|
|
@@ -1,5 +1,5 @@
|
|
|
# Copyright (C) 2015 Stefano Babic <sbabic@denx.de>
|
|
|
-#
|
|
|
+#
|
|
|
# Some parts from the patch class
|
|
|
#
|
|
|
# swupdate allows to generate a compound image for the
|
|
|
@@ -14,7 +14,7 @@
|
|
|
|
|
|
S = "${WORKDIR}/${PN}"
|
|
|
|
|
|
-DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) == '1' else ''}"
|
|
|
+DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}"
|
|
|
IMAGE_DEPENDS ?= ""
|
|
|
|
|
|
def swupdate_is_hash_needed(s, filename):
|
|
|
@@ -101,7 +101,7 @@ python do_swuimage () {
|
|
|
fetch = bb.fetch2.Fetch([], d)
|
|
|
list_for_cpio = ["sw-description"]
|
|
|
|
|
|
- if d.getVar('SWUPDATE_SIGNING', True) == '1':
|
|
|
+ if d.getVar('SWUPDATE_SIGNING', True):
|
|
|
list_for_cpio.append('sw-description.sig')
|
|
|
|
|
|
for url in fetch.urls:
|
|
|
@@ -140,12 +140,20 @@ python do_swuimage () {
|
|
|
hash = swupdate_get_sha256(s, file)
|
|
|
swupdate_write_sha256(s, file, hash)
|
|
|
|
|
|
- if d.getVar('SWUPDATE_SIGNING', True) == '1':
|
|
|
- sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
|
|
|
- if sign_tool:
|
|
|
- if os.system(sign_tool) != 0:
|
|
|
- bb.fatal("Failed to sign with %s" % (sign_tool))
|
|
|
- else:
|
|
|
+ signing = d.getVar('SWUPDATE_SIGNING', True)
|
|
|
+ if signing == "1":
|
|
|
+ bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.')
|
|
|
+ signing = "RSA"
|
|
|
+ if signing:
|
|
|
+ if signing == "CUSTOM":
|
|
|
+ sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
|
|
|
+ if sign_tool:
|
|
|
+ ret = os.system(sign_tool)
|
|
|
+ if ret != 0:
|
|
|
+ bb.fatal("Failed to sign with %s" % (sign_tool))
|
|
|
+ else:
|
|
|
+ bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
|
|
|
+ elif signing == "RSA":
|
|
|
privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True)
|
|
|
if not privkey:
|
|
|
bb.fatal("SWUPDATE_PRIVATE_KEY isn't set")
|
|
|
@@ -163,6 +171,26 @@ python do_swuimage () {
|
|
|
os.path.join(s, 'sw-description'))
|
|
|
if os.system(signcmd) != 0:
|
|
|
bb.fatal("Failed to sign sw-description with %s" % (privkey))
|
|
|
+ elif signing == "CMS":
|
|
|
+ cms_cert = d.getVar('SWUPDATE_CMS_CERT', True)
|
|
|
+ if not cms_cert:
|
|
|
+ bb.fatal("SWUPDATE_CMS_CERT is not set")
|
|
|
+ if not os.path.exists(cms_cert):
|
|
|
+ bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert))
|
|
|
+ cms_key = d.getVar('SWUPDATE_CMS_KEY', True)
|
|
|
+ if not cms_key:
|
|
|
+ bb.fatal("SWUPDATE_CMS_KEY isn't set")
|
|
|
+ if not os.path.exists(cms_key):
|
|
|
+ bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key))
|
|
|
+ signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % (
|
|
|
+ os.path.join(s, 'sw-description'),
|
|
|
+ os.path.join(s, 'sw-description.sig'),
|
|
|
+ cms_cert,
|
|
|
+ cms_key)
|
|
|
+ if os.system(signcmd) != 0:
|
|
|
+ bb.fatal("Failed to sign sw-description with %s" % (privkey))
|
|
|
+ else:
|
|
|
+ bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.");
|
|
|
|
|
|
line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(deploydir,d.getVar('IMAGE_NAME', True) + '.swu')
|
|
|
os.system("cd " + s + ";" + line)
|
Maciej Pijanowski