* [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*
@ 2022-06-03 11:56 Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 1/4] ISAR update Quirin Gylstorff
` (5 more replies)
0 siblings, 6 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-03 11:56 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].
This new feature remove the *.img from all wic images.
Also as new naming convention image recipes no longer end with `-img`.
The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.
To use squashfs include:
IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"
To create a verity based image to following line need to be added
to the local.conf or similar configuration:
IMAGE_CLASSES += "verity"
The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.
The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.
Please check/test the interface changes for swupdate and read-only root
file system.
I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
Quirin
[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
Quirin Gylstorff (4):
ISAR update
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names
...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 51 +++++++++----------
classes/wic-targz-img.bbclass | 15 ------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 4 +-
kas/opt/targz-img.yml | 2 +-
recipes-core/images/files/sw-description.tmpl | 1 -
recipes-core/images/swupdate.inc | 6 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
scripts/deploy-cip-core.sh | 8 +--
start-qemu.sh | 8 +--
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
26 files changed, 69 insertions(+), 110 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
delete mode 100644 classes/wic-targz-img.bbclass
--
2.35.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC 1/4] ISAR update
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
@ 2022-06-03 11:56 ` Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 2/4] start-qemu.sh: adapt to new image names Quirin Gylstorff
` (4 subsequent siblings)
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-03 11:56 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This update introduces the new IMAGE_CMD_*.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
classes/wic-targz-img.bbclass | 15 ---------------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 2 +-
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 2 +-
kas/opt/targz-img.yml | 2 +-
12 files changed, 11 insertions(+), 26 deletions(-)
delete mode 100644 classes/wic-targz-img.bbclass
diff --git a/classes/wic-targz-img.bbclass b/classes/wic-targz-img.bbclass
deleted file mode 100644
index 1327840..0000000
--- a/classes/wic-targz-img.bbclass
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2019
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit wic-img
-inherit targz-img
-
-addtask do_targz_image after do_wic_image
diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf
index 81e624e..b592f4d 100644
--- a/conf/machine/bbb.conf
+++ b/conf/machine/bbb.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "armhf"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
IMAGER_INSTALL += "u-boot-omap"
IMAGE_INSTALL += "u-boot-script"
diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index bc80ddd..0b3acf4 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -11,7 +11,7 @@
DISTRO_ARCH = "arm64"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
diff --git a/conf/machine/iwg20m.conf b/conf/machine/iwg20m.conf
index a26f7fe..d997a02 100644
--- a/conf/machine/iwg20m.conf
+++ b/conf/machine/iwg20m.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "armhf"
# see wic/iwg20m.wks
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
# sets serial login getty
MACHINE_SERIAL = "ttySC0"
diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index a60f818..da7e59c 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -8,6 +8,6 @@
DISTRO_ARCH = "amd64"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_qemu_defconfig"
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
index aca6d7d..1937c4c 100644
--- a/conf/machine/qemu-arm.conf
+++ b/conf/machine/qemu-arm.conf
@@ -9,6 +9,6 @@
DISTRO_ARCH = "armhf"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/qemu_arm_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index 4e12cdb..b5c1e1c 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "arm64"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
diff --git a/conf/machine/simatic-ipc227e.conf b/conf/machine/simatic-ipc227e.conf
index 50d1f8a..a624fcd 100644
--- a/conf/machine/simatic-ipc227e.conf
+++ b/conf/machine/simatic-ipc227e.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "amd64"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
IMAGER_INSTALL += "${GRUB_BOOTLOADER_INSTALL}"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/siemens_ipc227e_defconfig"
diff --git a/kas-cip.yml b/kas-cip.yml
index fce176b..90582bf 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -22,7 +22,7 @@ repos:
isar:
url: https://github.com/ilbers/isar.git
- refspec: cf3f18a649ff42726677a58b224b9bb58ea4ba46
+ refspec: 0cf9bc5d996e19e9e31857dd48d069fd69114376
layers:
meta:
patches:
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index d85aed7..4282932 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -24,7 +24,7 @@ local_conf_header:
WIC_IMAGER_INSTALL_append = " efibootguard"
WDOG_TIMEOUT ?= "60"
WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
- IMAGE_FSTYPES ?= "wic-img"
+ IMAGE_FSTYPES ?= "wic"
WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
firmware-binaries: |
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 31cd0d1..72429c6 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -23,5 +23,5 @@ local_conf_header:
CIP_IMAGE_OPTIONS_append = " swupdate.inc"
wic-swu: |
- IMAGE_FSTYPES = "wic-swu-img"
+ IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
index d555a8a..afe2e07 100644
--- a/kas/opt/targz-img.yml
+++ b/kas/opt/targz-img.yml
@@ -14,4 +14,4 @@ header:
local_conf_header:
image-type: |
- IMAGE_FSTYPES = "targz-img"
+ IMAGE_FSTYPES = "tar.gz"
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC 2/4] start-qemu.sh: adapt to new image names
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 1/4] ISAR update Quirin Gylstorff
@ 2022-06-03 11:56 ` Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
` (3 subsequent siblings)
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-03 11:56 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
start-qemu.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/start-qemu.sh b/start-qemu.sh
index 80c0cd7..f066209 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -134,13 +134,13 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
-global isa-fdc.driveA= \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
${QEMU_COMMON_OPTIONS} "$@"
else
ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
${QEMU_COMMON_OPTIONS} "$@"
fi
@@ -149,7 +149,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
u_boot_bin=${FIRMWARE_BIN:-./build/tmp/deploy/images/qemu-arm64/firmware.bin}
${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-bios ${u_boot_bin} \
${QEMU_COMMON_OPTIONS} "$@"
;;
@@ -159,7 +159,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
;;
esac
else
- IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)
+ IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4)
KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_*
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 1/4] ISAR update Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 2/4] start-qemu.sh: adapt to new image names Quirin Gylstorff
@ 2022-06-03 11:56 ` Quirin Gylstorff
2022-06-07 7:32 ` Jan Kiszka
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 4/4] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
` (2 subsequent siblings)
5 siblings, 1 reply; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-03 11:56 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.
To use squashfs include:
IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"
The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.
The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.
To create a verity based image to following line need to be added
to the local.conf or similar configuration:
IMAGE_CLASSES += "verity"
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 51 +++++++++----------
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/swupdate.yml | 2 +
recipes-core/images/files/sw-description.tmpl | 1 -
recipes-core/images/swupdate.inc | 6 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
13 files changed, 50 insertions(+), 76 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
diff --git a/classes/wic-swu-img.bbclass b/classes/read-only-rootfs.bbclass
similarity index 75%
rename from classes/wic-swu-img.bbclass
rename to classes/read-only-rootfs.bbclass
index 41b2164..6f91f66 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/read-only-rootfs.bbclass
@@ -9,16 +9,10 @@
# SPDX-License-Identifier: MIT
#
-SQUASHFS_EXCLUDE_DIRS += "home var"
-
-inherit squashfs-img
-inherit wic-img
-inherit swupdate-img
-
INITRAMFS_RECIPE ?= "cip-core-initramfs"
INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
-do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
+do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"
IMAGE_INSTALL += "home-fs"
IMAGE_INSTALL += "tmp-fs"
@@ -37,6 +31,3 @@ devtmpfs /dev devtmpfs mode=0755,nosuid 0 0
EOF
}
-addtask do_wic_image after do_squashfs_image
-
-addtask do_swupdate_image after do_wic_image
diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
deleted file mode 100644
index 5e8e48a..0000000
--- a/classes/secure-wic-swu-img.bbclass
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2021-2022
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit verity-img
-inherit wic-swu-img
-
-addtask do_wic_image after do_verity_image
diff --git a/classes/squashfs-img.bbclass b/classes/squashfs.bbclass
similarity index 66%
rename from classes/squashfs-img.bbclass
rename to classes/squashfs.bbclass
index c22d7d6..376ddfe 100644
--- a/classes/squashfs-img.bbclass
+++ b/classes/squashfs.bbclass
@@ -9,9 +9,7 @@
# SPDX-License-Identifier: MIT
#
-SQUASHFS_IMAGE_FILE = "${IMAGE_FULLNAME}.squashfs.img"
-
-IMAGER_INSTALL += "squashfs-tools"
+IMAGER_INSTALL_squashfs += "squashfs-tools"
SQUASHFS_EXCLUDE_DIRS ?= ""
SQUASHFS_CONTENT ?= "${PP_ROOTFS}"
@@ -29,14 +27,11 @@ python __anonymous() {
d.appendVar('SQUASHFS_CREATION_ARGS', args)
}
-do_squashfs_image[dirs] = "${DEPLOY_DIR_IMAGE}"
-do_squashfs_image() {
+IMAGE_CMD_squashfs[depends] = "${PN}:do_transform_template"
+IMAGE_CMD_squashfs() {
rm -f '${DEPLOY_DIR_IMAGE}/${SQUASHFS_IMAGE_FILE}'
- image_do_mounts
-
- sudo chroot "${BUILDCHROOT_DIR}" /bin/mksquashfs \
- "${SQUASHFS_CONTENT}" "${PP_DEPLOY}/${SQUASHFS_IMAGE_FILE}" \
+ ${SUDO_CHROOT} /bin/mksquashfs \
+ '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \
${SQUASHFS_CREATION_ARGS}
}
-addtask do_squashfs_image before do_image after do_image_tools do_excl_directories
diff --git a/classes/swupdate-img.bbclass b/classes/swupdate.bbclass
similarity index 92%
rename from classes/swupdate-img.bbclass
rename to classes/swupdate.bbclass
index 1437c07..c3fc303 100644
--- a/classes/swupdate-img.bbclass
+++ b/classes/swupdate.bbclass
@@ -18,9 +18,9 @@ SWU_SIGNATURE_TYPE ?= "rsa"
IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
-do_swupdate_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
-do_swupdate_image[cleandirs] += "${WORKDIR}/swu"
-do_swupdate_image() {
+do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
+do_swupdate_binary() {
rm -f '${SWU_IMAGE_FILE}'
cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
@@ -91,4 +91,4 @@ do_swupdate_image() {
cd -
}
-addtask swupdate_image before do_build after do_copy_boot_files do_install_imager_deps do_transform_template
+addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
diff --git a/classes/verity-img.bbclass b/classes/verity.bbclass
similarity index 78%
rename from classes/verity-img.bbclass
rename to classes/verity.bbclass
index b7d7f08..bbc57b0 100644
--- a/classes/verity-img.bbclass
+++ b/classes/verity.bbclass
@@ -8,13 +8,16 @@
#
# SPDX-License-Identifier: MIT
#
-
VERITY_IMAGE_TYPE ?= "squashfs"
-inherit ${VERITY_IMAGE_TYPE}-img
+inherit ${VERITY_IMAGE_TYPE}
+
+IMAGE_TYPEDEP_verity = "${VERITY_IMAGE_TYPE}"
+IMAGE_TYPEDEP_wic += "verity"
+IMAGER_INSTALL_verity += "cryptsetup"
-VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.img"
-VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img"
+VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
+VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
VERITY_HASH_BLOCK_SIZE ?= "1024"
VERITY_DATA_BLOCK_SIZE ?= "1024"
@@ -37,14 +40,28 @@ create_verity_env_file() {
done < $input
}
-verity_setup() {
+python calculate_verity_data_blocks() {
+ import os
+
+ image_file = os.path.join(
+ d.getVar("DEPLOY_DIR_IMAGE"),
+ d.getVar("VERITY_INPUT_IMAGE")
+ )
+ data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
+ size = os.stat(image_file).st_size
+ assert size % data_block_size == 0, f"image is not well-sized!"
+ d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
+ d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
+}
+do_image_verity[cleandirs] = "${WORKDIR}/verity"
+do_image_verity[prefuncs] = "calculate_verity_data_blocks"
+IMAGE_CMD_verity() {
rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE} ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
- image_do_mounts
- sudo chroot "${BUILDCHROOT_DIR}" /sbin/veritysetup format \
+ ${SUDO_CHROOT} /sbin/veritysetup format \
--hash-block-size "${VERITY_HASH_BLOCK_SIZE}" \
--data-block-size "${VERITY_DATA_BLOCK_SIZE}" \
--data-blocks "${VERITY_DATA_BLOCKS}" \
@@ -55,23 +72,5 @@ verity_setup() {
echo "Hash offset: ${VERITY_INPUT_IMAGE_SIZE}" \
>>"${WORKDIR}/${VERITY_IMAGE_METADATA}"
+ create_verity_env_file
}
-
-do_verity_image[cleandirs] = "${WORKDIR}/verity"
-python do_verity_image() {
- import os
-
- image_file = os.path.join(
- d.getVar("DEPLOY_DIR_IMAGE"),
- d.getVar("VERITY_INPUT_IMAGE")
- )
- data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
- size = os.stat(image_file).st_size
- assert size % data_block_size == 0, f"image is not well-sized!"
- d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
- d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
-
- bb.build.exec_func('verity_setup', d)
- bb.build.exec_func('create_verity_env_file', d)
-}
-addtask verity_image before do_image after do_${VERITY_IMAGE_TYPE}_image
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 3f2a794..2822cef 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -23,7 +23,8 @@ local_conf_header:
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
secure-boot-image: |
- IMAGE_FSTYPES = "secure-wic-swu-img"
+ IMAGE_CLASSES += "verity"
+ IMAGE_FSTYPES = "wic"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
INITRAMFS_INSTALL_append = " initramfs-verity-hook"
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 72429c6..c2bd15c 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -23,5 +23,7 @@ local_conf_header:
CIP_IMAGE_OPTIONS_append = " swupdate.inc"
wic-swu: |
+ IMAGE_CLASSES += "squashfs"
+ IMAGE_TYPEDEP_wic += "squashfs"
IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
index f5cafeb..1eb7758 100644
--- a/recipes-core/images/files/sw-description.tmpl
+++ b/recipes-core/images/files/sw-description.tmpl
@@ -16,7 +16,6 @@ software =
filename = "${ROOTFS_PARTITION_NAME}";
device = "C:BOOT0:linux.efi->fedcba98-7654-3210-cafe-5e0710000001,C:BOOT1:linux.efi->fedcba98-7654-3210-cafe-5e0710000002";
type = "roundrobin";
- compressed = "zlib";
filesystem = "ext4";
properties: {
subtype = "image";
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index 64887df..2ec767f 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -8,10 +8,12 @@
#
# SPDX-License-Identifier: MIT
#
+inherit swupdate
+inherit read-only-rootfs
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4"
-ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.img.p4.gz"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += "file://sw-description.tmpl"
TEMPLATE_FILES += "sw-description.tmpl"
diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index f0d2d68..60ee8da 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -28,7 +28,7 @@ VERITY_IMAGE_RECIPE ?= "cip-core-image"
VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
-do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_verity_image"
+do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_image_verity"
do_install[cleandirs] += " \
${D}/usr/share/initramfs-tools/hooks \
${D}/usr/share/verity-env \
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index e097eac..0e298bc 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,7 +1,7 @@
include ebg-signed-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
index b3bbed4..3b8dadd 100644
--- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
@@ -1,7 +1,7 @@
include ebg-signed-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/x86-efibootguard.wks.in b/wic/x86-efibootguard.wks.in
index f60ebcf..c71253d 100644
--- a/wic/x86-efibootguard.wks.in
+++ b/wic/x86-efibootguard.wks.in
@@ -3,8 +3,8 @@
include ebg-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC 4/4] scripts/deploy-cip-core: Adapt to new image names
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
` (2 preceding siblings ...)
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
@ 2022-06-03 11:56 ` Quirin Gylstorff
2022-06-03 15:27 ` [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-03 11:56 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The identifier img was delete from the image name.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
scripts/deploy-cip-core.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index cf8f45d..203ab1d 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -28,12 +28,12 @@ fi
BASE_PATH=build/tmp/deploy/images/$TARGET/$BASE_FILENAME
S3_TARGET=s3://download2.cip-project.org/cip-core/$REF/$TARGET/
-if [ -f $BASE_PATH.wic.img ] ; then
- echo "Compressing $BASE_FILENAME.wic.img..."
- xz -9 -k $BASE_PATH.wic.img
+if [ -f $BASE_PATH.wic ] ; then
+ echo "Compressing $BASE_FILENAME.wic..."
+ xz -9 -k $BASE_PATH.wic
echo "Uploading artifacts..."
- aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.img.xz ${S3_TARGET}
+ aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.xz ${S3_TARGET}
fi
if [ -f $BASE_PATH.tar.gz ]; then
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
` (3 preceding siblings ...)
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 4/4] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
@ 2022-06-03 15:27 ` Jan Kiszka
2022-06-03 15:29 ` Jan Kiszka
2022-06-03 15:33 ` Gylstorff Quirin
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
5 siblings, 2 replies; 23+ messages in thread
From: Jan Kiszka @ 2022-06-03 15:27 UTC (permalink / raw)
To: Quirin Gylstorff, cip-dev, adriaan.schmidt
On 03.06.22 13:56, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
> ISAR commit [1]. See also ISAR API changelog[2].
>
> This new feature remove the *.img from all wic images.
>
> Also as new naming convention image recipes no longer end with `-img`.
>
> The image types wic-swu-img and secure-wic-swu-img were removed.
> Rename `squashfs-img` to squashfs according new naming scheme.
>
> To use squashfs include:
>
> IMAGE_CLASSES += "squashfs"
> IMAGE_TYPEDEP_wic += "squashfs"
>
>
> To create a verity based image to following line need to be added
> to the local.conf or similar configuration:
>
> IMAGE_CLASSES += "verity"
>
> The modifications for a read-only root file system are now part
> of a bbclass which can be include directly into the image
> recipe.
>
> The modifications to generate a SWUpdate update package are
> also no longer part of the image build process and in a seperate
> bbclass. This class needs to be included in the image recipe.
>
> Please check/test the interface changes for swupdate and read-only root
> file system.
>
> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
>
> Quirin
>
> [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
> [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
>
> Quirin Gylstorff (4):
> ISAR update
> start-qemu.sh: adapt to new image names
> Adapt swupdate and verity to use new IMAGE_CMD_*
> scripts/deploy-cip-core: Adapt to new image names
Thanks for this update. I'll have a look and also try to apply it to
meta-iot2050 as test case.
One question: Is the series bisection-safe, or are the patches 3 and 4
needed to build again. Patch 2 is likely needed to run the result again
after patch 1, right?
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-03 15:27 ` [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
@ 2022-06-03 15:29 ` Jan Kiszka
2022-06-03 15:33 ` Gylstorff Quirin
1 sibling, 0 replies; 23+ messages in thread
From: Jan Kiszka @ 2022-06-03 15:29 UTC (permalink / raw)
To: Quirin Gylstorff, cip-dev, adriaan.schmidt
On 03.06.22 17:27, Jan Kiszka wrote:
> On 03.06.22 13:56, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
>> ISAR commit [1]. See also ISAR API changelog[2].
>>
>> This new feature remove the *.img from all wic images.
>>
>> Also as new naming convention image recipes no longer end with `-img`.
>>
>> The image types wic-swu-img and secure-wic-swu-img were removed.
>> Rename `squashfs-img` to squashfs according new naming scheme.
>>
>> To use squashfs include:
>>
>> IMAGE_CLASSES += "squashfs"
>> IMAGE_TYPEDEP_wic += "squashfs"
>>
>>
>> To create a verity based image to following line need to be added
>> to the local.conf or similar configuration:
>>
>> IMAGE_CLASSES += "verity"
>>
>> The modifications for a read-only root file system are now part
>> of a bbclass which can be include directly into the image
>> recipe.
>>
>> The modifications to generate a SWUpdate update package are
>> also no longer part of the image build process and in a seperate
>> bbclass. This class needs to be included in the image recipe.
>>
>> Please check/test the interface changes for swupdate and read-only root
>> file system.
>>
>> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
>>
>> Quirin
>>
>> [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
>> [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
>>
>> Quirin Gylstorff (4):
>> ISAR update
>> start-qemu.sh: adapt to new image names
>> Adapt swupdate and verity to use new IMAGE_CMD_*
>> scripts/deploy-cip-core: Adapt to new image names
>
> Thanks for this update. I'll have a look and also try to apply it to
> meta-iot2050 as test case.
>
> One question: Is the series bisection-safe, or are the patches 3 and 4
> needed to build again. Patch 2 is likely needed to run the result again
> after patch 1, right?
>
Hmm, patch 4 is likely needed to ensure that CI is still passing with
its deployment jobs.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-03 15:27 ` [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
2022-06-03 15:29 ` Jan Kiszka
@ 2022-06-03 15:33 ` Gylstorff Quirin
2022-06-07 7:23 ` Jan Kiszka
1 sibling, 1 reply; 23+ messages in thread
From: Gylstorff Quirin @ 2022-06-03 15:33 UTC (permalink / raw)
To: Jan Kiszka, cip-dev, adriaan.schmidt
On 6/3/22 17:27, Jan Kiszka wrote:
> On 03.06.22 13:56, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
>> ISAR commit [1]. See also ISAR API changelog[2].
>>
>> This new feature remove the *.img from all wic images.
>>
>> Also as new naming convention image recipes no longer end with `-img`.
>>
>> The image types wic-swu-img and secure-wic-swu-img were removed.
>> Rename `squashfs-img` to squashfs according new naming scheme.
>>
>> To use squashfs include:
>>
>> IMAGE_CLASSES += "squashfs"
>> IMAGE_TYPEDEP_wic += "squashfs"
>>
>>
>> To create a verity based image to following line need to be added
>> to the local.conf or similar configuration:
>>
>> IMAGE_CLASSES += "verity"
>>
>> The modifications for a read-only root file system are now part
>> of a bbclass which can be include directly into the image
>> recipe.
>>
>> The modifications to generate a SWUpdate update package are
>> also no longer part of the image build process and in a seperate
>> bbclass. This class needs to be included in the image recipe.
>>
>> Please check/test the interface changes for swupdate and read-only root
>> file system.
>>
>> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
>>
>> Quirin
>>
>> [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
>> [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
>>
>> Quirin Gylstorff (4):
>> ISAR update
>> start-qemu.sh: adapt to new image names
>> Adapt swupdate and verity to use new IMAGE_CMD_*
>> scripts/deploy-cip-core: Adapt to new image names
>
> Thanks for this update. I'll have a look and also try to apply it to
> meta-iot2050 as test case.
>
> One question: Is the series bisection-safe, or are the patches 3 and 4
> needed to build again. Patch 2 is likely needed to run the result again
> after patch 1, right?
>
I tried to make the patches bisection-safe. The build should work but
the verity and swupdate functionality is not available after patch 1.
patch 1 and 3 are the main changes.
I will re-oder the patches.
patches 2 and 4 are adaptation of scripts (qemu and ci chain).
I found some errors in the CI build and will send an update. The errors
are in kas/opt/wic-targz-img.yml and kas/opt/targz-img.yml.
Quirin
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-03 15:33 ` Gylstorff Quirin
@ 2022-06-07 7:23 ` Jan Kiszka
0 siblings, 0 replies; 23+ messages in thread
From: Jan Kiszka @ 2022-06-07 7:23 UTC (permalink / raw)
To: Gylstorff Quirin, cip-dev, adriaan.schmidt
On 03.06.22 17:33, Gylstorff Quirin wrote:
>
>
> On 6/3/22 17:27, Jan Kiszka wrote:
>> On 03.06.22 13:56, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
>>> ISAR commit [1]. See also ISAR API changelog[2].
>>>
>>> This new feature remove the *.img from all wic images.
>>>
>>> Also as new naming convention image recipes no longer end with `-img`.
>>>
>>> The image types wic-swu-img and secure-wic-swu-img were removed.
>>> Rename `squashfs-img` to squashfs according new naming scheme.
>>>
>>> To use squashfs include:
>>>
>>> IMAGE_CLASSES += "squashfs"
>>> IMAGE_TYPEDEP_wic += "squashfs"
>>>
>>>
>>> To create a verity based image to following line need to be added
>>> to the local.conf or similar configuration:
>>>
>>> IMAGE_CLASSES += "verity"
>>>
>>> The modifications for a read-only root file system are now part
>>> of a bbclass which can be include directly into the image
>>> recipe.
>>>
>>> The modifications to generate a SWUpdate update package are
>>> also no longer part of the image build process and in a seperate
>>> bbclass. This class needs to be included in the image recipe.
>>>
>>> Please check/test the interface changes for swupdate and read-only root
>>> file system.
>>>
>>> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
>>>
>>> Quirin
>>>
>>> [1]:
>>> https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
>>>
>>> [2]:
>>> https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
>>>
>>>
>>> Quirin Gylstorff (4):
>>> ISAR update
>>> start-qemu.sh: adapt to new image names
>>> Adapt swupdate and verity to use new IMAGE_CMD_*
>>> scripts/deploy-cip-core: Adapt to new image names
>>
>> Thanks for this update. I'll have a look and also try to apply it to
>> meta-iot2050 as test case.
>>
>> One question: Is the series bisection-safe, or are the patches 3 and 4
>> needed to build again. Patch 2 is likely needed to run the result again
>> after patch 1, right?
>>
> I tried to make the patches bisection-safe. The build should work but
> the verity and swupdate functionality is not available after patch 1.
> patch 1 and 3 are the main changes.
>
> I will re-oder the patches.
>
> patches 2 and 4 are adaptation of scripts (qemu and ci chain).
>
Will, CI should fail without patch 4, e.g. Probably, it's an
all-or-nothing series from that perspective, and it only makes sense to
break it up for readability reasons.
> I found some errors in the CI build and will send an update. The errors
> are in kas/opt/wic-targz-img.yml and kas/opt/targz-img.yml.
>
OK. Looking at more details now, some further remarks will follow.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_*
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
@ 2022-06-07 7:32 ` Jan Kiszka
2022-06-07 8:39 ` Gylstorff Quirin
0 siblings, 1 reply; 23+ messages in thread
From: Jan Kiszka @ 2022-06-07 7:32 UTC (permalink / raw)
To: Quirin Gylstorff, cip-dev, adriaan.schmidt
On 03.06.22 13:56, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> The image types wic-swu-img and secure-wic-swu-img were removed.
> Rename `squashfs-img` to squashfs according new naming scheme.
>
> To use squashfs include:
>
> IMAGE_CLASSES += "squashfs"
> IMAGE_TYPEDEP_wic += "squashfs"
Now that squashfs is converted, that class should be pushed to Isar
soon. Will "just" need a test case there.
>
> The modifications for a read-only root file system are now part
> of a bbclass which can be include directly into the image
> recipe.
>
> The modifications to generate a SWUpdate update package are
> also no longer part of the image build process and in a seperate
> bbclass. This class needs to be included in the image recipe.
>
> To create a verity based image to following line need to be added
> to the local.conf or similar configuration:
>
> IMAGE_CLASSES += "verity"
Maybe verity could go upstream as well, though it is more specific and
may not make too much sense without the full image integration. Still,
worth to think about it.
>
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
> ...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
> classes/secure-wic-swu-img.bbclass | 15 ------
> ...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
> ...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
> .../{verity-img.bbclass => verity.bbclass} | 51 +++++++++----------
> kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
> kas/opt/swupdate.yml | 2 +
> recipes-core/images/files/sw-description.tmpl | 1 -
> recipes-core/images/swupdate.inc | 6 ++-
> .../initramfs-verity-hook_0.1.bb | 2 +-
> wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
> wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
> wic/x86-efibootguard.wks.in | 4 +-
> 13 files changed, 50 insertions(+), 76 deletions(-)
> rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
> delete mode 100644 classes/secure-wic-swu-img.bbclass
> rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
> rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
> rename classes/{verity-img.bbclass => verity.bbclass} (78%)
>
> diff --git a/classes/wic-swu-img.bbclass b/classes/read-only-rootfs.bbclass
> similarity index 75%
> rename from classes/wic-swu-img.bbclass
> rename to classes/read-only-rootfs.bbclass
> index 41b2164..6f91f66 100644
> --- a/classes/wic-swu-img.bbclass
> +++ b/classes/read-only-rootfs.bbclass
There is still a "wic" relationship in this class, no?
> @@ -9,16 +9,10 @@
> # SPDX-License-Identifier: MIT
> #
>
> -SQUASHFS_EXCLUDE_DIRS += "home var"
> -
> -inherit squashfs-img
> -inherit wic-img
> -inherit swupdate-img
> -
> INITRAMFS_RECIPE ?= "cip-core-initramfs"
> INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
>
> -do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
> +do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"
>
> IMAGE_INSTALL += "home-fs"
> IMAGE_INSTALL += "tmp-fs"
> @@ -37,6 +31,3 @@ devtmpfs /dev devtmpfs mode=0755,nosuid 0 0
> EOF
> }
>
> -addtask do_wic_image after do_squashfs_image
> -
> -addtask do_swupdate_image after do_wic_image
> diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
> deleted file mode 100644
> index 5e8e48a..0000000
> --- a/classes/secure-wic-swu-img.bbclass
> +++ /dev/null
> @@ -1,15 +0,0 @@
> -#
> -# CIP Core, generic profile
> -#
> -# Copyright (c) Siemens AG, 2021-2022
> -#
> -# Authors:
> -# Quirin Gylstorff <quirin.gylstorff@siemens.com>
> -#
> -# SPDX-License-Identifier: MIT
> -#
> -
> -inherit verity-img
> -inherit wic-swu-img
> -
> -addtask do_wic_image after do_verity_image
> diff --git a/classes/squashfs-img.bbclass b/classes/squashfs.bbclass
> similarity index 66%
> rename from classes/squashfs-img.bbclass
> rename to classes/squashfs.bbclass
> index c22d7d6..376ddfe 100644
> --- a/classes/squashfs-img.bbclass
> +++ b/classes/squashfs.bbclass
> @@ -9,9 +9,7 @@
> # SPDX-License-Identifier: MIT
> #
>
> -SQUASHFS_IMAGE_FILE = "${IMAGE_FULLNAME}.squashfs.img"
> -
> -IMAGER_INSTALL += "squashfs-tools"
> +IMAGER_INSTALL_squashfs += "squashfs-tools"
>
> SQUASHFS_EXCLUDE_DIRS ?= ""
> SQUASHFS_CONTENT ?= "${PP_ROOTFS}"
> @@ -29,14 +27,11 @@ python __anonymous() {
> d.appendVar('SQUASHFS_CREATION_ARGS', args)
> }
>
> -do_squashfs_image[dirs] = "${DEPLOY_DIR_IMAGE}"
> -do_squashfs_image() {
> +IMAGE_CMD_squashfs[depends] = "${PN}:do_transform_template"
> +IMAGE_CMD_squashfs() {
> rm -f '${DEPLOY_DIR_IMAGE}/${SQUASHFS_IMAGE_FILE}'
>
> - image_do_mounts
> -
> - sudo chroot "${BUILDCHROOT_DIR}" /bin/mksquashfs \
> - "${SQUASHFS_CONTENT}" "${PP_DEPLOY}/${SQUASHFS_IMAGE_FILE}" \
> + ${SUDO_CHROOT} /bin/mksquashfs \
> + '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \
> ${SQUASHFS_CREATION_ARGS}
> }
> -addtask do_squashfs_image before do_image after do_image_tools do_excl_directories
> diff --git a/classes/swupdate-img.bbclass b/classes/swupdate.bbclass
> similarity index 92%
> rename from classes/swupdate-img.bbclass
> rename to classes/swupdate.bbclass
> index 1437c07..c3fc303 100644
> --- a/classes/swupdate-img.bbclass
> +++ b/classes/swupdate.bbclass
> @@ -18,9 +18,9 @@ SWU_SIGNATURE_TYPE ?= "rsa"
>
> IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
>
> -do_swupdate_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> -do_swupdate_image[cleandirs] += "${WORKDIR}/swu"
> -do_swupdate_image() {
> +do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> +do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
> +do_swupdate_binary() {
> rm -f '${SWU_IMAGE_FILE}'
> cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
>
> @@ -91,4 +91,4 @@ do_swupdate_image() {
> cd -
> }
>
> -addtask swupdate_image before do_build after do_copy_boot_files do_install_imager_deps do_transform_template
> +addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
> diff --git a/classes/verity-img.bbclass b/classes/verity.bbclass
> similarity index 78%
> rename from classes/verity-img.bbclass
> rename to classes/verity.bbclass
> index b7d7f08..bbc57b0 100644
> --- a/classes/verity-img.bbclass
> +++ b/classes/verity.bbclass
> @@ -8,13 +8,16 @@
> #
> # SPDX-License-Identifier: MIT
> #
> -
Unrelated whitespace change.
> VERITY_IMAGE_TYPE ?= "squashfs"
>
> -inherit ${VERITY_IMAGE_TYPE}-img
> +inherit ${VERITY_IMAGE_TYPE}
> +
> +IMAGE_TYPEDEP_verity = "${VERITY_IMAGE_TYPE}"
> +IMAGE_TYPEDEP_wic += "verity"
> +IMAGER_INSTALL_verity += "cryptsetup"
>
> -VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.img"
> -VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img"
> +VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
> +VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
> VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
> VERITY_HASH_BLOCK_SIZE ?= "1024"
> VERITY_DATA_BLOCK_SIZE ?= "1024"
> @@ -37,14 +40,28 @@ create_verity_env_file() {
> done < $input
> }
>
> -verity_setup() {
> +python calculate_verity_data_blocks() {
> + import os
> +
> + image_file = os.path.join(
> + d.getVar("DEPLOY_DIR_IMAGE"),
> + d.getVar("VERITY_INPUT_IMAGE")
> + )
> + data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
> + size = os.stat(image_file).st_size
> + assert size % data_block_size == 0, f"image is not well-sized!"
> + d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
> + d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
> +}
> +do_image_verity[cleandirs] = "${WORKDIR}/verity"
> +do_image_verity[prefuncs] = "calculate_verity_data_blocks"
> +IMAGE_CMD_verity() {
> rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
> rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
>
> cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE} ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
>
> - image_do_mounts
> - sudo chroot "${BUILDCHROOT_DIR}" /sbin/veritysetup format \
> + ${SUDO_CHROOT} /sbin/veritysetup format \
> --hash-block-size "${VERITY_HASH_BLOCK_SIZE}" \
> --data-block-size "${VERITY_DATA_BLOCK_SIZE}" \
> --data-blocks "${VERITY_DATA_BLOCKS}" \
> @@ -55,23 +72,5 @@ verity_setup() {
>
> echo "Hash offset: ${VERITY_INPUT_IMAGE_SIZE}" \
> >>"${WORKDIR}/${VERITY_IMAGE_METADATA}"
> + create_verity_env_file
> }
> -
> -do_verity_image[cleandirs] = "${WORKDIR}/verity"
> -python do_verity_image() {
> - import os
> -
> - image_file = os.path.join(
> - d.getVar("DEPLOY_DIR_IMAGE"),
> - d.getVar("VERITY_INPUT_IMAGE")
> - )
> - data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
> - size = os.stat(image_file).st_size
> - assert size % data_block_size == 0, f"image is not well-sized!"
> - d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
> - d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
> -
> - bb.build.exec_func('verity_setup', d)
> - bb.build.exec_func('create_verity_env_file', d)
> -}
> -addtask verity_image before do_image after do_${VERITY_IMAGE_TYPE}_image
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 3f2a794..2822cef 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -23,7 +23,8 @@ local_conf_header:
> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>
> secure-boot-image: |
> - IMAGE_FSTYPES = "secure-wic-swu-img"
> + IMAGE_CLASSES += "verity"
> + IMAGE_FSTYPES = "wic"
> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
> INITRAMFS_INSTALL_append = " initramfs-verity-hook"
>
> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
> index 72429c6..c2bd15c 100644
> --- a/kas/opt/swupdate.yml
> +++ b/kas/opt/swupdate.yml
> @@ -23,5 +23,7 @@ local_conf_header:
> CIP_IMAGE_OPTIONS_append = " swupdate.inc"
>
> wic-swu: |
> + IMAGE_CLASSES += "squashfs"
> + IMAGE_TYPEDEP_wic += "squashfs"
> IMAGE_FSTYPES = "wic"
> WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
> diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
> index f5cafeb..1eb7758 100644
> --- a/recipes-core/images/files/sw-description.tmpl
> +++ b/recipes-core/images/files/sw-description.tmpl
> @@ -16,7 +16,6 @@ software =
> filename = "${ROOTFS_PARTITION_NAME}";
> device = "C:BOOT0:linux.efi->fedcba98-7654-3210-cafe-5e0710000001,C:BOOT1:linux.efi->fedcba98-7654-3210-cafe-5e0710000002";
> type = "roundrobin";
> - compressed = "zlib";
Why that? Looks at least unrelated.
> filesystem = "ext4";
> properties: {
> subtype = "image";
> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
> index 64887df..2ec767f 100644
> --- a/recipes-core/images/swupdate.inc
> +++ b/recipes-core/images/swupdate.inc
> @@ -8,10 +8,12 @@
> #
> # SPDX-License-Identifier: MIT
> #
Please add a blank line here.
> +inherit swupdate
> +inherit read-only-rootfs
>
> -FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
> +ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4"
>
> -ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.img.p4.gz"
> +FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
>
> SRC_URI += "file://sw-description.tmpl"
> TEMPLATE_FILES += "sw-description.tmpl"
> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> index f0d2d68..60ee8da 100644
> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
> @@ -28,7 +28,7 @@ VERITY_IMAGE_RECIPE ?= "cip-core-image"
>
> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>
> -do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_verity_image"
> +do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_image_verity"
> do_install[cleandirs] += " \
> ${D}/usr/share/initramfs-tools/hooks \
> ${D}/usr/share/verity-env \
> diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
> index e097eac..0e298bc 100644
> --- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
> +++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
> @@ -1,7 +1,7 @@
> include ebg-signed-sysparts.inc
>
> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>
> # home and var are extra partitions
> part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
> diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
> index b3bbed4..3b8dadd 100644
> --- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
> +++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
> @@ -1,7 +1,7 @@
> include ebg-signed-sysparts.inc
>
> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>
> # home and var are extra partitions
> part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
> diff --git a/wic/x86-efibootguard.wks.in b/wic/x86-efibootguard.wks.in
> index f60ebcf..c71253d 100644
> --- a/wic/x86-efibootguard.wks.in
> +++ b/wic/x86-efibootguard.wks.in
> @@ -3,8 +3,8 @@
>
> include ebg-sysparts.inc
>
> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>
> # home and var are extra partitions
> part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_*
2022-06-07 7:32 ` Jan Kiszka
@ 2022-06-07 8:39 ` Gylstorff Quirin
0 siblings, 0 replies; 23+ messages in thread
From: Gylstorff Quirin @ 2022-06-07 8:39 UTC (permalink / raw)
To: Jan Kiszka, cip-dev, adriaan.schmidt
On 6/7/22 09:32, Jan Kiszka wrote:
> On 03.06.22 13:56, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> The image types wic-swu-img and secure-wic-swu-img were removed.
>> Rename `squashfs-img` to squashfs according new naming scheme.
>>
>> To use squashfs include:
>>
>> IMAGE_CLASSES += "squashfs"
>> IMAGE_TYPEDEP_wic += "squashfs"
>
> Now that squashfs is converted, that class should be pushed to Isar
> soon. Will "just" need a test case there.
>
The testcase can also be a seperated rootfs for qemu.
>>
>> The modifications for a read-only root file system are now part
>> of a bbclass which can be include directly into the image
>> recipe.
>>
>> The modifications to generate a SWUpdate update package are
>> also no longer part of the image build process and in a seperate
>> bbclass. This class needs to be included in the image recipe.
>>
>> To create a verity based image to following line need to be added
>> to the local.conf or similar configuration:
>>
>> IMAGE_CLASSES += "verity"
>
> Maybe verity could go upstream as well, though it is more specific and
> may not make too much sense without the full image integration. Still,
> worth to think about it.
>
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>> ...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
>> classes/secure-wic-swu-img.bbclass | 15 ------
>> ...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
>> ...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
>> .../{verity-img.bbclass => verity.bbclass} | 51 +++++++++----------
>> kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
>> kas/opt/swupdate.yml | 2 +
>> recipes-core/images/files/sw-description.tmpl | 1 -
>> recipes-core/images/swupdate.inc | 6 ++-
>> .../initramfs-verity-hook_0.1.bb | 2 +-
>> wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
>> wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
>> wic/x86-efibootguard.wks.in | 4 +-
>> 13 files changed, 50 insertions(+), 76 deletions(-)
>> rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
>> delete mode 100644 classes/secure-wic-swu-img.bbclass
>> rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
>> rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
>> rename classes/{verity-img.bbclass => verity.bbclass} (78%)
>>
>> diff --git a/classes/wic-swu-img.bbclass b/classes/read-only-rootfs.bbclass
>> similarity index 75%
>> rename from classes/wic-swu-img.bbclass
>> rename to classes/read-only-rootfs.bbclass
>> index 41b2164..6f91f66 100644
>> --- a/classes/wic-swu-img.bbclass
>> +++ b/classes/read-only-rootfs.bbclass
>
> There is still a "wic" relationship in this class, no?
I can rename it to wic-read-only-rootfs. only the following
line is wic specific.
``
do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"
``
>
>> @@ -9,16 +9,10 @@
>> # SPDX-License-Identifier: MIT
>> #
>>
>> -SQUASHFS_EXCLUDE_DIRS += "home var"
>> -
>> -inherit squashfs-img
>> -inherit wic-img
>> -inherit swupdate-img
>> -
>> INITRAMFS_RECIPE ?= "cip-core-initramfs"
>> INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
>>
>> -do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
>> +do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"
>>
>> IMAGE_INSTALL += "home-fs"
>> IMAGE_INSTALL += "tmp-fs"
>> @@ -37,6 +31,3 @@ devtmpfs /dev devtmpfs mode=0755,nosuid 0 0
>> EOF
>> }
>>
>> -addtask do_wic_image after do_squashfs_image
>> -
>> -addtask do_swupdate_image after do_wic_image
>> diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
>> deleted file mode 100644
>> index 5e8e48a..0000000
>> --- a/classes/secure-wic-swu-img.bbclass
>> +++ /dev/null
>> @@ -1,15 +0,0 @@
>> -#
>> -# CIP Core, generic profile
>> -#
>> -# Copyright (c) Siemens AG, 2021-2022
>> -#
>> -# Authors:
>> -# Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> -#
>> -# SPDX-License-Identifier: MIT
>> -#
>> -
>> -inherit verity-img
>> -inherit wic-swu-img
>> -
>> -addtask do_wic_image after do_verity_image
>> diff --git a/classes/squashfs-img.bbclass b/classes/squashfs.bbclass
>> similarity index 66%
>> rename from classes/squashfs-img.bbclass
>> rename to classes/squashfs.bbclass
>> index c22d7d6..376ddfe 100644
>> --- a/classes/squashfs-img.bbclass
>> +++ b/classes/squashfs.bbclass
>> @@ -9,9 +9,7 @@
>> # SPDX-License-Identifier: MIT
>> #
>>
>> -SQUASHFS_IMAGE_FILE = "${IMAGE_FULLNAME}.squashfs.img"
>> -
>> -IMAGER_INSTALL += "squashfs-tools"
>> +IMAGER_INSTALL_squashfs += "squashfs-tools"
>>
>> SQUASHFS_EXCLUDE_DIRS ?= ""
>> SQUASHFS_CONTENT ?= "${PP_ROOTFS}"
>> @@ -29,14 +27,11 @@ python __anonymous() {
>> d.appendVar('SQUASHFS_CREATION_ARGS', args)
>> }
>>
>> -do_squashfs_image[dirs] = "${DEPLOY_DIR_IMAGE}"
>> -do_squashfs_image() {
>> +IMAGE_CMD_squashfs[depends] = "${PN}:do_transform_template"
>> +IMAGE_CMD_squashfs() {
>> rm -f '${DEPLOY_DIR_IMAGE}/${SQUASHFS_IMAGE_FILE}'
>>
>> - image_do_mounts
>> -
>> - sudo chroot "${BUILDCHROOT_DIR}" /bin/mksquashfs \
>> - "${SQUASHFS_CONTENT}" "${PP_DEPLOY}/${SQUASHFS_IMAGE_FILE}" \
>> + ${SUDO_CHROOT} /bin/mksquashfs \
>> + '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \
>> ${SQUASHFS_CREATION_ARGS}
>> }
>> -addtask do_squashfs_image before do_image after do_image_tools do_excl_directories
>> diff --git a/classes/swupdate-img.bbclass b/classes/swupdate.bbclass
>> similarity index 92%
>> rename from classes/swupdate-img.bbclass
>> rename to classes/swupdate.bbclass
>> index 1437c07..c3fc303 100644
>> --- a/classes/swupdate-img.bbclass
>> +++ b/classes/swupdate.bbclass
>> @@ -18,9 +18,9 @@ SWU_SIGNATURE_TYPE ?= "rsa"
>>
>> IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
>>
>> -do_swupdate_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
>> -do_swupdate_image[cleandirs] += "${WORKDIR}/swu"
>> -do_swupdate_image() {
>> +do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
>> +do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
>> +do_swupdate_binary() {
>> rm -f '${SWU_IMAGE_FILE}'
>> cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
>>
>> @@ -91,4 +91,4 @@ do_swupdate_image() {
>> cd -
>> }
>>
>> -addtask swupdate_image before do_build after do_copy_boot_files do_install_imager_deps do_transform_template
>> +addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
>> diff --git a/classes/verity-img.bbclass b/classes/verity.bbclass
>> similarity index 78%
>> rename from classes/verity-img.bbclass
>> rename to classes/verity.bbclass
>> index b7d7f08..bbc57b0 100644
>> --- a/classes/verity-img.bbclass
>> +++ b/classes/verity.bbclass
>> @@ -8,13 +8,16 @@
>> #
>> # SPDX-License-Identifier: MIT
>> #
>> -
>
> Unrelated whitespace change.
>
Will remove in v2
>> VERITY_IMAGE_TYPE ?= "squashfs"
>>
>> -inherit ${VERITY_IMAGE_TYPE}-img
>> +inherit ${VERITY_IMAGE_TYPE}
>> +
>> +IMAGE_TYPEDEP_verity = "${VERITY_IMAGE_TYPE}"
>> +IMAGE_TYPEDEP_wic += "verity"
>> +IMAGER_INSTALL_verity += "cryptsetup"
>>
>> -VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.img"
>> -VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img"
>> +VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
>> +VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
>> VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
>> VERITY_HASH_BLOCK_SIZE ?= "1024"
>> VERITY_DATA_BLOCK_SIZE ?= "1024"
>> @@ -37,14 +40,28 @@ create_verity_env_file() {
>> done < $input
>> }
>>
>> -verity_setup() {
>> +python calculate_verity_data_blocks() {
>> + import os
>> +
>> + image_file = os.path.join(
>> + d.getVar("DEPLOY_DIR_IMAGE"),
>> + d.getVar("VERITY_INPUT_IMAGE")
>> + )
>> + data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
>> + size = os.stat(image_file).st_size
>> + assert size % data_block_size == 0, f"image is not well-sized!"
>> + d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
>> + d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
>> +}
>> +do_image_verity[cleandirs] = "${WORKDIR}/verity"
>> +do_image_verity[prefuncs] = "calculate_verity_data_blocks"
>> +IMAGE_CMD_verity() {
>> rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
>> rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
>>
>> cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE} ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
>>
>> - image_do_mounts
>> - sudo chroot "${BUILDCHROOT_DIR}" /sbin/veritysetup format \
>> + ${SUDO_CHROOT} /sbin/veritysetup format \
>> --hash-block-size "${VERITY_HASH_BLOCK_SIZE}" \
>> --data-block-size "${VERITY_DATA_BLOCK_SIZE}" \
>> --data-blocks "${VERITY_DATA_BLOCKS}" \
>> @@ -55,23 +72,5 @@ verity_setup() {
>>
>> echo "Hash offset: ${VERITY_INPUT_IMAGE_SIZE}" \
>> >>"${WORKDIR}/${VERITY_IMAGE_METADATA}"
>> + create_verity_env_file
>> }
>> -
>> -do_verity_image[cleandirs] = "${WORKDIR}/verity"
>> -python do_verity_image() {
>> - import os
>> -
>> - image_file = os.path.join(
>> - d.getVar("DEPLOY_DIR_IMAGE"),
>> - d.getVar("VERITY_INPUT_IMAGE")
>> - )
>> - data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
>> - size = os.stat(image_file).st_size
>> - assert size % data_block_size == 0, f"image is not well-sized!"
>> - d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
>> - d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
>> -
>> - bb.build.exec_func('verity_setup', d)
>> - bb.build.exec_func('create_verity_env_file', d)
>> -}
>> -addtask verity_image before do_image after do_${VERITY_IMAGE_TYPE}_image
>> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
>> index 3f2a794..2822cef 100644
>> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
>> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
>> @@ -23,7 +23,8 @@ local_conf_header:
>> IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
>>
>> secure-boot-image: |
>> - IMAGE_FSTYPES = "secure-wic-swu-img"
>> + IMAGE_CLASSES += "verity"
>> + IMAGE_FSTYPES = "wic"
>> WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
>> INITRAMFS_INSTALL_append = " initramfs-verity-hook"
>>
>> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
>> index 72429c6..c2bd15c 100644
>> --- a/kas/opt/swupdate.yml
>> +++ b/kas/opt/swupdate.yml
>> @@ -23,5 +23,7 @@ local_conf_header:
>> CIP_IMAGE_OPTIONS_append = " swupdate.inc"
>>
>> wic-swu: |
>> + IMAGE_CLASSES += "squashfs"
>> + IMAGE_TYPEDEP_wic += "squashfs"
>> IMAGE_FSTYPES = "wic"
>> WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
>> diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/files/sw-description.tmpl
>> index f5cafeb..1eb7758 100644
>> --- a/recipes-core/images/files/sw-description.tmpl
>> +++ b/recipes-core/images/files/sw-description.tmpl
>> @@ -16,7 +16,6 @@ software =
>> filename = "${ROOTFS_PARTITION_NAME}";
>> device = "C:BOOT0:linux.efi->fedcba98-7654-3210-cafe-5e0710000001,C:BOOT1:linux.efi->fedcba98-7654-3210-cafe-5e0710000002";
>> type = "roundrobin";
>> - compressed = "zlib";
>
> Why that? Looks at least unrelated.
>
This was a workaround during develop and should have been remove.
Will be revert to the origin in v2.
>> filesystem = "ext4";
>> properties: {
>> subtype = "image";
>> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
>> index 64887df..2ec767f 100644
>> --- a/recipes-core/images/swupdate.inc
>> +++ b/recipes-core/images/swupdate.inc
>> @@ -8,10 +8,12 @@
>> #
>> # SPDX-License-Identifier: MIT
>> #
>
> Please add a blank line here.
Done
>
>> +inherit swupdate
>> +inherit read-only-rootfs
>>
>> -FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
>> +ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4"
>>
>> -ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.img.p4.gz"
>> +FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
>>
>> SRC_URI += "file://sw-description.tmpl"
>> TEMPLATE_FILES += "sw-description.tmpl"
>> diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> index f0d2d68..60ee8da 100644
>> --- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> +++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
>> @@ -28,7 +28,7 @@ VERITY_IMAGE_RECIPE ?= "cip-core-image"
>>
>> VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
>>
>> -do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_verity_image"
>> +do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_image_verity"
>> do_install[cleandirs] += " \
>> ${D}/usr/share/initramfs-tools/hooks \
>> ${D}/usr/share/verity-env \
>> diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
>> index e097eac..0e298bc 100644
>> --- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
>> +++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
>> @@ -1,7 +1,7 @@
>> include ebg-signed-sysparts.inc
>>
>> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
>> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
>> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>>
>> # home and var are extra partitions
>> part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
>> diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
>> index b3bbed4..3b8dadd 100644
>> --- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
>> +++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
>> @@ -1,7 +1,7 @@
>> include ebg-signed-sysparts.inc
>>
>> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
>> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
>> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>>
>> # home and var are extra partitions
>> part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
>> diff --git a/wic/x86-efibootguard.wks.in b/wic/x86-efibootguard.wks.in
>> index f60ebcf..c71253d 100644
>> --- a/wic/x86-efibootguard.wks.in
>> +++ b/wic/x86-efibootguard.wks.in
>> @@ -3,8 +3,8 @@
>>
>> include ebg-sysparts.inc
>>
>> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
>> -part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
>> +part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
>>
>> # home and var are extra partitions
>> part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
>
> Jan
>
Quirin
^ permalink raw reply [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v2 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
` (4 preceding siblings ...)
2022-06-03 15:27 ` [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
@ 2022-06-07 10:08 ` Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 1/4] ISAR update Quirin Gylstorff
` (4 more replies)
5 siblings, 5 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-07 10:08 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].
This new feature remove the *.img from all wic images.
Also as new naming convention image recipes no longer end with `-img`.
The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.
To use squashfs include:
IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"
To create a verity based image to following line need to be added
to the local.conf or similar configuration:
IMAGE_CLASSES += "verity"
The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.
The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.
Please check/test the interface changes for swupdate and read-only root
file system.
I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
Quirin
[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
Changes in v2:
- update ISAR to commit 1000df8e98b9a5849a7897698039687fd0cdd7d3 to avoid
double gz compression for tar images. This also allows to drop the patch
"0001-Fix-permissions-when-splitting-rootfs-folders-across.patch"
- fix image option `kas/opt/wic-targz-img.yml` for ci build
- fix whitespace errors
- used compressed rootfs in sw-description
Quirin Gylstorff (4):
ISAR update
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names
...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 50 +++++++++----------
classes/wic-targz-img.bbclass | 15 ------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 6 +--
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 4 +-
kas/opt/targz-img.yml | 2 +-
kas/opt/wic-targz-img.yml | 2 +-
...when-splitting-rootfs-folders-across.patch | 35 -------------
recipes-core/images/swupdate.inc | 7 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
scripts/deploy-cip-core.sh | 8 +--
start-qemu.sh | 8 +--
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
27 files changed, 71 insertions(+), 148 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
delete mode 100644 classes/wic-targz-img.bbclass
delete mode 100644 patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
--
2.35.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v2 1/4] ISAR update
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
@ 2022-06-07 10:08 ` Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 2/4] start-qemu.sh: adapt to new image names Quirin Gylstorff
` (3 subsequent siblings)
4 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-07 10:08 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This update introduces the new IMAGE_CMD_*.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
classes/wic-targz-img.bbclass | 15 --------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 6 +---
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 2 +-
kas/opt/targz-img.yml | 2 +-
kas/opt/wic-targz-img.yml | 2 +-
...when-splitting-rootfs-folders-across.patch | 35 -------------------
14 files changed, 12 insertions(+), 66 deletions(-)
delete mode 100644 classes/wic-targz-img.bbclass
delete mode 100644 patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
diff --git a/classes/wic-targz-img.bbclass b/classes/wic-targz-img.bbclass
deleted file mode 100644
index 1327840..0000000
--- a/classes/wic-targz-img.bbclass
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2019
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit wic-img
-inherit targz-img
-
-addtask do_targz_image after do_wic_image
diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf
index 81e624e..b592f4d 100644
--- a/conf/machine/bbb.conf
+++ b/conf/machine/bbb.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "armhf"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
IMAGER_INSTALL += "u-boot-omap"
IMAGE_INSTALL += "u-boot-script"
diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index bc80ddd..0b3acf4 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -11,7 +11,7 @@
DISTRO_ARCH = "arm64"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
diff --git a/conf/machine/iwg20m.conf b/conf/machine/iwg20m.conf
index a26f7fe..d997a02 100644
--- a/conf/machine/iwg20m.conf
+++ b/conf/machine/iwg20m.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "armhf"
# see wic/iwg20m.wks
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
# sets serial login getty
MACHINE_SERIAL = "ttySC0"
diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index a60f818..da7e59c 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -8,6 +8,6 @@
DISTRO_ARCH = "amd64"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_qemu_defconfig"
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
index aca6d7d..1937c4c 100644
--- a/conf/machine/qemu-arm.conf
+++ b/conf/machine/qemu-arm.conf
@@ -9,6 +9,6 @@
DISTRO_ARCH = "armhf"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/qemu_arm_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index 4e12cdb..b5c1e1c 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "arm64"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
diff --git a/conf/machine/simatic-ipc227e.conf b/conf/machine/simatic-ipc227e.conf
index 50d1f8a..a624fcd 100644
--- a/conf/machine/simatic-ipc227e.conf
+++ b/conf/machine/simatic-ipc227e.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "amd64"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
IMAGER_INSTALL += "${GRUB_BOOTLOADER_INSTALL}"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/siemens_ipc227e_defconfig"
diff --git a/kas-cip.yml b/kas-cip.yml
index fce176b..e24aea8 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -22,13 +22,9 @@ repos:
isar:
url: https://github.com/ilbers/isar.git
- refspec: cf3f18a649ff42726677a58b224b9bb58ea4ba46
+ refspec: 1000df8e98b9a5849a7897698039687fd0cdd7d3
layers:
meta:
- patches:
- fix-pseudo:
- repo: cip-core
- path: patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
bblayers_conf_header:
standard: |
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index d85aed7..4282932 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -24,7 +24,7 @@ local_conf_header:
WIC_IMAGER_INSTALL_append = " efibootguard"
WDOG_TIMEOUT ?= "60"
WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
- IMAGE_FSTYPES ?= "wic-img"
+ IMAGE_FSTYPES ?= "wic"
WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
firmware-binaries: |
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 31cd0d1..72429c6 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -23,5 +23,5 @@ local_conf_header:
CIP_IMAGE_OPTIONS_append = " swupdate.inc"
wic-swu: |
- IMAGE_FSTYPES = "wic-swu-img"
+ IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
index d555a8a..afe2e07 100644
--- a/kas/opt/targz-img.yml
+++ b/kas/opt/targz-img.yml
@@ -14,4 +14,4 @@ header:
local_conf_header:
image-type: |
- IMAGE_FSTYPES = "targz-img"
+ IMAGE_FSTYPES = "tar.gz"
diff --git a/kas/opt/wic-targz-img.yml b/kas/opt/wic-targz-img.yml
index 2e83760..aaee76d 100644
--- a/kas/opt/wic-targz-img.yml
+++ b/kas/opt/wic-targz-img.yml
@@ -17,4 +17,4 @@ header:
local_conf_header:
image-type: |
- IMAGE_FSTYPES = "wic-targz-img"
+ IMAGE_FSTYPES = "wic tar.gz"
diff --git a/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch b/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
deleted file mode 100644
index 34704f0..0000000
--- a/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 34b37fccd5e454d29d6d4d002d48a9619782b1bb Mon Sep 17 00:00:00 2001
-From: Felix Moessbauer <felix.moessbauer@siemens.com>
-Date: Wed, 3 Nov 2021 13:53:00 +0100
-Subject: [PATCH] Fix permissions when splitting rootfs folders across
- partitions.
-
-This patches ensures that the file database containing the file and
-folder usernames and permissions is always located relative to the
-source and not to the appended rootfs-dir.
-
-Prior to this patch, the database was not found when using
--rootfs-dir in the WIC script, leading to erronous file
-permissions and ownership.
-
-Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
----
- scripts/lib/wic/plugins/source/rootfs.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py
-index 96d940a9..5ab771e5 100644
---- a/scripts/lib/wic/plugins/source/rootfs.py
-+++ b/scripts/lib/wic/plugins/source/rootfs.py
-@@ -95,7 +95,7 @@ class RootfsPlugin(SourcePlugin):
-
- part.rootfs_dir = cls.__get_rootfs_dir(rootfs_dir)
- part.has_fstab = os.path.exists(os.path.join(part.rootfs_dir, "etc/fstab"))
-- pseudo_dir = os.path.join(part.rootfs_dir, "../pseudo")
-+ pseudo_dir = os.path.join(krootfs_dir['ROOTFS_DIR'], "../pseudo")
- if not os.path.lexists(pseudo_dir):
- logger.warn("%s folder does not exist. "
- "Usernames and permissions will be invalid " % pseudo_dir)
---
-2.30.2
-
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v2 2/4] start-qemu.sh: adapt to new image names
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 1/4] ISAR update Quirin Gylstorff
@ 2022-06-07 10:08 ` Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
` (2 subsequent siblings)
4 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-07 10:08 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
start-qemu.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/start-qemu.sh b/start-qemu.sh
index 80c0cd7..f066209 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -134,13 +134,13 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
-global isa-fdc.driveA= \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
${QEMU_COMMON_OPTIONS} "$@"
else
ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
${QEMU_COMMON_OPTIONS} "$@"
fi
@@ -149,7 +149,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
u_boot_bin=${FIRMWARE_BIN:-./build/tmp/deploy/images/qemu-arm64/firmware.bin}
${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-bios ${u_boot_bin} \
${QEMU_COMMON_OPTIONS} "$@"
;;
@@ -159,7 +159,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
;;
esac
else
- IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)
+ IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4)
KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v2 3/4] Adapt swupdate and verity to use new IMAGE_CMD_*
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 1/4] ISAR update Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 2/4] start-qemu.sh: adapt to new image names Quirin Gylstorff
@ 2022-06-07 10:08 ` Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 4/4] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
4 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-07 10:08 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.
To use squashfs include:
IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"
The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.
The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.
To create a verity based image to following line need to be added
to the local.conf or similar configuration:
IMAGE_CLASSES += "verity"
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 50 +++++++++----------
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/swupdate.yml | 2 +
recipes-core/images/swupdate.inc | 7 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
12 files changed, 51 insertions(+), 74 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
diff --git a/classes/wic-swu-img.bbclass b/classes/read-only-rootfs.bbclass
similarity index 75%
rename from classes/wic-swu-img.bbclass
rename to classes/read-only-rootfs.bbclass
index 41b2164..6f91f66 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/read-only-rootfs.bbclass
@@ -9,16 +9,10 @@
# SPDX-License-Identifier: MIT
#
-SQUASHFS_EXCLUDE_DIRS += "home var"
-
-inherit squashfs-img
-inherit wic-img
-inherit swupdate-img
-
INITRAMFS_RECIPE ?= "cip-core-initramfs"
INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
-do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
+do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"
IMAGE_INSTALL += "home-fs"
IMAGE_INSTALL += "tmp-fs"
@@ -37,6 +31,3 @@ devtmpfs /dev devtmpfs mode=0755,nosuid 0 0
EOF
}
-addtask do_wic_image after do_squashfs_image
-
-addtask do_swupdate_image after do_wic_image
diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
deleted file mode 100644
index 5e8e48a..0000000
--- a/classes/secure-wic-swu-img.bbclass
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2021-2022
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit verity-img
-inherit wic-swu-img
-
-addtask do_wic_image after do_verity_image
diff --git a/classes/squashfs-img.bbclass b/classes/squashfs.bbclass
similarity index 66%
rename from classes/squashfs-img.bbclass
rename to classes/squashfs.bbclass
index c22d7d6..376ddfe 100644
--- a/classes/squashfs-img.bbclass
+++ b/classes/squashfs.bbclass
@@ -9,9 +9,7 @@
# SPDX-License-Identifier: MIT
#
-SQUASHFS_IMAGE_FILE = "${IMAGE_FULLNAME}.squashfs.img"
-
-IMAGER_INSTALL += "squashfs-tools"
+IMAGER_INSTALL_squashfs += "squashfs-tools"
SQUASHFS_EXCLUDE_DIRS ?= ""
SQUASHFS_CONTENT ?= "${PP_ROOTFS}"
@@ -29,14 +27,11 @@ python __anonymous() {
d.appendVar('SQUASHFS_CREATION_ARGS', args)
}
-do_squashfs_image[dirs] = "${DEPLOY_DIR_IMAGE}"
-do_squashfs_image() {
+IMAGE_CMD_squashfs[depends] = "${PN}:do_transform_template"
+IMAGE_CMD_squashfs() {
rm -f '${DEPLOY_DIR_IMAGE}/${SQUASHFS_IMAGE_FILE}'
- image_do_mounts
-
- sudo chroot "${BUILDCHROOT_DIR}" /bin/mksquashfs \
- "${SQUASHFS_CONTENT}" "${PP_DEPLOY}/${SQUASHFS_IMAGE_FILE}" \
+ ${SUDO_CHROOT} /bin/mksquashfs \
+ '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \
${SQUASHFS_CREATION_ARGS}
}
-addtask do_squashfs_image before do_image after do_image_tools do_excl_directories
diff --git a/classes/swupdate-img.bbclass b/classes/swupdate.bbclass
similarity index 92%
rename from classes/swupdate-img.bbclass
rename to classes/swupdate.bbclass
index 1437c07..c3fc303 100644
--- a/classes/swupdate-img.bbclass
+++ b/classes/swupdate.bbclass
@@ -18,9 +18,9 @@ SWU_SIGNATURE_TYPE ?= "rsa"
IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
-do_swupdate_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
-do_swupdate_image[cleandirs] += "${WORKDIR}/swu"
-do_swupdate_image() {
+do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
+do_swupdate_binary() {
rm -f '${SWU_IMAGE_FILE}'
cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
@@ -91,4 +91,4 @@ do_swupdate_image() {
cd -
}
-addtask swupdate_image before do_build after do_copy_boot_files do_install_imager_deps do_transform_template
+addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
diff --git a/classes/verity-img.bbclass b/classes/verity.bbclass
similarity index 78%
rename from classes/verity-img.bbclass
rename to classes/verity.bbclass
index b7d7f08..0f154fb 100644
--- a/classes/verity-img.bbclass
+++ b/classes/verity.bbclass
@@ -11,10 +11,14 @@
VERITY_IMAGE_TYPE ?= "squashfs"
-inherit ${VERITY_IMAGE_TYPE}-img
+inherit ${VERITY_IMAGE_TYPE}
-VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.img"
-VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img"
+IMAGE_TYPEDEP_verity = "${VERITY_IMAGE_TYPE}"
+IMAGE_TYPEDEP_wic += "verity"
+IMAGER_INSTALL_verity += "cryptsetup"
+
+VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
+VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
VERITY_HASH_BLOCK_SIZE ?= "1024"
VERITY_DATA_BLOCK_SIZE ?= "1024"
@@ -37,14 +41,28 @@ create_verity_env_file() {
done < $input
}
-verity_setup() {
+python calculate_verity_data_blocks() {
+ import os
+
+ image_file = os.path.join(
+ d.getVar("DEPLOY_DIR_IMAGE"),
+ d.getVar("VERITY_INPUT_IMAGE")
+ )
+ data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
+ size = os.stat(image_file).st_size
+ assert size % data_block_size == 0, f"image is not well-sized!"
+ d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
+ d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
+}
+do_image_verity[cleandirs] = "${WORKDIR}/verity"
+do_image_verity[prefuncs] = "calculate_verity_data_blocks"
+IMAGE_CMD_verity() {
rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE} ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
- image_do_mounts
- sudo chroot "${BUILDCHROOT_DIR}" /sbin/veritysetup format \
+ ${SUDO_CHROOT} /sbin/veritysetup format \
--hash-block-size "${VERITY_HASH_BLOCK_SIZE}" \
--data-block-size "${VERITY_DATA_BLOCK_SIZE}" \
--data-blocks "${VERITY_DATA_BLOCKS}" \
@@ -55,23 +73,5 @@ verity_setup() {
echo "Hash offset: ${VERITY_INPUT_IMAGE_SIZE}" \
>>"${WORKDIR}/${VERITY_IMAGE_METADATA}"
+ create_verity_env_file
}
-
-do_verity_image[cleandirs] = "${WORKDIR}/verity"
-python do_verity_image() {
- import os
-
- image_file = os.path.join(
- d.getVar("DEPLOY_DIR_IMAGE"),
- d.getVar("VERITY_INPUT_IMAGE")
- )
- data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
- size = os.stat(image_file).st_size
- assert size % data_block_size == 0, f"image is not well-sized!"
- d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
- d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
-
- bb.build.exec_func('verity_setup', d)
- bb.build.exec_func('create_verity_env_file', d)
-}
-addtask verity_image before do_image after do_${VERITY_IMAGE_TYPE}_image
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 3f2a794..2822cef 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -23,7 +23,8 @@ local_conf_header:
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
secure-boot-image: |
- IMAGE_FSTYPES = "secure-wic-swu-img"
+ IMAGE_CLASSES += "verity"
+ IMAGE_FSTYPES = "wic"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
INITRAMFS_INSTALL_append = " initramfs-verity-hook"
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 72429c6..c2bd15c 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -23,5 +23,7 @@ local_conf_header:
CIP_IMAGE_OPTIONS_append = " swupdate.inc"
wic-swu: |
+ IMAGE_CLASSES += "squashfs"
+ IMAGE_TYPEDEP_wic += "squashfs"
IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index 64887df..e0252df 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -9,9 +9,12 @@
# SPDX-License-Identifier: MIT
#
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+inherit swupdate
+inherit read-only-rootfs
+
+ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4.gz"
-ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.img.p4.gz"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += "file://sw-description.tmpl"
TEMPLATE_FILES += "sw-description.tmpl"
diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index f0d2d68..60ee8da 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -28,7 +28,7 @@ VERITY_IMAGE_RECIPE ?= "cip-core-image"
VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
-do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_verity_image"
+do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_image_verity"
do_install[cleandirs] += " \
${D}/usr/share/initramfs-tools/hooks \
${D}/usr/share/verity-env \
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index e097eac..0e298bc 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,7 +1,7 @@
include ebg-signed-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
index b3bbed4..3b8dadd 100644
--- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
@@ -1,7 +1,7 @@
include ebg-signed-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/x86-efibootguard.wks.in b/wic/x86-efibootguard.wks.in
index f60ebcf..c71253d 100644
--- a/wic/x86-efibootguard.wks.in
+++ b/wic/x86-efibootguard.wks.in
@@ -3,8 +3,8 @@
include ebg-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v2 4/4] scripts/deploy-cip-core: Adapt to new image names
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
` (2 preceding siblings ...)
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
@ 2022-06-07 10:08 ` Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
4 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-07 10:08 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The identifier img was delete from the image name.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
scripts/deploy-cip-core.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index cf8f45d..203ab1d 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -28,12 +28,12 @@ fi
BASE_PATH=build/tmp/deploy/images/$TARGET/$BASE_FILENAME
S3_TARGET=s3://download2.cip-project.org/cip-core/$REF/$TARGET/
-if [ -f $BASE_PATH.wic.img ] ; then
- echo "Compressing $BASE_FILENAME.wic.img..."
- xz -9 -k $BASE_PATH.wic.img
+if [ -f $BASE_PATH.wic ] ; then
+ echo "Compressing $BASE_FILENAME.wic..."
+ xz -9 -k $BASE_PATH.wic
echo "Uploading artifacts..."
- aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.img.xz ${S3_TARGET}
+ aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.xz ${S3_TARGET}
fi
if [ -f $BASE_PATH.tar.gz ]; then
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
` (3 preceding siblings ...)
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 4/4] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
@ 2022-06-10 11:32 ` Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 1/5] ISAR update Quirin Gylstorff
` (5 more replies)
4 siblings, 6 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-10 11:32 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].
This new feature remove the *.img from all wic images.
Also as new naming convention image recipes no longer end with `-img`.
The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.
To use squashfs include:
IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"
To create a verity based image to following line need to be added
to the local.conf or similar configuration:
IMAGE_CLASSES += "verity"
The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.
The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.
Please check/test the interface changes for swupdate and read-only root
file system.
I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
Quirin
[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
Changes in v2:
- update ISAR to commit 1000df8e98b9a5849a7897698039687fd0cdd7d3 to avoid
double gz compression for tar images. This also allows to drop the patch
"0001-Fix-permissions-when-splitting-rootfs-folders-across.patch"
- fix image option `kas/opt/wic-targz-img.yml` for ci build
- fix whitespace errors
- used compressed rootfs in sw-description
Changes in v3:
- adapt build of u-boot-qemu-arm64
- fix qemu-arm64 swupdate build, adapt wic/qemu-arm64-efibootguard.wks.in to new image names
Quirin Gylstorff (5):
ISAR update
u-boot-qemu-arm64: Adapt to 'Do not use shell environment'
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names
...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 50 +++++++++----------
classes/wic-targz-img.bbclass | 15 ------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 6 +--
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 4 +-
kas/opt/targz-img.yml | 2 +-
kas/opt/wic-targz-img.yml | 2 +-
...when-splitting-rootfs-folders-across.patch | 35 -------------
.../u-boot/files/{rules => rules.tmpl} | 2 +-
.../u-boot/u-boot-qemu-arm64_2022.04.bb | 6 +--
recipes-core/images/swupdate.inc | 7 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
scripts/deploy-cip-core.sh | 8 +--
start-qemu.sh | 8 +--
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
30 files changed, 75 insertions(+), 156 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
delete mode 100644 classes/wic-targz-img.bbclass
delete mode 100644 patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
rename recipes-bsp/u-boot/files/{rules => rules.tmpl} (96%)
--
2.35.1
^ permalink raw reply [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v3 1/5] ISAR update
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
@ 2022-06-10 11:32 ` Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 2/5] u-boot-qemu-arm64: Adapt to 'Do not use shell environment' Quirin Gylstorff
` (4 subsequent siblings)
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-10 11:32 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
This update introduces the new IMAGE_CMD_*.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
classes/wic-targz-img.bbclass | 15 --------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 6 +---
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 2 +-
kas/opt/targz-img.yml | 2 +-
kas/opt/wic-targz-img.yml | 2 +-
...when-splitting-rootfs-folders-across.patch | 35 -------------------
14 files changed, 12 insertions(+), 66 deletions(-)
delete mode 100644 classes/wic-targz-img.bbclass
delete mode 100644 patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
diff --git a/classes/wic-targz-img.bbclass b/classes/wic-targz-img.bbclass
deleted file mode 100644
index 1327840..0000000
--- a/classes/wic-targz-img.bbclass
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2019
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit wic-img
-inherit targz-img
-
-addtask do_targz_image after do_wic_image
diff --git a/conf/machine/bbb.conf b/conf/machine/bbb.conf
index 81e624e..b592f4d 100644
--- a/conf/machine/bbb.conf
+++ b/conf/machine/bbb.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "armhf"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
IMAGER_INSTALL += "u-boot-omap"
IMAGE_INSTALL += "u-boot-script"
diff --git a/conf/machine/hihope-rzg2m.conf b/conf/machine/hihope-rzg2m.conf
index bc80ddd..0b3acf4 100644
--- a/conf/machine/hihope-rzg2m.conf
+++ b/conf/machine/hihope-rzg2m.conf
@@ -11,7 +11,7 @@
DISTRO_ARCH = "arm64"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/renesas_defconfig"
USE_CIP_KERNEL_CONFIG = "1"
diff --git a/conf/machine/iwg20m.conf b/conf/machine/iwg20m.conf
index a26f7fe..d997a02 100644
--- a/conf/machine/iwg20m.conf
+++ b/conf/machine/iwg20m.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "armhf"
# see wic/iwg20m.wks
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
# sets serial login getty
MACHINE_SERIAL = "ttySC0"
diff --git a/conf/machine/qemu-amd64.conf b/conf/machine/qemu-amd64.conf
index a60f818..da7e59c 100644
--- a/conf/machine/qemu-amd64.conf
+++ b/conf/machine/qemu-amd64.conf
@@ -8,6 +8,6 @@
DISTRO_ARCH = "amd64"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/cip_qemu_defconfig"
diff --git a/conf/machine/qemu-arm.conf b/conf/machine/qemu-arm.conf
index aca6d7d..1937c4c 100644
--- a/conf/machine/qemu-arm.conf
+++ b/conf/machine/qemu-arm.conf
@@ -9,6 +9,6 @@
DISTRO_ARCH = "armhf"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm/qemu_arm_defconfig"
diff --git a/conf/machine/qemu-arm64.conf b/conf/machine/qemu-arm64.conf
index 4e12cdb..b5c1e1c 100644
--- a/conf/machine/qemu-arm64.conf
+++ b/conf/machine/qemu-arm64.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "arm64"
-IMAGE_FSTYPES ?= "ext4-img"
+IMAGE_FSTYPES ?= "ext4"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG ?= "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/arm64/qemu_arm64_defconfig"
diff --git a/conf/machine/simatic-ipc227e.conf b/conf/machine/simatic-ipc227e.conf
index 50d1f8a..a624fcd 100644
--- a/conf/machine/simatic-ipc227e.conf
+++ b/conf/machine/simatic-ipc227e.conf
@@ -8,7 +8,7 @@
DISTRO_ARCH = "amd64"
-IMAGE_FSTYPES ?= "wic-img"
+IMAGE_FSTYPES ?= "wic"
IMAGER_INSTALL += "${GRUB_BOOTLOADER_INSTALL}"
USE_CIP_KERNEL_CONFIG = "1"
KERNEL_DEFCONFIG = "cip-kernel-config/${KERNEL_DEFCONFIG_VERSION}/x86/siemens_ipc227e_defconfig"
diff --git a/kas-cip.yml b/kas-cip.yml
index 48de066..c3477ed 100644
--- a/kas-cip.yml
+++ b/kas-cip.yml
@@ -22,13 +22,9 @@ repos:
isar:
url: https://github.com/ilbers/isar.git
- refspec: cf3f18a649ff42726677a58b224b9bb58ea4ba46
+ refspec: 1000df8e98b9a5849a7897698039687fd0cdd7d3
layers:
meta:
- patches:
- fix-pseudo:
- repo: cip-core
- path: patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
bblayers_conf_header:
standard: |
diff --git a/kas/opt/efibootguard.yml b/kas/opt/efibootguard.yml
index d85aed7..4282932 100644
--- a/kas/opt/efibootguard.yml
+++ b/kas/opt/efibootguard.yml
@@ -24,7 +24,7 @@ local_conf_header:
WIC_IMAGER_INSTALL_append = " efibootguard"
WDOG_TIMEOUT ?= "60"
WICVARS += "WDOG_TIMEOUT KERNEL_IMAGE INITRD_IMAGE DTB_FILES"
- IMAGE_FSTYPES ?= "wic-img"
+ IMAGE_FSTYPES ?= "wic"
WKS_FILE ?= "${MACHINE}-efibootguard.wks.in"
firmware-binaries: |
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 31cd0d1..72429c6 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -23,5 +23,5 @@ local_conf_header:
CIP_IMAGE_OPTIONS_append = " swupdate.inc"
wic-swu: |
- IMAGE_FSTYPES = "wic-swu-img"
+ IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
diff --git a/kas/opt/targz-img.yml b/kas/opt/targz-img.yml
index d555a8a..afe2e07 100644
--- a/kas/opt/targz-img.yml
+++ b/kas/opt/targz-img.yml
@@ -14,4 +14,4 @@ header:
local_conf_header:
image-type: |
- IMAGE_FSTYPES = "targz-img"
+ IMAGE_FSTYPES = "tar.gz"
diff --git a/kas/opt/wic-targz-img.yml b/kas/opt/wic-targz-img.yml
index 2e83760..aaee76d 100644
--- a/kas/opt/wic-targz-img.yml
+++ b/kas/opt/wic-targz-img.yml
@@ -17,4 +17,4 @@ header:
local_conf_header:
image-type: |
- IMAGE_FSTYPES = "wic-targz-img"
+ IMAGE_FSTYPES = "wic tar.gz"
diff --git a/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch b/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
deleted file mode 100644
index 34704f0..0000000
--- a/patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 34b37fccd5e454d29d6d4d002d48a9619782b1bb Mon Sep 17 00:00:00 2001
-From: Felix Moessbauer <felix.moessbauer@siemens.com>
-Date: Wed, 3 Nov 2021 13:53:00 +0100
-Subject: [PATCH] Fix permissions when splitting rootfs folders across
- partitions.
-
-This patches ensures that the file database containing the file and
-folder usernames and permissions is always located relative to the
-source and not to the appended rootfs-dir.
-
-Prior to this patch, the database was not found when using
--rootfs-dir in the WIC script, leading to erronous file
-permissions and ownership.
-
-Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
----
- scripts/lib/wic/plugins/source/rootfs.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/lib/wic/plugins/source/rootfs.py b/scripts/lib/wic/plugins/source/rootfs.py
-index 96d940a9..5ab771e5 100644
---- a/scripts/lib/wic/plugins/source/rootfs.py
-+++ b/scripts/lib/wic/plugins/source/rootfs.py
-@@ -95,7 +95,7 @@ class RootfsPlugin(SourcePlugin):
-
- part.rootfs_dir = cls.__get_rootfs_dir(rootfs_dir)
- part.has_fstab = os.path.exists(os.path.join(part.rootfs_dir, "etc/fstab"))
-- pseudo_dir = os.path.join(part.rootfs_dir, "../pseudo")
-+ pseudo_dir = os.path.join(krootfs_dir['ROOTFS_DIR'], "../pseudo")
- if not os.path.lexists(pseudo_dir):
- logger.warn("%s folder does not exist. "
- "Usernames and permissions will be invalid " % pseudo_dir)
---
-2.30.2
-
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v3 2/5] u-boot-qemu-arm64: Adapt to 'Do not use shell environment'
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 1/5] ISAR update Quirin Gylstorff
@ 2022-06-10 11:32 ` Quirin Gylstorff
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 3/5] start-qemu.sh: adapt to new image names Quirin Gylstorff
` (3 subsequent siblings)
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-10 11:32 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The variables U_BOOT_CONFIG and U_BOOT_BIN are added by
template variables[1].
[1]: https://github.com/ilbers/isar/commit/48dd7969e3c977e7e39b235be71c1f06d912b336
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
recipes-bsp/u-boot/files/{rules => rules.tmpl} | 2 +-
recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb | 6 +-----
2 files changed, 2 insertions(+), 6 deletions(-)
rename recipes-bsp/u-boot/files/{rules => rules.tmpl} (96%)
diff --git a/recipes-bsp/u-boot/files/rules b/recipes-bsp/u-boot/files/rules.tmpl
similarity index 96%
rename from recipes-bsp/u-boot/files/rules
rename to recipes-bsp/u-boot/files/rules.tmpl
index 36e1e1b..c697cdb 100755
--- a/recipes-bsp/u-boot/files/rules
+++ b/recipes-bsp/u-boot/files/rules.tmpl
@@ -19,7 +19,7 @@ override_dh_auto_build:
tools/efivar.py set -i ubootefi.var -n KEK -d secure-boot.esl -t file; \
tools/efivar.py set -i ubootefi.var -n db -d secure-boot.esl -t file; \
fi
- $(MAKE) $(PARALLEL_MAKE) $(U_BOOT_CONFIG)
+ $(MAKE) $(PARALLEL_MAKE) ${U_BOOT_CONFIG}
$(MAKE) $(PARALLEL_MAKE) ${U_BOOT_BIN}
$(MAKE) -n u-boot-initial-env >/dev/null 2>&1; if [ $$? -ne 2 ]; then \
$(MAKE) $(PARALLEL_MAKE) u-boot-initial-env; \
diff --git a/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
index e462258..b026dd6 100644
--- a/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
+++ b/recipes-bsp/u-boot/u-boot-qemu-arm64_2022.04.bb
@@ -14,7 +14,7 @@ require recipes-bsp/u-boot/u-boot-custom.inc
SRC_URI += " \
https://ftp.denx.de/pub/u-boot/u-boot-${PV}.tar.bz2 \
file://0001-lib-date-Make-rtc_mktime-and-mktime64-Y2038-ready.patch \
- file://rules"
+ file://rules.tmpl;subdir=debian"
SRC_URI[sha256sum] = "68e065413926778e276ec3abd28bb32fa82abaa4a6898d570c1f48fbdb08bcd0"
SRC_URI_append_secureboot = " \
@@ -31,10 +31,6 @@ DEPENDS_append_secureboot = " secure-boot-secrets"
U_BOOT_CONFIG = "qemu_arm64_defconfig"
U_BOOT_BIN = "u-boot.bin"
-do_prepare_build_append() {
- cp ${WORKDIR}/rules ${S}/debian/rules
-}
-
do_prepare_build_append_secureboot() {
sed -ni '/### Secure boot config/q;p' ${S}/configs/${U_BOOT_CONFIG}
cat ${WORKDIR}/secure-boot.cfg >> ${S}/configs/${U_BOOT_CONFIG}
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v3 3/5] start-qemu.sh: adapt to new image names
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 1/5] ISAR update Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 2/5] u-boot-qemu-arm64: Adapt to 'Do not use shell environment' Quirin Gylstorff
@ 2022-06-10 11:33 ` Quirin Gylstorff
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 4/5] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
` (2 subsequent siblings)
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-10 11:33 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
start-qemu.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/start-qemu.sh b/start-qemu.sh
index 80c0cd7..f066209 100755
--- a/start-qemu.sh
+++ b/start-qemu.sh
@@ -134,13 +134,13 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
-global isa-fdc.driveA= \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
-drive if=pflash,format=raw,file=${ovmf_vars} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
${QEMU_COMMON_OPTIONS} "$@"
else
ovmf_code=${OVMF_CODE:-./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.fd}
${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-drive if=pflash,format=raw,unit=0,readonly=on,file=${ovmf_code} \
${QEMU_COMMON_OPTIONS} "$@"
fi
@@ -149,7 +149,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
u_boot_bin=${FIRMWARE_BIN:-./build/tmp/deploy/images/qemu-arm64/firmware.bin}
${QEMU_PATH}${QEMU} \
- -drive file=${IMAGE_PREFIX}.wic.img,discard=unmap,if=none,id=disk,format=raw \
+ -drive file=${IMAGE_PREFIX}.wic,discard=unmap,if=none,id=disk,format=raw \
-bios ${u_boot_bin} \
${QEMU_COMMON_OPTIONS} "$@"
;;
@@ -159,7 +159,7 @@ if [ -n "${SECURE_BOOT}${SWUPDATE_BOOT}" ]; then
;;
esac
else
- IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4.img)
+ IMAGE_FILE=$(ls ${IMAGE_PREFIX}.ext4)
KERNEL_FILE=$(ls ${IMAGE_PREFIX}-vmlinu* | tail -1)
INITRD_FILE=$(ls ${IMAGE_PREFIX}-initrd.img* | tail -1)
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v3 4/5] Adapt swupdate and verity to use new IMAGE_CMD_*
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
` (2 preceding siblings ...)
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 3/5] start-qemu.sh: adapt to new image names Quirin Gylstorff
@ 2022-06-10 11:33 ` Quirin Gylstorff
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 5/5] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
2022-06-13 11:02 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-10 11:33 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.
To use squashfs include:
IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"
The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.
The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.
To create a verity based image to following line need to be added
to the local.conf or similar configuration:
IMAGE_CLASSES += "verity"
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 50 +++++++++----------
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/swupdate.yml | 2 +
recipes-core/images/swupdate.inc | 7 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
13 files changed, 53 insertions(+), 76 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
diff --git a/classes/wic-swu-img.bbclass b/classes/read-only-rootfs.bbclass
similarity index 75%
rename from classes/wic-swu-img.bbclass
rename to classes/read-only-rootfs.bbclass
index 41b2164..6f91f66 100644
--- a/classes/wic-swu-img.bbclass
+++ b/classes/read-only-rootfs.bbclass
@@ -9,16 +9,10 @@
# SPDX-License-Identifier: MIT
#
-SQUASHFS_EXCLUDE_DIRS += "home var"
-
-inherit squashfs-img
-inherit wic-img
-inherit swupdate-img
-
INITRAMFS_RECIPE ?= "cip-core-initramfs"
INITRD_IMAGE = "${INITRAMFS_RECIPE}-${DISTRO}-${MACHINE}.initrd.img"
-do_wic_image[depends] += "${INITRAMFS_RECIPE}:do_build"
+do_image_wic[depends] += "${INITRAMFS_RECIPE}:do_build"
IMAGE_INSTALL += "home-fs"
IMAGE_INSTALL += "tmp-fs"
@@ -37,6 +31,3 @@ devtmpfs /dev devtmpfs mode=0755,nosuid 0 0
EOF
}
-addtask do_wic_image after do_squashfs_image
-
-addtask do_swupdate_image after do_wic_image
diff --git a/classes/secure-wic-swu-img.bbclass b/classes/secure-wic-swu-img.bbclass
deleted file mode 100644
index 5e8e48a..0000000
--- a/classes/secure-wic-swu-img.bbclass
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# CIP Core, generic profile
-#
-# Copyright (c) Siemens AG, 2021-2022
-#
-# Authors:
-# Quirin Gylstorff <quirin.gylstorff@siemens.com>
-#
-# SPDX-License-Identifier: MIT
-#
-
-inherit verity-img
-inherit wic-swu-img
-
-addtask do_wic_image after do_verity_image
diff --git a/classes/squashfs-img.bbclass b/classes/squashfs.bbclass
similarity index 66%
rename from classes/squashfs-img.bbclass
rename to classes/squashfs.bbclass
index c22d7d6..376ddfe 100644
--- a/classes/squashfs-img.bbclass
+++ b/classes/squashfs.bbclass
@@ -9,9 +9,7 @@
# SPDX-License-Identifier: MIT
#
-SQUASHFS_IMAGE_FILE = "${IMAGE_FULLNAME}.squashfs.img"
-
-IMAGER_INSTALL += "squashfs-tools"
+IMAGER_INSTALL_squashfs += "squashfs-tools"
SQUASHFS_EXCLUDE_DIRS ?= ""
SQUASHFS_CONTENT ?= "${PP_ROOTFS}"
@@ -29,14 +27,11 @@ python __anonymous() {
d.appendVar('SQUASHFS_CREATION_ARGS', args)
}
-do_squashfs_image[dirs] = "${DEPLOY_DIR_IMAGE}"
-do_squashfs_image() {
+IMAGE_CMD_squashfs[depends] = "${PN}:do_transform_template"
+IMAGE_CMD_squashfs() {
rm -f '${DEPLOY_DIR_IMAGE}/${SQUASHFS_IMAGE_FILE}'
- image_do_mounts
-
- sudo chroot "${BUILDCHROOT_DIR}" /bin/mksquashfs \
- "${SQUASHFS_CONTENT}" "${PP_DEPLOY}/${SQUASHFS_IMAGE_FILE}" \
+ ${SUDO_CHROOT} /bin/mksquashfs \
+ '${SQUASHFS_CONTENT}' '${IMAGE_FILE_CHROOT}' \
${SQUASHFS_CREATION_ARGS}
}
-addtask do_squashfs_image before do_image after do_image_tools do_excl_directories
diff --git a/classes/swupdate-img.bbclass b/classes/swupdate.bbclass
similarity index 92%
rename from classes/swupdate-img.bbclass
rename to classes/swupdate.bbclass
index 1437c07..c3fc303 100644
--- a/classes/swupdate-img.bbclass
+++ b/classes/swupdate.bbclass
@@ -18,9 +18,9 @@ SWU_SIGNATURE_TYPE ?= "rsa"
IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
-do_swupdate_image[stamp-extra-info] = "${DISTRO}-${MACHINE}"
-do_swupdate_image[cleandirs] += "${WORKDIR}/swu"
-do_swupdate_image() {
+do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
+do_swupdate_binary() {
rm -f '${SWU_IMAGE_FILE}'
cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
@@ -91,4 +91,4 @@ do_swupdate_image() {
cd -
}
-addtask swupdate_image before do_build after do_copy_boot_files do_install_imager_deps do_transform_template
+addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
diff --git a/classes/verity-img.bbclass b/classes/verity.bbclass
similarity index 78%
rename from classes/verity-img.bbclass
rename to classes/verity.bbclass
index b7d7f08..0f154fb 100644
--- a/classes/verity-img.bbclass
+++ b/classes/verity.bbclass
@@ -11,10 +11,14 @@
VERITY_IMAGE_TYPE ?= "squashfs"
-inherit ${VERITY_IMAGE_TYPE}-img
+inherit ${VERITY_IMAGE_TYPE}
-VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.img"
-VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img"
+IMAGE_TYPEDEP_verity = "${VERITY_IMAGE_TYPE}"
+IMAGE_TYPEDEP_wic += "verity"
+IMAGER_INSTALL_verity += "cryptsetup"
+
+VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
+VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
VERITY_HASH_BLOCK_SIZE ?= "1024"
VERITY_DATA_BLOCK_SIZE ?= "1024"
@@ -37,14 +41,28 @@ create_verity_env_file() {
done < $input
}
-verity_setup() {
+python calculate_verity_data_blocks() {
+ import os
+
+ image_file = os.path.join(
+ d.getVar("DEPLOY_DIR_IMAGE"),
+ d.getVar("VERITY_INPUT_IMAGE")
+ )
+ data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
+ size = os.stat(image_file).st_size
+ assert size % data_block_size == 0, f"image is not well-sized!"
+ d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
+ d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
+}
+do_image_verity[cleandirs] = "${WORKDIR}/verity"
+do_image_verity[prefuncs] = "calculate_verity_data_blocks"
+IMAGE_CMD_verity() {
rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE} ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
- image_do_mounts
- sudo chroot "${BUILDCHROOT_DIR}" /sbin/veritysetup format \
+ ${SUDO_CHROOT} /sbin/veritysetup format \
--hash-block-size "${VERITY_HASH_BLOCK_SIZE}" \
--data-block-size "${VERITY_DATA_BLOCK_SIZE}" \
--data-blocks "${VERITY_DATA_BLOCKS}" \
@@ -55,23 +73,5 @@ verity_setup() {
echo "Hash offset: ${VERITY_INPUT_IMAGE_SIZE}" \
>>"${WORKDIR}/${VERITY_IMAGE_METADATA}"
+ create_verity_env_file
}
-
-do_verity_image[cleandirs] = "${WORKDIR}/verity"
-python do_verity_image() {
- import os
-
- image_file = os.path.join(
- d.getVar("DEPLOY_DIR_IMAGE"),
- d.getVar("VERITY_INPUT_IMAGE")
- )
- data_block_size = int(d.getVar("VERITY_DATA_BLOCK_SIZE"))
- size = os.stat(image_file).st_size
- assert size % data_block_size == 0, f"image is not well-sized!"
- d.setVar("VERITY_INPUT_IMAGE_SIZE", str(size))
- d.setVar("VERITY_DATA_BLOCKS", str(size // data_block_size))
-
- bb.build.exec_func('verity_setup', d)
- bb.build.exec_func('create_verity_env_file', d)
-}
-addtask verity_image before do_image after do_${VERITY_IMAGE_TYPE}_image
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 3f2a794..2822cef 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -23,7 +23,8 @@ local_conf_header:
IMAGE_INSTALL_append = " swupdate-handler-roundrobin"
secure-boot-image: |
- IMAGE_FSTYPES = "secure-wic-swu-img"
+ IMAGE_CLASSES += "verity"
+ IMAGE_FSTYPES = "wic"
WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
INITRAMFS_INSTALL_append = " initramfs-verity-hook"
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 72429c6..c2bd15c 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -23,5 +23,7 @@ local_conf_header:
CIP_IMAGE_OPTIONS_append = " swupdate.inc"
wic-swu: |
+ IMAGE_CLASSES += "squashfs"
+ IMAGE_TYPEDEP_wic += "squashfs"
IMAGE_FSTYPES = "wic"
WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index 64887df..e0252df 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -9,9 +9,12 @@
# SPDX-License-Identifier: MIT
#
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+inherit swupdate
+inherit read-only-rootfs
+
+ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4.gz"
-ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.img.p4.gz"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
SRC_URI += "file://sw-description.tmpl"
TEMPLATE_FILES += "sw-description.tmpl"
diff --git a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
index f0d2d68..60ee8da 100644
--- a/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
+++ b/recipes-initramfs/initramfs-verity-hook/initramfs-verity-hook_0.1.bb
@@ -28,7 +28,7 @@ VERITY_IMAGE_RECIPE ?= "cip-core-image"
VERITY_ENV_FILE = "${DEPLOY_DIR_IMAGE}/${VERITY_IMAGE_RECIPE}-${DISTRO}-${MACHINE}.verity.env"
-do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_verity_image"
+do_install[depends] += "${VERITY_IMAGE_RECIPE}:do_image_verity"
do_install[cleandirs] += " \
${D}/usr/share/initramfs-tools/hooks \
${D}/usr/share/verity-env \
diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks.in b/wic/qemu-amd64-efibootguard-secureboot.wks.in
index e097eac..0e298bc 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks.in
@@ -1,7 +1,7 @@
include ebg-signed-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/qemu-arm64-efibootguard-secureboot.wks.in b/wic/qemu-arm64-efibootguard-secureboot.wks.in
index b3bbed4..3b8dadd 100644
--- a/wic/qemu-arm64-efibootguard-secureboot.wks.in
+++ b/wic/qemu-arm64-efibootguard-secureboot.wks.in
@@ -1,7 +1,7 @@
include ebg-signed-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}.verity.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.verity" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/qemu-arm64-efibootguard.wks.in b/wic/qemu-arm64-efibootguard.wks.in
index a153205..9ff03e1 100644
--- a/wic/qemu-arm64-efibootguard.wks.in
+++ b/wic/qemu-arm64-efibootguard.wks.in
@@ -3,8 +3,8 @@
include ebg-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
diff --git a/wic/x86-efibootguard.wks.in b/wic/x86-efibootguard.wks.in
index f60ebcf..c71253d 100644
--- a/wic/x86-efibootguard.wks.in
+++ b/wic/x86-efibootguard.wks.in
@@ -3,8 +3,8 @@
include ebg-sysparts.inc
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
-part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs.img" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000001"
+part --source rawcopy --sourceparams "file=${IMAGE_FULLNAME}.squashfs" --align 1024 --fixed-size 1G --uuid "fedcba98-7654-3210-cafe-5e0710000002"
# home and var are extra partitions
part /home --source rootfs --rootfs-dir=${IMAGE_ROOTFS}/home --fstype=ext4 --label home --align 1024 --size 1G
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [cip-dev][isar-cip-core][RFC v3 5/5] scripts/deploy-cip-core: Adapt to new image names
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
` (3 preceding siblings ...)
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 4/5] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
@ 2022-06-10 11:33 ` Quirin Gylstorff
2022-06-13 11:02 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
5 siblings, 0 replies; 23+ messages in thread
From: Quirin Gylstorff @ 2022-06-10 11:33 UTC (permalink / raw)
To: cip-dev, jan.kiszka, adriaan.schmidt
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
The identifier img was delete from the image name.
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
scripts/deploy-cip-core.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/deploy-cip-core.sh b/scripts/deploy-cip-core.sh
index cf8f45d..203ab1d 100755
--- a/scripts/deploy-cip-core.sh
+++ b/scripts/deploy-cip-core.sh
@@ -28,12 +28,12 @@ fi
BASE_PATH=build/tmp/deploy/images/$TARGET/$BASE_FILENAME
S3_TARGET=s3://download2.cip-project.org/cip-core/$REF/$TARGET/
-if [ -f $BASE_PATH.wic.img ] ; then
- echo "Compressing $BASE_FILENAME.wic.img..."
- xz -9 -k $BASE_PATH.wic.img
+if [ -f $BASE_PATH.wic ] ; then
+ echo "Compressing $BASE_FILENAME.wic..."
+ xz -9 -k $BASE_PATH.wic
echo "Uploading artifacts..."
- aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.img.xz ${S3_TARGET}
+ aws s3 cp --no-progress --acl public-read $BASE_PATH.wic.xz ${S3_TARGET}
fi
if [ -f $BASE_PATH.tar.gz ]; then
--
2.35.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_*
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
` (4 preceding siblings ...)
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 5/5] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
@ 2022-06-13 11:02 ` Jan Kiszka
5 siblings, 0 replies; 23+ messages in thread
From: Jan Kiszka @ 2022-06-13 11:02 UTC (permalink / raw)
To: Quirin Gylstorff, cip-dev, adriaan.schmidt
On 10.06.22 13:32, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>
> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
> ISAR commit [1]. See also ISAR API changelog[2].
>
> This new feature remove the *.img from all wic images.
>
> Also as new naming convention image recipes no longer end with `-img`.
>
> The image types wic-swu-img and secure-wic-swu-img were removed.
> Rename `squashfs-img` to squashfs according new naming scheme.
>
> To use squashfs include:
>
> IMAGE_CLASSES += "squashfs"
> IMAGE_TYPEDEP_wic += "squashfs"
>
>
> To create a verity based image to following line need to be added
> to the local.conf or similar configuration:
>
> IMAGE_CLASSES += "verity"
>
> The modifications for a read-only root file system are now part
> of a bbclass which can be include directly into the image
> recipe.
>
> The modifications to generate a SWUpdate update package are
> also no longer part of the image build process and in a seperate
> bbclass. This class needs to be included in the image recipe.
>
> Please check/test the interface changes for swupdate and read-only root
> file system.
>
> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.
>
> Quirin
>
> [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
> [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types
>
> Changes in v2:
> - update ISAR to commit 1000df8e98b9a5849a7897698039687fd0cdd7d3 to avoid
> double gz compression for tar images. This also allows to drop the patch
> "0001-Fix-permissions-when-splitting-rootfs-folders-across.patch"
> - fix image option `kas/opt/wic-targz-img.yml` for ci build
> - fix whitespace errors
> - used compressed rootfs in sw-description
>
> Changes in v3:
> - adapt build of u-boot-qemu-arm64
> - fix qemu-arm64 swupdate build, adapt wic/qemu-arm64-efibootguard.wks.in to new image names
>
> Quirin Gylstorff (5):
> ISAR update
> u-boot-qemu-arm64: Adapt to 'Do not use shell environment'
> start-qemu.sh: adapt to new image names
> Adapt swupdate and verity to use new IMAGE_CMD_*
> scripts/deploy-cip-core: Adapt to new image names
>
> ...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
> classes/secure-wic-swu-img.bbclass | 15 ------
> ...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
> ...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
> .../{verity-img.bbclass => verity.bbclass} | 50 +++++++++----------
> classes/wic-targz-img.bbclass | 15 ------
> conf/machine/bbb.conf | 2 +-
> conf/machine/hihope-rzg2m.conf | 2 +-
> conf/machine/iwg20m.conf | 2 +-
> conf/machine/qemu-amd64.conf | 2 +-
> conf/machine/qemu-arm.conf | 2 +-
> conf/machine/qemu-arm64.conf | 2 +-
> conf/machine/simatic-ipc227e.conf | 2 +-
> kas-cip.yml | 6 +--
> kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
> kas/opt/efibootguard.yml | 2 +-
> kas/opt/swupdate.yml | 4 +-
> kas/opt/targz-img.yml | 2 +-
> kas/opt/wic-targz-img.yml | 2 +-
> ...when-splitting-rootfs-folders-across.patch | 35 -------------
> .../u-boot/files/{rules => rules.tmpl} | 2 +-
> .../u-boot/u-boot-qemu-arm64_2022.04.bb | 6 +--
> recipes-core/images/swupdate.inc | 7 ++-
> .../initramfs-verity-hook_0.1.bb | 2 +-
> scripts/deploy-cip-core.sh | 8 +--
> start-qemu.sh | 8 +--
> wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
> wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
> wic/qemu-arm64-efibootguard.wks.in | 4 +-
> wic/x86-efibootguard.wks.in | 4 +-
> 30 files changed, 75 insertions(+), 156 deletions(-)
> rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
> delete mode 100644 classes/secure-wic-swu-img.bbclass
> rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
> rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
> rename classes/{verity-img.bbclass => verity.bbclass} (78%)
> delete mode 100644 classes/wic-targz-img.bbclass
> delete mode 100644 patches/isar/0001-Fix-permissions-when-splitting-rootfs-folders-across.patch
> rename recipes-bsp/u-boot/files/{rules => rules.tmpl} (96%)
>
Thanks, applied.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2022-06-13 11:03 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-03 11:56 [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 1/4] ISAR update Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 2/4] start-qemu.sh: adapt to new image names Quirin Gylstorff
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
2022-06-07 7:32 ` Jan Kiszka
2022-06-07 8:39 ` Gylstorff Quirin
2022-06-03 11:56 ` [cip-dev][isar-cip-core][RFC 4/4] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
2022-06-03 15:27 ` [cip-dev][isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
2022-06-03 15:29 ` Jan Kiszka
2022-06-03 15:33 ` Gylstorff Quirin
2022-06-07 7:23 ` Jan Kiszka
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 " Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 1/4] ISAR update Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 2/4] start-qemu.sh: adapt to new image names Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 3/4] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
2022-06-07 10:08 ` [cip-dev][isar-cip-core][RFC v2 4/4] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 1/5] ISAR update Quirin Gylstorff
2022-06-10 11:32 ` [cip-dev][isar-cip-core][RFC v3 2/5] u-boot-qemu-arm64: Adapt to 'Do not use shell environment' Quirin Gylstorff
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 3/5] start-qemu.sh: adapt to new image names Quirin Gylstorff
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 4/5] Adapt swupdate and verity to use new IMAGE_CMD_* Quirin Gylstorff
2022-06-10 11:33 ` [cip-dev][isar-cip-core][RFC v3 5/5] scripts/deploy-cip-core: Adapt to new image names Quirin Gylstorff
2022-06-13 11:02 ` [cip-dev][isar-cip-core][RFC v3 0/5] Adapt isar-cip-core to ISAR IMAGE_CMD_* Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.