* Yocto staged builds?
@ 2018-12-13 20:11 Edmund Nadolski
2018-12-18 20:48 ` Burton, Ross
0 siblings, 1 reply; 6+ messages in thread
From: Edmund Nadolski @ 2018-12-13 20:11 UTC (permalink / raw)
To: yocto
[-- Attachment #1: Type: text/plain, Size: 415 bytes --]
Hello list,
Can anyone pls. help me understand what Yocto/bitbake supports (or could support) in terms of staged builds? IOW, something like this sequence that performs nested signing of binaries:
* Create and sign binary files (ie kernel, modules, dtb, ...).
* Create fs images from above and sign those.
* Create FIT images and sign.
Any/all thoughts greatly appreciated.
Ed
[-- Attachment #2: Type: text/html, Size: 5327 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Yocto staged builds?
2018-12-13 20:11 Yocto staged builds? Edmund Nadolski
@ 2018-12-18 20:48 ` Burton, Ross
2018-12-21 1:19 ` Edmund Nadolski
0 siblings, 1 reply; 6+ messages in thread
From: Burton, Ross @ 2018-12-18 20:48 UTC (permalink / raw)
To: Edmund.Nadolski; +Cc: Yocto-mailing-list
On Tue, 18 Dec 2018 at 16:07, Edmund Nadolski
<Edmund.Nadolski@microsoft.com> wrote:
> Create and sign binary files (ie kernel, modules, dtb, …).
Kernel modules can be signed. No idea about DTB. Also packages can be signed.
> Create fs images from above and sign those.
Depends how you want to sign the image, most likely not hard to implement.
> Create FIT images and sign.
Pass.
Yocto is generally flexible enough that any signing that isn't
currently doesn't wouldn't be too difficult to add.
Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Yocto staged builds?
2018-12-18 20:48 ` Burton, Ross
@ 2018-12-21 1:19 ` Edmund Nadolski
2019-01-04 12:12 ` Burton, Ross
0 siblings, 1 reply; 6+ messages in thread
From: Edmund Nadolski @ 2018-12-21 1:19 UTC (permalink / raw)
To: Burton, Ross; +Cc: Yocto-mailing-list
> -----Original Message-----
> From: Burton, Ross <ross.burton@intel.com>
> Sent: Tuesday, December 18, 2018 12:48 PM
> To: Edmund Nadolski <Edmund.Nadolski@microsoft.com>
> Cc: Yocto-mailing-list <yocto@yoctoproject.org>
> Subject: Re: [yocto] Yocto staged builds?
>
> On Tue, 18 Dec 2018 at 16:07, Edmund Nadolski
> <Edmund.Nadolski@microsoft.com> wrote:
> > Create and sign binary files (ie kernel, modules, dtb, …).
>
> Kernel modules can be signed. No idea about DTB. Also packages can be
> signed.
>
> > Create fs images from above and sign those.
>
> Depends how you want to sign the image, most likely not hard to implement.
>
> > Create FIT images and sign.
>
> Pass.
>
> Yocto is generally flexible enough that any signing that isn't currently doesn't
> wouldn't be too difficult to add.
>
> Ross
Thanks Ross. So sounds like it should be a matter of appending an addtask at the
relevant part of each recipe -- is it that straightforward or have I overlooked
anything important?
Ed
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Yocto staged builds?
2018-12-21 1:19 ` Edmund Nadolski
@ 2019-01-04 12:12 ` Burton, Ross
2019-01-08 22:10 ` Edmund Nadolski
0 siblings, 1 reply; 6+ messages in thread
From: Burton, Ross @ 2019-01-04 12:12 UTC (permalink / raw)
To: Edmund Nadolski; +Cc: Yocto-mailing-list
On Fri, 21 Dec 2018 at 01:19, Edmund Nadolski
<Edmund.Nadolski@microsoft.com> wrote:
> > Yocto is generally flexible enough that any signing that isn't currently doesn't
> > wouldn't be too difficult to add.
>
> Thanks Ross. So sounds like it should be a matter of appending an addtask at the
> relevant part of each recipe -- is it that straightforward or have I overlooked
> anything important?
Using a class you can add tasks for all recipes. If you explain what
you're actually trying to do then we can give better advice.
Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Yocto staged builds?
2019-01-04 12:12 ` Burton, Ross
@ 2019-01-08 22:10 ` Edmund Nadolski
2019-01-09 13:31 ` Burton, Ross
0 siblings, 1 reply; 6+ messages in thread
From: Edmund Nadolski @ 2019-01-08 22:10 UTC (permalink / raw)
To: Burton, Ross; +Cc: Yocto-mailing-list
> -----Original Message-----
> From: Burton, Ross <ross.burton@intel.com>
> Sent: Friday, January 4, 2019 4:12 AM
> To: Edmund Nadolski <Edmund.Nadolski@microsoft.com>
> Cc: Yocto-mailing-list <yocto@yoctoproject.org>
> Subject: Re: [yocto] Yocto staged builds?
>
> On Fri, 21 Dec 2018 at 01:19, Edmund Nadolski
> <Edmund.Nadolski@microsoft.com> wrote:
> > > Yocto is generally flexible enough that any signing that isn't
> > > currently doesn't wouldn't be too difficult to add.
> >
> > Thanks Ross. So sounds like it should be a matter of appending an
> > addtask at the relevant part of each recipe -- is it that
> > straightforward or have I overlooked anything important?
>
> Using a class you can add tasks for all recipes. If you explain what you're
> actually trying to do then we can give better advice.
I'm thinking of a full build separated into say 3 sequential steps, A, B, and C, with each step being some series of bitbake tasks. The idea is run all the tasks in step A and then regain control so I can run some additional tools/transforms on artifacts (eg signing) produced in that step. Then, resume bitbake from step B, and after that completes then again regain control and run some additional transforms. Finally resume bitbake from step C and let that run to completion as well.
I wasn't sure whether the bitbake has that sort of "pause and resume" capability, tho perhaps the addtask in the right places is one way to effect a similar result?
(Apologies, this is probably a lame/awkward description on my part)
Thanks again,
Ed
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Yocto staged builds?
2019-01-08 22:10 ` Edmund Nadolski
@ 2019-01-09 13:31 ` Burton, Ross
0 siblings, 0 replies; 6+ messages in thread
From: Burton, Ross @ 2019-01-09 13:31 UTC (permalink / raw)
To: Edmund Nadolski; +Cc: Yocto-mailing-list
On Tue, 8 Jan 2019 at 22:10, Edmund Nadolski
<Edmund.Nadolski@microsoft.com> wrote:
> I'm thinking of a full build separated into say 3 sequential steps, A, B, and C, with each step being some series of bitbake tasks. The idea is run all the tasks in step A and then regain control so I can run some additional tools/transforms on artifacts (eg signing) produced in that step. Then, resume bitbake from step B, and after that completes then again regain control and run some additional transforms. Finally resume bitbake from step C and let that run to completion as well.
>
> I wasn't sure whether the bitbake has that sort of "pause and resume" capability, tho perhaps the addtask in the right places is one way to effect a similar result?
>
> (Apologies, this is probably a lame/awkward description on my part)
Don't do that. Bitbake will have no knowledge of your intermediate
out-of-band changes. Just write tasks that call the signing tools as
part of the build.
Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-01-09 13:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-13 20:11 Yocto staged builds? Edmund Nadolski
2018-12-18 20:48 ` Burton, Ross
2018-12-21 1:19 ` Edmund Nadolski
2019-01-04 12:12 ` Burton, Ross
2019-01-08 22:10 ` Edmund Nadolski
2019-01-09 13:31 ` Burton, Ross
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.