| Message ID | 20180517093710.4155-1-raphael.freudiger@siemens.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [meta-swupdate,v2,1/2] swupdate_class: split out common python functionality | expand |
On 17/05/2018 11:37, Raphael Freudiger wrote: > This is a preparation step to be able to use it as an fstype. > > Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com> > --- > classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++ > classes/swupdate.bbclass | 89 +---------------------------------------- > 2 files changed, 91 insertions(+), 87 deletions(-) > create mode 100644 classes/swupdate-common.bbclass > > diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass > new file mode 100644 > index 0000000..f53c55f > --- /dev/null > +++ b/classes/swupdate-common.bbclass > @@ -0,0 +1,89 @@ > +def swupdate_is_hash_needed(s, filename): > + with open(os.path.join(s, "sw-description"), 'r') as f: > + for line in f: > + if line.find("@%s" % (filename)) != -1: > + return True > + return False > + > +def swupdate_get_sha256(s, filename): > + import hashlib > + > + m = hashlib.sha256() > + > + with open(os.path.join(s, filename), 'rb') as f: > + while True: > + data = f.read(1024) > + if not data: > + break > + m.update(data) > + return m.hexdigest() > + > +def swupdate_write_sha256(s, filename, hash): > + write_lines = [] > + > + with open(os.path.join(s, "sw-description"), 'r') as f: > + for line in f: > + write_lines.append(line.replace("@%s" % (filename), hash)) > + > + with open(os.path.join(s, "sw-description"), 'w+') as f: > + for line in write_lines: > + f.write(line) > + > +def prepare_sw_description(d, list_for_cpio): > + > + for file in list_for_cpio: > + if file != 'sw-description' and swupdate_is_hash_needed(s, file): > + hash = swupdate_get_sha256(s, file) > + swupdate_write_sha256(s, file, hash) > + > + signing = d.getVar('SWUPDATE_SIGNING', True) > + if signing == "1": > + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') > + signing = "RSA" > + if signing: > + if signing == "CUSTOM": > + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) > + if sign_tool: > + ret = os.system(sign_tool) > + if ret != 0: > + bb.fatal("Failed to sign with %s" % (sign_tool)) > + else: > + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") > + elif signing == "RSA": > + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) > + if not privkey: > + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") > + if not os.path.exists(privkey): > + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) > + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) > + if passout: > + passout = "-passin file:'%s' " % (passout) > + else: > + passout = "" > + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( > + privkey, > + passout, > + os.path.join(s, 'sw-description.sig'), > + os.path.join(s, 'sw-description')) > + if os.system(signcmd) != 0: > + bb.fatal("Failed to sign sw-description with %s" % (privkey)) > + elif signing == "CMS": > + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) > + if not cms_cert: > + bb.fatal("SWUPDATE_CMS_CERT is not set") > + if not os.path.exists(cms_cert): > + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) > + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) > + if not cms_key: > + bb.fatal("SWUPDATE_CMS_KEY isn't set") > + if not os.path.exists(cms_key): > + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) > + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( > + os.path.join(s, 'sw-description'), > + os.path.join(s, 'sw-description.sig'), > + cms_cert, > + cms_key) > + if os.system(signcmd) != 0: > + bb.fatal("Failed to sign sw-description with %s" % (privkey)) > + else: > + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass > index 02db631..e24b387 100644 > --- a/classes/swupdate.bbclass > +++ b/classes/swupdate.bbclass > @@ -11,43 +11,13 @@ > # To use, add swupdate to the inherit clause and set > # set the images (all of them must be found in deploy directory) > # that are part of the compound image. > +inherit swupdate-common.bbclass > > S = "${WORKDIR}/${PN}" > > DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" > IMAGE_DEPENDS ?= "" > > -def swupdate_is_hash_needed(s, filename): > - with open(os.path.join(s, "sw-description"), 'r') as f: > - for line in f: > - if line.find("@%s" % (filename)) != -1: > - return True > - return False > - > -def swupdate_get_sha256(s, filename): > - import hashlib > - > - m = hashlib.sha256() > - > - with open(os.path.join(s, filename), 'rb') as f: > - while True: > - data = f.read(1024) > - if not data: > - break > - m.update(data) > - return m.hexdigest() > - > -def swupdate_write_sha256(s, filename, hash): > - write_lines = [] > - > - with open(os.path.join(s, "sw-description"), 'r') as f: > - for line in f: > - write_lines.append(line.replace("@%s" % (filename), hash)) > - > - with open(os.path.join(s, "sw-description"), 'w+') as f: > - for line in write_lines: > - f.write(line) > - > def swupdate_getdepends(d): > def adddep(depstr, deps): > for i in (depstr or "").split(): > @@ -136,62 +106,7 @@ python do_swuimage () { > shutil.copyfile(src, dst) > list_for_cpio.append(imagename) > > - for file in list_for_cpio: > - if file != 'sw-description' and swupdate_is_hash_needed(s, file): > - hash = swupdate_get_sha256(s, file) > - swupdate_write_sha256(s, file, hash) > - > - signing = d.getVar('SWUPDATE_SIGNING', True) > - if signing == "1": > - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') > - signing = "RSA" > - if signing: > - if signing == "CUSTOM": > - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) > - if sign_tool: > - ret = os.system(sign_tool) > - if ret != 0: > - bb.fatal("Failed to sign with %s" % (sign_tool)) > - else: > - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") > - elif signing == "RSA": > - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) > - if not privkey: > - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") > - if not os.path.exists(privkey): > - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) > - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) > - if passout: > - passout = "-passin file:'%s' " % (passout) > - else: > - passout = "" > - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( > - privkey, > - passout, > - os.path.join(s, 'sw-description.sig'), > - os.path.join(s, 'sw-description')) > - if os.system(signcmd) != 0: > - bb.fatal("Failed to sign sw-description with %s" % (privkey)) > - elif signing == "CMS": > - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) > - if not cms_cert: > - bb.fatal("SWUPDATE_CMS_CERT is not set") > - if not os.path.exists(cms_cert): > - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) > - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) > - if not cms_key: > - bb.fatal("SWUPDATE_CMS_KEY isn't set") > - if not os.path.exists(cms_key): > - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) > - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( > - os.path.join(s, 'sw-description'), > - os.path.join(s, 'sw-description.sig'), > - cms_cert, > - cms_key) > - if os.system(signcmd) != 0: > - bb.fatal("Failed to sign sw-description with %s" % (privkey)) > - else: > - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); > + prepare_sw_description(d, list_for_cpio) > > line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') > os.system("cd " + s + ";" + line) > Applied to -master and -sumo, thanks ! Best regards, Stefano Babic
On 04/06/2018 09:26, Stefano Babic wrote: > On 17/05/2018 11:37, Raphael Freudiger wrote: >> This is a preparation step to be able to use it as an fstype. >> >> Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com> >> --- >> classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++ >> classes/swupdate.bbclass | 89 +---------------------------------------- >> 2 files changed, 91 insertions(+), 87 deletions(-) >> create mode 100644 classes/swupdate-common.bbclass >> >> diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass >> new file mode 100644 >> index 0000000..f53c55f >> --- /dev/null >> +++ b/classes/swupdate-common.bbclass >> @@ -0,0 +1,89 @@ >> +def swupdate_is_hash_needed(s, filename): >> + with open(os.path.join(s, "sw-description"), 'r') as f: >> + for line in f: >> + if line.find("@%s" % (filename)) != -1: >> + return True >> + return False >> + >> +def swupdate_get_sha256(s, filename): >> + import hashlib >> + >> + m = hashlib.sha256() >> + >> + with open(os.path.join(s, filename), 'rb') as f: >> + while True: >> + data = f.read(1024) >> + if not data: >> + break >> + m.update(data) >> + return m.hexdigest() >> + >> +def swupdate_write_sha256(s, filename, hash): >> + write_lines = [] >> + >> + with open(os.path.join(s, "sw-description"), 'r') as f: >> + for line in f: >> + write_lines.append(line.replace("@%s" % (filename), hash)) >> + >> + with open(os.path.join(s, "sw-description"), 'w+') as f: >> + for line in write_lines: >> + f.write(line) >> + >> +def prepare_sw_description(d, list_for_cpio): >> + >> + for file in list_for_cpio: >> + if file != 'sw-description' and swupdate_is_hash_needed(s, file): >> + hash = swupdate_get_sha256(s, file) >> + swupdate_write_sha256(s, file, hash) >> + >> + signing = d.getVar('SWUPDATE_SIGNING', True) >> + if signing == "1": >> + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') >> + signing = "RSA" >> + if signing: >> + if signing == "CUSTOM": >> + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) >> + if sign_tool: >> + ret = os.system(sign_tool) >> + if ret != 0: >> + bb.fatal("Failed to sign with %s" % (sign_tool)) >> + else: >> + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") >> + elif signing == "RSA": >> + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) >> + if not privkey: >> + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") >> + if not os.path.exists(privkey): >> + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) >> + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) >> + if passout: >> + passout = "-passin file:'%s' " % (passout) >> + else: >> + passout = "" >> + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( >> + privkey, >> + passout, >> + os.path.join(s, 'sw-description.sig'), >> + os.path.join(s, 'sw-description')) >> + if os.system(signcmd) != 0: >> + bb.fatal("Failed to sign sw-description with %s" % (privkey)) >> + elif signing == "CMS": >> + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) >> + if not cms_cert: >> + bb.fatal("SWUPDATE_CMS_CERT is not set") >> + if not os.path.exists(cms_cert): >> + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) >> + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) >> + if not cms_key: >> + bb.fatal("SWUPDATE_CMS_KEY isn't set") >> + if not os.path.exists(cms_key): >> + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) >> + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( >> + os.path.join(s, 'sw-description'), >> + os.path.join(s, 'sw-description.sig'), >> + cms_cert, >> + cms_key) >> + if os.system(signcmd) != 0: >> + bb.fatal("Failed to sign sw-description with %s" % (privkey)) >> + else: >> + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); >> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass >> index 02db631..e24b387 100644 >> --- a/classes/swupdate.bbclass >> +++ b/classes/swupdate.bbclass >> @@ -11,43 +11,13 @@ >> # To use, add swupdate to the inherit clause and set >> # set the images (all of them must be found in deploy directory) >> # that are part of the compound image. >> +inherit swupdate-common.bbclass >> >> S = "${WORKDIR}/${PN}" >> >> DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" >> IMAGE_DEPENDS ?= "" >> >> -def swupdate_is_hash_needed(s, filename): >> - with open(os.path.join(s, "sw-description"), 'r') as f: >> - for line in f: >> - if line.find("@%s" % (filename)) != -1: >> - return True >> - return False >> - >> -def swupdate_get_sha256(s, filename): >> - import hashlib >> - >> - m = hashlib.sha256() >> - >> - with open(os.path.join(s, filename), 'rb') as f: >> - while True: >> - data = f.read(1024) >> - if not data: >> - break >> - m.update(data) >> - return m.hexdigest() >> - >> -def swupdate_write_sha256(s, filename, hash): >> - write_lines = [] >> - >> - with open(os.path.join(s, "sw-description"), 'r') as f: >> - for line in f: >> - write_lines.append(line.replace("@%s" % (filename), hash)) >> - >> - with open(os.path.join(s, "sw-description"), 'w+') as f: >> - for line in write_lines: >> - f.write(line) >> - >> def swupdate_getdepends(d): >> def adddep(depstr, deps): >> for i in (depstr or "").split(): >> @@ -136,62 +106,7 @@ python do_swuimage () { >> shutil.copyfile(src, dst) >> list_for_cpio.append(imagename) >> >> - for file in list_for_cpio: >> - if file != 'sw-description' and swupdate_is_hash_needed(s, file): >> - hash = swupdate_get_sha256(s, file) >> - swupdate_write_sha256(s, file, hash) >> - >> - signing = d.getVar('SWUPDATE_SIGNING', True) >> - if signing == "1": >> - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') >> - signing = "RSA" >> - if signing: >> - if signing == "CUSTOM": >> - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) >> - if sign_tool: >> - ret = os.system(sign_tool) >> - if ret != 0: >> - bb.fatal("Failed to sign with %s" % (sign_tool)) >> - else: >> - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") >> - elif signing == "RSA": >> - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) >> - if not privkey: >> - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") >> - if not os.path.exists(privkey): >> - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) >> - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) >> - if passout: >> - passout = "-passin file:'%s' " % (passout) >> - else: >> - passout = "" >> - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( >> - privkey, >> - passout, >> - os.path.join(s, 'sw-description.sig'), >> - os.path.join(s, 'sw-description')) >> - if os.system(signcmd) != 0: >> - bb.fatal("Failed to sign sw-description with %s" % (privkey)) >> - elif signing == "CMS": >> - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) >> - if not cms_cert: >> - bb.fatal("SWUPDATE_CMS_CERT is not set") >> - if not os.path.exists(cms_cert): >> - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) >> - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) >> - if not cms_key: >> - bb.fatal("SWUPDATE_CMS_KEY isn't set") >> - if not os.path.exists(cms_key): >> - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) >> - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( >> - os.path.join(s, 'sw-description'), >> - os.path.join(s, 'sw-description.sig'), >> - cms_cert, >> - cms_key) >> - if os.system(signcmd) != 0: >> - bb.fatal("Failed to sign sw-description with %s" % (privkey)) >> - else: >> - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); >> + prepare_sw_description(d, list_for_cpio) >> >> line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') >> os.system("cd " + s + ";" + line) >> > > Applied to -master and -sumo, thanks ! Wrong...there are regression issues. With the patch applied, the sha is not set correctly. Can you take a look and fix this ? Best regards, Stefano Babic
diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass new file mode 100644 index 0000000..f53c55f --- /dev/null +++ b/classes/swupdate-common.bbclass @@ -0,0 +1,89 @@ +def swupdate_is_hash_needed(s, filename): + with open(os.path.join(s, "sw-description"), 'r') as f: + for line in f: + if line.find("@%s" % (filename)) != -1: + return True + return False + +def swupdate_get_sha256(s, filename): + import hashlib + + m = hashlib.sha256() + + with open(os.path.join(s, filename), 'rb') as f: + while True: + data = f.read(1024) + if not data: + break + m.update(data) + return m.hexdigest() + +def swupdate_write_sha256(s, filename, hash): + write_lines = [] + + with open(os.path.join(s, "sw-description"), 'r') as f: + for line in f: + write_lines.append(line.replace("@%s" % (filename), hash)) + + with open(os.path.join(s, "sw-description"), 'w+') as f: + for line in write_lines: + f.write(line) + +def prepare_sw_description(d, list_for_cpio): + + for file in list_for_cpio: + if file != 'sw-description' and swupdate_is_hash_needed(s, file): + hash = swupdate_get_sha256(s, file) + swupdate_write_sha256(s, file, hash) + + signing = d.getVar('SWUPDATE_SIGNING', True) + if signing == "1": + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') + signing = "RSA" + if signing: + if signing == "CUSTOM": + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) + if sign_tool: + ret = os.system(sign_tool) + if ret != 0: + bb.fatal("Failed to sign with %s" % (sign_tool)) + else: + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") + elif signing == "RSA": + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) + if not privkey: + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") + if not os.path.exists(privkey): + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) + if passout: + passout = "-passin file:'%s' " % (passout) + else: + passout = "" + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( + privkey, + passout, + os.path.join(s, 'sw-description.sig'), + os.path.join(s, 'sw-description')) + if os.system(signcmd) != 0: + bb.fatal("Failed to sign sw-description with %s" % (privkey)) + elif signing == "CMS": + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) + if not cms_cert: + bb.fatal("SWUPDATE_CMS_CERT is not set") + if not os.path.exists(cms_cert): + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) + if not cms_key: + bb.fatal("SWUPDATE_CMS_KEY isn't set") + if not os.path.exists(cms_key): + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( + os.path.join(s, 'sw-description'), + os.path.join(s, 'sw-description.sig'), + cms_cert, + cms_key) + if os.system(signcmd) != 0: + bb.fatal("Failed to sign sw-description with %s" % (privkey)) + else: + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 02db631..e24b387 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -11,43 +11,13 @@ # To use, add swupdate to the inherit clause and set # set the images (all of them must be found in deploy directory) # that are part of the compound image. +inherit swupdate-common.bbclass S = "${WORKDIR}/${PN}" DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" IMAGE_DEPENDS ?= "" -def swupdate_is_hash_needed(s, filename): - with open(os.path.join(s, "sw-description"), 'r') as f: - for line in f: - if line.find("@%s" % (filename)) != -1: - return True - return False - -def swupdate_get_sha256(s, filename): - import hashlib - - m = hashlib.sha256() - - with open(os.path.join(s, filename), 'rb') as f: - while True: - data = f.read(1024) - if not data: - break - m.update(data) - return m.hexdigest() - -def swupdate_write_sha256(s, filename, hash): - write_lines = [] - - with open(os.path.join(s, "sw-description"), 'r') as f: - for line in f: - write_lines.append(line.replace("@%s" % (filename), hash)) - - with open(os.path.join(s, "sw-description"), 'w+') as f: - for line in write_lines: - f.write(line) - def swupdate_getdepends(d): def adddep(depstr, deps): for i in (depstr or "").split(): @@ -136,62 +106,7 @@ python do_swuimage () { shutil.copyfile(src, dst) list_for_cpio.append(imagename) - for file in list_for_cpio: - if file != 'sw-description' and swupdate_is_hash_needed(s, file): - hash = swupdate_get_sha256(s, file) - swupdate_write_sha256(s, file, hash) - - signing = d.getVar('SWUPDATE_SIGNING', True) - if signing == "1": - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') - signing = "RSA" - if signing: - if signing == "CUSTOM": - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) - if sign_tool: - ret = os.system(sign_tool) - if ret != 0: - bb.fatal("Failed to sign with %s" % (sign_tool)) - else: - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") - elif signing == "RSA": - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) - if not privkey: - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") - if not os.path.exists(privkey): - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) - if passout: - passout = "-passin file:'%s' " % (passout) - else: - passout = "" - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( - privkey, - passout, - os.path.join(s, 'sw-description.sig'), - os.path.join(s, 'sw-description')) - if os.system(signcmd) != 0: - bb.fatal("Failed to sign sw-description with %s" % (privkey)) - elif signing == "CMS": - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) - if not cms_cert: - bb.fatal("SWUPDATE_CMS_CERT is not set") - if not os.path.exists(cms_cert): - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) - if not cms_key: - bb.fatal("SWUPDATE_CMS_KEY isn't set") - if not os.path.exists(cms_key): - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( - os.path.join(s, 'sw-description'), - os.path.join(s, 'sw-description.sig'), - cms_cert, - cms_key) - if os.system(signcmd) != 0: - bb.fatal("Failed to sign sw-description with %s" % (privkey)) - else: - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); + prepare_sw_description(d, list_for_cpio) line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') os.system("cd " + s + ";" + line)
This is a preparation step to be able to use it as an fstype. Signed-off-by: Raphael Freudiger <raphael.freudiger@siemens.com> --- classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++ classes/swupdate.bbclass | 89 +---------------------------------------- 2 files changed, 91 insertions(+), 87 deletions(-) create mode 100644 classes/swupdate-common.bbclass