From 144760d20600a86fbf1974b94f2fcb0830df608e Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Fri, 15 Apr 2022 13:25:41 +0100 Subject: [PATCH] image: strip metadata from images when used in other artifacts Image metadata and signature is of no use for images which are included inside other artifacts (like an SD-card image). Strip them off before using images in artifacts or stashing them for the ImageBuilder as the contained signature breaks reproducibility. Signed-off-by: Daniel Golle (cherry picked from commit 7a256d97d9ded84d1bfd531e775099774e7b6b06) --- include/image-commands.mk | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/include/image-commands.mk b/include/image-commands.mk index 2d2d53cd65..376553b8d2 100644 --- a/include/image-commands.mk +++ b/include/image-commands.mk @@ -37,7 +37,11 @@ define Build/package-kernel-ubifs endef define Build/append-image - dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@ + cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta" + fwtool -s /dev/null -t "$@.stripmeta" || : + fwtool -i /dev/null -t "$@.stripmeta" || : + dd if="$@.stripmeta" >> "$@" + rm "$@.stripmeta" endef ifdef IB @@ -46,8 +50,12 @@ define Build/append-image-stage endef else define Build/append-image-stage - dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1) - dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@ + cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta" + fwtool -s /dev/null -t "$@.stripmeta" || : + fwtool -i /dev/null -t "$@.stripmeta" || : + dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)" + dd if="$@.stripmeta" >> "$@" + rm "$@.stripmeta" endef endif -- 2.30.2