build: store sha256_unsigned in JSON

Introduce `sha256_unsigned` which is a checksum of the image _before_ a signature is attached. This is helpful to compare image reproducibility. Since the `.sha256sum` file is located in the $(KDIR) folder, switch $(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR) itself is not stored inside the resulting JSON file, so it can be replaced. Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-28 03:29:09 +01:00
parent 5e34b316c5
commit 8822a8d850
3 changed files with 16 additions and 7 deletions
--- a/scripts/json_add_image_info.py
+++ b/scripts/json_add_image_info.py
@@ -11,8 +11,8 @@ if len(argv) != 2:
    exit(1)

 json_path = Path(argv[1])
-bin_dir = Path(getenv("BIN_DIR"))
-file_path = bin_dir / getenv("FILE_NAME")
+file_path = Path(getenv("FILE_DIR")) / getenv("FILE_NAME")
+

 if not file_path.is_file():
    print("Skip JSON creation for non existing file", file_path)
@@ -37,7 +37,14 @@ def get_titles():


 device_id = getenv("DEVICE_ID")
-file_hash = hashlib.sha256(file_path.read_bytes()).hexdigest()
+hash_file = hashlib.sha256(file_path.read_bytes()).hexdigest()
+
+if file_path.with_suffix(file_path.suffix + ".sha256sum").exists():
+    hash_unsigned = (
+        file_path.with_suffix(file_path.suffix + ".sha256sum").read_text().strip()
+    )
+else:
+    hash_unsigned = hash_file

 file_info = {
    "metadata_version": 1,
@@ -52,7 +59,8 @@ file_info = {
                {
                    "type": getenv("FILE_TYPE"),
                    "name": getenv("FILE_NAME"),
-                    "sha256": file_hash,
+                    "sha256": hash_file,
+                    "sha256_unsigned": hash_unsigned,
                }
            ],
            "device_packages": getenv("DEVICE_PACKAGES").split(),