image: strip metadata from images when used in other artifacts

Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle 2022-04-15 13:25:41 +01:00
parent 8084ec8061
commit 7a256d97d9
No known key found for this signature in database
GPG Key ID: 5A8F39C31C3217CA

View File

@ -37,7 +37,11 @@ define Build/package-kernel-ubifs
endef
define Build/append-image
dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
fwtool -s /dev/null -t "$@.stripmeta" || :
fwtool -i /dev/null -t "$@.stripmeta" || :
dd if="$@.stripmeta" >> "$@"
rm "$@.stripmeta"
endef
ifdef IB
@ -46,8 +50,12 @@ define Build/append-image-stage
endef
else
define Build/append-image-stage
dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)
dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
fwtool -s /dev/null -t "$@.stripmeta" || :
fwtool -i /dev/null -t "$@.stripmeta" || :
dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
dd if="$@.stripmeta" >> "$@"
rm "$@.stripmeta"
endef
endif