From 00d22c3d7ee47b6fecd71b549c840974063d4103 Mon Sep 17 00:00:00 2001 From: David Escalona Date: Tue, 14 Mar 2017 09:28:38 +0100 Subject: [PATCH] swu-sign: do not expand private sign key in TrustFence class - Trying to set the complete SWU packages signature key in the TrustFence class was causing a build error when keys were not yet generated. To avoid this, set only the key wildcard in the TrustFence class and expand the variable in the SWU packages recipes, when keys already exist. https://jira.digi.com/browse/DEL-3913 Signed-off-by: David Escalona --- meta-digi-dey/classes/trustfence.bbclass | 5 ++--- .../recipes-digi/swu-images/core-image-base-swu.bb | 7 +++++++ meta-digi-dey/recipes-digi/swu-images/dey-image-qt-swu.bb | 7 +++++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/meta-digi-dey/classes/trustfence.bbclass b/meta-digi-dey/classes/trustfence.bbclass index 3ee0affed..d86f3dcfc 100644 --- a/meta-digi-dey/classes/trustfence.bbclass +++ b/meta-digi-dey/classes/trustfence.bbclass @@ -35,7 +35,6 @@ python () { import binascii import hashlib import os - import glob # Secure console configuration if (d.getVar("TRUSTFENCE_CONSOLE_DISABLE", True) == "1"): @@ -80,8 +79,8 @@ python () { key_index = int(d.getVar("TRUSTFENCE_KEY_INDEX", True)) key_index_1 = key_index + 1 - # Set the private key. - d.setVar("SWUPDATE_PRIVATE_KEY", glob.glob(keys_path + "/keys/IMG" + str(key_index_1) + "*key.pem")[0]) + # Set the private key template, it will be expanded later in 'swu' recipes once keys are generated. + d.setVar("SWUPDATE_PRIVATE_KEY_TEMPLATE", keys_path + "/keys/IMG" + str(key_index_1) + "*key.pem") # Set the key password. d.setVar("SWUPDATE_PASSWORD_FILE", keys_path + "/keys/key_pass.txt") diff --git a/meta-digi-dey/recipes-digi/swu-images/core-image-base-swu.bb b/meta-digi-dey/recipes-digi/swu-images/core-image-base-swu.bb index 5dd78ecbb..bd81b2b07 100644 --- a/meta-digi-dey/recipes-digi/swu-images/core-image-base-swu.bb +++ b/meta-digi-dey/recipes-digi/swu-images/core-image-base-swu.bb @@ -38,6 +38,13 @@ python () { d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", "core-image-base", img_fstypes) } +python do_swuimage_prepend() { + import glob + + if (d.getVar('TRUSTFENCE_SIGN', True) == "1"): + d.setVar('SWUPDATE_PRIVATE_KEY', glob.glob(d.getVar('SWUPDATE_PRIVATE_KEY_TEMPLATE', True))[0]) +} + do_unpack[postfuncs] += "fill_description" fill_description() { diff --git a/meta-digi-dey/recipes-digi/swu-images/dey-image-qt-swu.bb b/meta-digi-dey/recipes-digi/swu-images/dey-image-qt-swu.bb index 727b84d38..e79e9cebb 100644 --- a/meta-digi-dey/recipes-digi/swu-images/dey-image-qt-swu.bb +++ b/meta-digi-dey/recipes-digi/swu-images/dey-image-qt-swu.bb @@ -38,6 +38,13 @@ python () { d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", "dey-image-qt-" + d.getVar('GRAPHICAL_BACKEND', True), img_fstypes) } +python do_swuimage_prepend() { + import glob + + if (d.getVar('TRUSTFENCE_SIGN', True) == "1"): + d.setVar('SWUPDATE_PRIVATE_KEY', glob.glob(d.getVar('SWUPDATE_PRIVATE_KEY_TEMPLATE', True))[0]) +} + do_unpack[postfuncs] += "fill_description" fill_description() {