > + cms_key) > > + if os.system(signcmd) != 0: > > + bb.fatal("Failed to sign sw-description with %s" % (privkey)) > > + else: > > + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); > > + > > + line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' > + os.path.join(swupdate_dir,d.getVar('IMAGE_NAME', True) + '.swu') > > + os.system("cd " + s + ";" + line) > > + > > + line = 'ln -sf ' + d.getVar('IMAGE_NAME', True) + '.swu ' + > d.getVar('IMAGE_LINK_NAME', True) + '.swu' > > + os.system("cd " + swupdate_dir + "; " + line) } > > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index > > 02db631..6ad16d4 100644 > > --- a/classes/swupdate.bbclass > > +++ b/classes/swupdate.bbclass > > @@ -11,59 +11,12 @@ > > # To use, add swupdate to the inherit clause and set # set the > > images (all of them must be found in deploy directory) # that are > > part of the compound image. > > +inherit swupdate-base > > > > S = "${WORKDIR}/${PN}" > > > > -DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) > else ''}" > > IMAGE_DEPENDS ?= "" > > > > -def swupdate_is_hash_needed(s, filename): > > - with open(os.path.join(s, "sw-description"), 'r') as f: > > - for line in f: > > - if line.find("@%s" % (filename)) != -1: > > - return True > > - return False > > - > > -def swupdate_get_sha256(s, filename): > > - import hashlib > > - > > - m = hashlib.sha256() > > - > > - with open(os.path.join(s, filename), 'rb') as f: > > - while True: > > - data = f.read(1024) > > - if not data: > > - break > > - m.update(data) > > - return m.hexdigest() > > - > > -def swupdate_write_sha256(s, filename, hash): > > - write_lines = [] > > - > > - with open(os.path.join(s, "sw-description"), 'r') as f: > > - for line in f: > > - write_lines.append(line.replace("@%s" % (filename), hash)) > > - > > - with open(os.path.join(s, "sw-description"), 'w+') as f: > > - for line in write_lines: > > - f.write(line) > > - > > -def swupdate_getdepends(d): > > - def adddep(depstr, deps): > > - for i in (depstr or "").split(): > > - if i not in deps: > > - deps.append(i) > > - > > - deps = [] > > - images = (d.getVar('IMAGE_DEPENDS', True) or "").split() > > - for image in images: > > - adddep(image , deps) > > - > > - depstr = "" > > - for dep in deps: > > - depstr += " " + dep + ":do_build" > > - return depstr > > - > > IMGDEPLOYDIR = "${WORKDIR}/deploy-${PN}-swuimage" > > > > do_swuimage[dirs] = "${TOPDIR}" > > @@ -91,115 +44,6 @@ python () { > > d.appendVarFlag('do_swuimage', 'depends', deps) } > > > > -python do_swuimage () { > > - import shutil > > - > > - workdir = d.getVar('WORKDIR', True) > > - images = (d.getVar('SWUPDATE_IMAGES', True) or "").split() > > - s = d.getVar('S', True) > > - shutil.copyfile(os.path.join(workdir, "sw-description"), os.path.join(s, "sw- > description")) > > - fetch = bb.fetch2.Fetch([], d) > > - list_for_cpio = ["sw-description"] > > - > > - if d.getVar('SWUPDATE_SIGNING', True): > > - list_for_cpio.append('sw-description.sig') > > - > > - for url in fetch.urls: > > - local = fetch.localpath(url) > > - filename = os.path.basename(local) > > - if (filename != 'sw-description'): > > - shutil.copyfile(local, os.path.join(s, "%s" % filename )) > > - list_for_cpio.append(filename) > > - > > -# SWUPDATE_IMAGES refers to images in the DEPLOY directory -# If they > > are not there, additional file can be added -# by fetching from URLs > > - deploydir = d.getVar('DEPLOY_DIR_IMAGE', True) > > - imgdeploydir = d.getVar('IMGDEPLOYDIR', True) > > - > > - for image in images: > > - fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, > True) or "").split() > > - if not fstypes: > > - fstypes = [""] > > - > > - for fstype in fstypes: > > - > > - appendmachine = > d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True) > > - if appendmachine == None: > > - imagebase = image + '-' + d.getVar('MACHINE', True) > > - else: > > - imagebase = image > > - > > - imagename = imagebase + fstype > > - src = os.path.join(deploydir, "%s" % imagename) > > - dst = os.path.join(s, "%s" % imagename) > > - shutil.copyfile(src, dst) > > - list_for_cpio.append(imagename) > > - > > - for file in list_for_cpio: > > - if file != 'sw-description' and swupdate_is_hash_needed(s, file): > > - hash = swupdate_get_sha256(s, file) > > - swupdate_write_sha256(s, file, hash) > > - > > - signing = d.getVar('SWUPDATE_SIGNING', True) > > - if signing == "1": > > - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to > "RSA". It is advised to set it to "RSA" if using RSA signing.') > > - signing = "RSA" > > - if signing: > > - if signing == "CUSTOM": > > - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) > > - if sign_tool: > > - ret = os.system(sign_tool) > > - if ret != 0: > > - bb.fatal("Failed to sign with %s" % (sign_tool)) > > - else: > > - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") > > - elif signing == "RSA": > > - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) > > - if not privkey: > > - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") > > - if not os.path.exists(privkey): > > - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % > (privkey)) > > - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) > > - if passout: > > - passout = "-passin file:'%s' " % (passout) > > - else: > > - passout = "" > > - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( > > - privkey, > > - passout, > > - os.path.join(s, 'sw-description.sig'), > > - os.path.join(s, 'sw-description')) > > - if os.system(signcmd) != 0: > > - bb.fatal("Failed to sign sw-description with %s" % (privkey)) > > - elif signing == "CMS": > > - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) > > - if not cms_cert: > > - bb.fatal("SWUPDATE_CMS_CERT is not set") > > - if not os.path.exists(cms_cert): > > - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) > > - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) > > - if not cms_key: > > - bb.fatal("SWUPDATE_CMS_KEY isn't set") > > - if not os.path.exists(cms_key): > > - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) > > - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' > -outform DER -nosmimecap -binary" % ( > > - os.path.join(s, 'sw-description'), > > - os.path.join(s, 'sw-description.sig'), > > - cms_cert, > > - cms_key) > > - if os.system(signcmd) != 0: > > - bb.fatal("Failed to sign sw-description with %s" % (privkey)) > > - else: > > - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); > > - > > - line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' > + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') > > - os.system("cd " + s + ";" + line) > > - > > - line = 'ln -sf ' + d.getVar('IMAGE_NAME', True) + '.swu ' + > d.getVar('IMAGE_LINK_NAME', True) + '.swu' > > - os.system("cd " + imgdeploydir + "; " + line) > > -} > > - > > COMPRESSIONTYPES = "" > > PACKAGE_ARCH = "${MACHINE_ARCH}" > > > > > > Best regards, > Stefano Babic > > -- > ============================================================= > ======== > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany > Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic@denx.de > ============================================================= > ========
diff --git a/classes/swupdate-base.bbclass b/classes/swupdate-base.bbclass new file mode 100644 index 0000000..d46375d --- /dev/null +++ b/classes/swupdate-base.bbclass @@ -0,0 +1,177 @@ +# Copyright (C) 2015 Stefano Babic <sbabic@denx.de> +# +# Some parts from the patch class +# +# swupdate allows to generate a compound image for the +# in the "swupdate" format, used for updating the targets +# in field. +# See also http://sbabic.github.io/swupdate/ +# +# +# To use, add swupdate to the inherit clause and set +# set the images (all of them must be found in deploy directory) +# that are part of the compound image. + +DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" +SWUPDATE_DIR ?= "${IMGDEPLOYDIR}" + +def swupdate_is_hash_needed(s, filename): + with open(os.path.join(s, "sw-description"), 'r') as f: + for line in f: + if line.find("@%s" % (filename)) != -1: + return True + return False + +def swupdate_get_sha256(s, filename): + import hashlib + + m = hashlib.sha256() + + with open(os.path.join(s, filename), 'rb') as f: + while True: + data = f.read(1024) + if not data: + break + m.update(data) + return m.hexdigest() + +def swupdate_write_sha256(s, filename, hash): + write_lines = [] + + with open(os.path.join(s, "sw-description"), 'r') as f: + for line in f: + write_lines.append(line.replace("@%s" % (filename), hash)) + + with open(os.path.join(s, "sw-description"), 'w+') as f: + for line in write_lines: + f.write(line) + +def swupdate_getdepends(d): + def adddep(depstr, deps): + for i in (depstr or "").split(): + if i not in deps: + deps.append(i) + + deps = [] + images = (d.getVar('IMAGE_DEPENDS', True) or "").split() + for image in images: + adddep(image , deps) + + depstr = "" + for dep in deps: + depstr += " " + dep + ":do_build" + return depstr + +python do_swuimage () { + import shutil + + workdir = d.getVar('WORKDIR', True) + images = (d.getVar('SWUPDATE_IMAGES', True) or "").split() + s = d.getVar('S', True) + shutil.copyfile(os.path.join(workdir, "sw-description"), os.path.join(s, "sw-description")) + fetch = bb.fetch2.Fetch([], d) + list_for_cpio = ["sw-description"] + + if d.getVar('SWUPDATE_SIGNING', True): + list_for_cpio.append('sw-description.sig') + + for url in fetch.urls: + local = fetch.localpath(url) + filename = os.path.basename(local) + if (filename != 'sw-description'): + shutil.copyfile(local, os.path.join(s, "%s" % filename )) + list_for_cpio.append(filename) + +# SWUPDATE_IMAGES refers to images in the DEPLOY directory +# If they are not there, additional file can be added +# by fetching from URLs + deploydir = d.getVar('DEPLOY_DIR_IMAGE', True) + imgdeploydir = d.getVar('IMGDEPLOYDIR', True) + swupdate_dir = d.getVar('SWUPDATE_DIR', True) + + for image in images: + fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, True) or "").split() + if not fstypes: + fstypes = [""] + + for fstype in fstypes: + + appendmachine = d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True) + if appendmachine == None: + imagebase = image + '-' + d.getVar('MACHINE', True) + else: + imagebase = image + + imagename = imagebase + fstype + src = os.path.join(imgdeploydir, "%s" % imagename) + if not os.path.exists(src): + src = os.path.join(deploydir, "%s" % imagename) + if not os.path.exists(src): + bb.fatal("File %s could not be found" % imagename) + dst = os.path.join(s, "%s" % imagename) + shutil.copyfile(src, dst) + list_for_cpio.append(imagename) + + for file in list_for_cpio: + if file != 'sw-description' and swupdate_is_hash_needed(s, file): + hash = swupdate_get_sha256(s, file) + swupdate_write_sha256(s, file, hash) + + signing = d.getVar('SWUPDATE_SIGNING', True) + if signing == "1": + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') + signing = "RSA" + if signing: + if signing == "CUSTOM": + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) + if sign_tool: + ret = os.system(sign_tool) + if ret != 0: + bb.fatal("Failed to sign with %s" % (sign_tool)) + else: + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") + elif signing == "RSA": + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) + if not privkey: + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") + if not os.path.exists(privkey): + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) + if passout: + passout = "-passin file:'%s' " % (passout) + else: + passout = "" + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( + privkey, + passout, + os.path.join(s, 'sw-description.sig'), + os.path.join(s, 'sw-description')) + if os.system(signcmd) != 0: + bb.fatal("Failed to sign sw-description with %s" % (privkey)) + elif signing == "CMS": + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) + if not cms_cert: + bb.fatal("SWUPDATE_CMS_CERT is not set") + if not os.path.exists(cms_cert): + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) + if not cms_key: + bb.fatal("SWUPDATE_CMS_KEY isn't set") + if not os.path.exists(cms_key): + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( + os.path.join(s, 'sw-description'), + os.path.join(s, 'sw-description.sig'), + cms_cert, + cms_key) + if os.system(signcmd) != 0: + bb.fatal("Failed to sign sw-description with %s" % (privkey)) + else: + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); + + line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(swupdate_dir,d.getVar('IMAGE_NAME', True) + '.swu') + os.system("cd " + s + ";" + line) + + line = 'ln -sf ' + d.getVar('IMAGE_NAME', True) + '.swu ' + d.getVar('IMAGE_LINK_NAME', True) + '.swu' + os.system("cd " + swupdate_dir + "; " + line) +} diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 02db631..6ad16d4 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -11,59 +11,12 @@ # To use, add swupdate to the inherit clause and set # set the images (all of them must be found in deploy directory) # that are part of the compound image. +inherit swupdate-base S = "${WORKDIR}/${PN}" -DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" IMAGE_DEPENDS ?= "" -def swupdate_is_hash_needed(s, filename): - with open(os.path.join(s, "sw-description"), 'r') as f: - for line in f: - if line.find("@%s" % (filename)) != -1: - return True - return False - -def swupdate_get_sha256(s, filename): - import hashlib - - m = hashlib.sha256() - - with open(os.path.join(s, filename), 'rb') as f: - while True: - data = f.read(1024) - if not data: - break - m.update(data) - return m.hexdigest() - -def swupdate_write_sha256(s, filename, hash): - write_lines = [] - - with open(os.path.join(s, "sw-description"), 'r') as f: - for line in f: - write_lines.append(line.replace("@%s" % (filename), hash)) - - with open(os.path.join(s, "sw-description"), 'w+') as f: - for line in write_lines: - f.write(line) - -def swupdate_getdepends(d): - def adddep(depstr, deps): - for i in (depstr or "").split(): - if i not in deps: - deps.append(i) - - deps = [] - images = (d.getVar('IMAGE_DEPENDS', True) or "").split() - for image in images: - adddep(image , deps) - - depstr = "" - for dep in deps: - depstr += " " + dep + ":do_build" - return depstr - IMGDEPLOYDIR = "${WORKDIR}/deploy-${PN}-swuimage" do_swuimage[dirs] = "${TOPDIR}" @@ -91,115 +44,6 @@ python () { d.appendVarFlag('do_swuimage', 'depends', deps) } -python do_swuimage () { - import shutil - - workdir = d.getVar('WORKDIR', True) - images = (d.getVar('SWUPDATE_IMAGES', True) or "").split() - s = d.getVar('S', True) - shutil.copyfile(os.path.join(workdir, "sw-description"), os.path.join(s, "sw-description")) - fetch = bb.fetch2.Fetch([], d) - list_for_cpio = ["sw-description"] - - if d.getVar('SWUPDATE_SIGNING', True): - list_for_cpio.append('sw-description.sig') - - for url in fetch.urls: - local = fetch.localpath(url) - filename = os.path.basename(local) - if (filename != 'sw-description'): - shutil.copyfile(local, os.path.join(s, "%s" % filename )) - list_for_cpio.append(filename) - -# SWUPDATE_IMAGES refers to images in the DEPLOY directory -# If they are not there, additional file can be added -# by fetching from URLs - deploydir = d.getVar('DEPLOY_DIR_IMAGE', True) - imgdeploydir = d.getVar('IMGDEPLOYDIR', True) - - for image in images: - fstypes = (d.getVarFlag("SWUPDATE_IMAGES_FSTYPES", image, True) or "").split() - if not fstypes: - fstypes = [""] - - for fstype in fstypes: - - appendmachine = d.getVarFlag("SWUPDATE_IMAGES_NOAPPEND_MACHINE", image, True) - if appendmachine == None: - imagebase = image + '-' + d.getVar('MACHINE', True) - else: - imagebase = image - - imagename = imagebase + fstype - src = os.path.join(deploydir, "%s" % imagename) - dst = os.path.join(s, "%s" % imagename) - shutil.copyfile(src, dst) - list_for_cpio.append(imagename) - - for file in list_for_cpio: - if file != 'sw-description' and swupdate_is_hash_needed(s, file): - hash = swupdate_get_sha256(s, file) - swupdate_write_sha256(s, file, hash) - - signing = d.getVar('SWUPDATE_SIGNING', True) - if signing == "1": - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') - signing = "RSA" - if signing: - if signing == "CUSTOM": - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) - if sign_tool: - ret = os.system(sign_tool) - if ret != 0: - bb.fatal("Failed to sign with %s" % (sign_tool)) - else: - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") - elif signing == "RSA": - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) - if not privkey: - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") - if not os.path.exists(privkey): - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) - if passout: - passout = "-passin file:'%s' " % (passout) - else: - passout = "" - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( - privkey, - passout, - os.path.join(s, 'sw-description.sig'), - os.path.join(s, 'sw-description')) - if os.system(signcmd) != 0: - bb.fatal("Failed to sign sw-description with %s" % (privkey)) - elif signing == "CMS": - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) - if not cms_cert: - bb.fatal("SWUPDATE_CMS_CERT is not set") - if not os.path.exists(cms_cert): - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) - if not cms_key: - bb.fatal("SWUPDATE_CMS_KEY isn't set") - if not os.path.exists(cms_key): - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( - os.path.join(s, 'sw-description'), - os.path.join(s, 'sw-description.sig'), - cms_cert, - cms_key) - if os.system(signcmd) != 0: - bb.fatal("Failed to sign sw-description with %s" % (privkey)) - else: - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); - - line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') - os.system("cd " + s + ";" + line) - - line = 'ln -sf ' + d.getVar('IMAGE_NAME', True) + '.swu ' + d.getVar('IMAGE_LINK_NAME', True) + '.swu' - os.system("cd " + imgdeploydir + "; " + line) -} - COMPRESSIONTYPES = "" PACKAGE_ARCH = "${MACHINE_ARCH}"
The base class can be used in images directly instead of a separate update image. This is useful when only files from one image are used anyway. Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com> --- classes/swupdate-base.bbclass | 177 ++++++++++++++++++++++++++++++++++++++++++ classes/swupdate.bbclass | 158 +------------------------------------ 2 files changed, 178 insertions(+), 157 deletions(-) create mode 100644 classes/swupdate-base.bbclass