[openwrt/openwrt] image: strip metadata from images when used in other artifacts

LEDE Commits lede-commits at lists.infradead.org
Fri Apr 15 06:13:30 PDT 2022 

dangole pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/144760d20600a86fbf1974b94f2fcb0830df608e

commit 144760d20600a86fbf1974b94f2fcb0830df608e
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Fri Apr 15 13:25:41 2022 +0100

    image: strip metadata from images when used in other artifacts
    
    Image metadata and signature is of no use for images which are included
    inside other artifacts (like an SD-card image). Strip them off before
    using images in artifacts or stashing them for the ImageBuilder as the
    contained signature breaks reproducibility.
    
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
    (cherry picked from commit 7a256d97d9ded84d1bfd531e775099774e7b6b06)
---
 include/image-commands.mk | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/include/image-commands.mk b/include/image-commands.mk
index 2d2d53cd65..376553b8d2 100644
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -37,7 +37,11 @@ define Build/package-kernel-ubifs
 endef
 
 define Build/append-image
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 
 ifdef IB
@@ -46,8 +50,12 @@ define Build/append-image-stage
 endef
 else
 define Build/append-image-stage
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 endif

More information about the lede-commits mailing list