domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

image: strip metadata from images when used in other artifacts

Browse Source 
Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle
2022-04-15 13:25:41 +01:00
parent 8084ec8061
commit 7a256d97d9
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
include/image-commands.mk
View File

@@ -37,7 +37,11 @@ define Build/package-kernel-ubifs
endef endef
define Build/append-image define Build/append-image
dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@ cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
fwtool -s /dev/null -t "$@.stripmeta" || :
fwtool -i /dev/null -t "$@.stripmeta" || :
dd if="$@.stripmeta" >> "$@"
rm "$@.stripmeta"
endef endef
ifdef IB ifdef IB
@@ -46,8 +50,12 @@ define Build/append-image-stage
endef endef
else else
define Build/append-image-stage define Build/append-image-stage
dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1) cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@ fwtool -s /dev/null -t "$@.stripmeta" || :
fwtool -i /dev/null -t "$@.stripmeta" || :
dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
dd if="$@.stripmeta" >> "$@"
rm "$@.stripmeta"
endef endef
endif endif