[PATCH] swupdate: Fix swu signing


Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

Was broken by fa31a98f0d18: Export 'sign' which is also needed inside
the sudo env and move checksum injection into the chroot so that the
${WORKDIR}/swu/* links work as they should.

Reported by: Rafal Radziejewski <rafal.radziejewski.ext@...>
Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
classes/swupdate.bbclass | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 46d2a36..451239e 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -58,19 +58,18 @@ do_swupdate_binary() {
image_do_mounts

# Prepare for signing
- sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}'
+ export sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}'
if [ -n "$sign" ]; then
cp -f '${SIGN_KEY}' '${WORKDIR}/dev.key'
test -e '${SIGN_CRT}' && cp -f '${SIGN_CRT}' '${WORKDIR}/dev.crt'
fi

- # Fill in file check sums
- for file in ${SWU_ADDITIONAL_FILES}; do
- sed -i "s:$file-sha256:$(sha256sum '${WORKDIR}/swu/'$file | cut -f 1 -d ' '):g" \
- '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
- done
-
sudo -E chroot ${BUILDCHROOT_DIR} sh -c ' \
+ # Fill in file check sums
+ for file in ${SWU_ADDITIONAL_FILES}; do
+ sed -i "s:$file-sha256:$(sha256sum "${PP_WORK}/swu/"$file | cut -f 1 -d " "):g" \
+ "${PP_WORK}/swu/${SWU_DESCRIPTION_FILE}"
+ done
cd "${PP_WORK}/swu"
for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do
echo "$file"
--
2.35.3

Join cip-dev@lists.cip-project.org to automatically receive all group messages.