[isar-cip-core][PATCH 1/6] swupdate: Use cpio from buildchroot


Jan Kiszka
 

From: Jan Kiszka <jan.kiszka@...>

The cpio tool is not an essential dependency of Isar, so we cannot use
it from the host environment. This only worked so far with the kas
container by chance but will change with its next release.

Signed-off-by: Jan Kiszka <jan.kiszka@...>
---
classes/swupdate.bbclass | 53 ++++++++++++++++++++--------------------
1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index c3fc303..46d2a36 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -16,6 +16,9 @@ SWU_SIGNED ?= ""
SWU_SIGNATURE_EXT ?= "sig"
SWU_SIGNATURE_TYPE ?= "rsa"

+BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
+
+IMAGER_INSTALL += "cpio"
IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"

do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
@@ -46,16 +49,17 @@ do_swupdate_binary() {
# Create symlinks for files used in the update image
for file in ${SWU_ADDITIONAL_FILES}; do
if [ -e "${WORKDIR}/$file" ]; then
- ln -s "${WORKDIR}/$file" "${WORKDIR}/swu/$file"
+ ln -s "${PP_WORK}/$file" "${WORKDIR}/swu/$file"
else
- ln -s "${DEPLOY_DIR_IMAGE}/$file" "${WORKDIR}/swu/$file"
+ ln -s "${PP_DEPLOY}/$file" "${WORKDIR}/swu/$file"
fi
done

+ image_do_mounts
+
# Prepare for signing
sign='${@'x' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}'
if [ -n "$sign" ]; then
- image_do_mounts
cp -f '${SIGN_KEY}' '${WORKDIR}/dev.key'
test -e '${SIGN_CRT}' && cp -f '${SIGN_CRT}' '${WORKDIR}/dev.crt'
fi
@@ -66,29 +70,26 @@ do_swupdate_binary() {
'${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
done

- cd "${WORKDIR}/swu"
- for file in '${SWU_DESCRIPTION_FILE}' ${SWU_ADDITIONAL_FILES}; do
- echo "$file"
- if [ -n "$sign" -a \
- '${SWU_DESCRIPTION_FILE}' = "$file" ]; then
- if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then
- sudo chroot ${BUILDCHROOT_DIR} /usr/bin/openssl dgst \
- -sha256 -sign '${PP_WORK}/dev.key' \
- '${PP_WORK}/swu/'"$file" \
- > '${WORKDIR}/swu/'"$file".'${SWU_SIGNATURE_EXT}'
- elif [ "${SWU_SIGNATURE_TYPE}" = "cms" ]; then
- sudo chroot ${BUILDCHROOT_DIR} /usr/bin/openssl cms \
- -sign -in '${PP_WORK}/swu/'"$file" \
- -out '${WORKDIR}/swu/'"$file".'${SWU_SIGNATURE_EXT}' \
- -signer '${PP_WORK}/dev.crt' \
- -inkey '${PP_WORK}/dev.key' \
- -outform DER -nosmimecap -binary
- fi
- echo "$file".'${SWU_SIGNATURE_EXT}'
- fi
- done | cpio -ovL -H crc \
- > '${SWU_IMAGE_FILE}'
- cd -
+ sudo -E chroot ${BUILDCHROOT_DIR} sh -c ' \
+ cd "${PP_WORK}/swu"
+ for file in "${SWU_DESCRIPTION_FILE}" ${SWU_ADDITIONAL_FILES}; do
+ echo "$file"
+ if [ -n "$sign" -a "${SWU_DESCRIPTION_FILE}" = "$file" ]; then
+ if [ "${SWU_SIGNATURE_TYPE}" = "rsa" ]; then
+ openssl dgst \
+ -sha256 -sign "${PP_WORK}/dev.key" "$file" \
+ > "$file.${SWU_SIGNATURE_EXT}"
+ elif [ "${SWU_SIGNATURE_TYPE}" = "cms" ]; then
+ openssl cms \
+ -sign -in "$file" \
+ -out "$file"."${SWU_SIGNATURE_EXT}" \
+ -signer "${PP_WORK}/dev.crt" \
+ -inkey "${PP_WORK}/dev.key" \
+ -outform DER -nosmimecap -binary
+ fi
+ echo "$file.${SWU_SIGNATURE_EXT}"
+ fi
+ done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
}

addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
--
2.35.3