| Message ID | 20210907132240.2987302-6-adrian.freihofer@siemens.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | swupdate-common: get do_swuimage vardeps | expand |
Hi Adrian, On 07.09.21 15:22, Adrian Freihofer wrote: > Introduce a new variable SWUPDATE_ENCRYPT_SWU. If this is overriden by > the image to true, all artifacts packed into the swu file are encrypted. > > It's more convenient to set a variable instead of the dealing with the > VarFlags. > --- > classes/swupdate-image.bbclass | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/classes/swupdate-image.bbclass b/classes/swupdate-image.bbclass > index 2b00727..3ff6539 100644 > --- a/classes/swupdate-image.bbclass > +++ b/classes/swupdate-image.bbclass > @@ -16,12 +16,24 @@ IMAGE_FSTYPE_SWU ??= "ext4" > # gets deleted before do_swuimage task runs > IMAGE_FSTYPES_append = " ${IMAGE_FSTYPE_SWU}" > > +# Convenience variable to encrypt all artifacts in the swu file > +# These variable might be used in the sw-description template like > +# encrypted = @@SWUPDATE_ENCRYPT_SWU@@; (to all artifacts) > +SWUPDATE_ENCRYPT_SWU ??= "false" > But mixing encrypted and unencrypted artifacts is quite a rule. For example, rootfs can be already been encrypted using LUKS, and the resulting filesystem goes into a container. It must not be encrypted again, while other artifacts (scripts, etc) should be encrypted. The master here is really sw-description: to add an automatismus for encryption, the "encrypted" field should be extracted and applied to each artifact instead of having just a flag for all or none. > python() { > # Define the image type which should be included into the swu file > image = d.getVar('IMAGE_LINK_NAME') > image_type = d.getVar('IMAGE_FSTYPE_SWU') > d.setVarFlag('SWUPDATE_IMAGES_FSTYPES', image, '.' + image_type) > + > + # Optionally encrypt all artifacts included in the swu file > + encrypt_bool = d.getVar('SWUPDATE_ENCRYPT_SWU') > + if encrypt_bool == 'true': > + artifacts = d.getVar('SWUPDATE_IMAGES').split() > + for artifact in artifacts: > + bb.warn("Encrypting artifact: %s" % artifact) > + d.setVarFlag('SWUPDATE_IMAGES_ENCRYPTED', artifact, '1') > } > > inherit swupdate-common.bbclass > Best regards, Stefano
diff --git a/classes/swupdate-image.bbclass b/classes/swupdate-image.bbclass index 2b00727..3ff6539 100644 --- a/classes/swupdate-image.bbclass +++ b/classes/swupdate-image.bbclass @@ -16,12 +16,24 @@ IMAGE_FSTYPE_SWU ??= "ext4" # gets deleted before do_swuimage task runs IMAGE_FSTYPES_append = " ${IMAGE_FSTYPE_SWU}" +# Convenience variable to encrypt all artifacts in the swu file +# These variable might be used in the sw-description template like +# encrypted = @@SWUPDATE_ENCRYPT_SWU@@; (to all artifacts) +SWUPDATE_ENCRYPT_SWU ??= "false" python() { # Define the image type which should be included into the swu file image = d.getVar('IMAGE_LINK_NAME') image_type = d.getVar('IMAGE_FSTYPE_SWU') d.setVarFlag('SWUPDATE_IMAGES_FSTYPES', image, '.' + image_type) + + # Optionally encrypt all artifacts included in the swu file + encrypt_bool = d.getVar('SWUPDATE_ENCRYPT_SWU') + if encrypt_bool == 'true': + artifacts = d.getVar('SWUPDATE_IMAGES').split() + for artifact in artifacts: + bb.warn("Encrypting artifact: %s" % artifact) + d.setVarFlag('SWUPDATE_IMAGES_ENCRYPTED', artifact, '1') } inherit swupdate-common.bbclass