domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: store sha256_unsigned in JSON

Browse Source 
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.

Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 8822a8d850)
This commit is contained in:
Paul Spooren
2022-03-28 03:29:09 +01:00
committed by Daniel Golle
parent ca83af21cc
commit a5cf20d197
3 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/image-commands.mk
View File

@@ -81,6 +81,7 @@ metadata_json = \
define Build/append-metadata
$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@)
sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum"
[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\