@@ -1,7 +1,7 @@
From 20bb45563fe8f3ec95ef22d715d1add014156543 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Wed, 29 Sep 2021 15:28:21 +0200
-Subject: [PATCH 1/8] debian/config: Make image encryption optional
+Subject: [PATCH 1/9] debian/config: Make image encryption optional
This can be use to ease the setup with SWUpdate.
@@ -1,7 +1,7 @@
From 1d52fe25e72f9e33525bca7efa5efe901cb32c65 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Wed, 29 Sep 2021 11:29:57 +0200
-Subject: [PATCH 2/8] debian/rules: Add CONFIG_MTD
+Subject: [PATCH 2/9] debian/rules: Add CONFIG_MTD
if pkg.swupdate.bpo is set CONFIG_MTD is disable but not enabled.
@@ -1,7 +1,7 @@
From 8b6f01b6126933723963497d0db0c256e5251c5b Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Mon, 4 Oct 2021 17:15:56 +0200
-Subject: [PATCH 3/8] debian/rules: Add option to disable fs creation
+Subject: [PATCH 3/9] debian/rules: Add option to disable fs creation
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
@@ -1,7 +1,7 @@
From c1f46ecb2ac3aed3a711dec767321afa92b600d8 Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Mon, 4 Oct 2021 17:27:11 +0200
-Subject: [PATCH 4/8] debian/rules: Add option to disable webserver
+Subject: [PATCH 4/9] debian/rules: Add option to disable webserver
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
@@ -1,7 +1,7 @@
From ccc6f5d04aba0f1270f7d6b6de298b2084ad3bfd Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Tue, 5 Oct 2021 10:56:25 +0200
-Subject: [PATCH 5/8] debian: Make CONFIG_HW_COMPATIBILTY optional
+Subject: [PATCH 5/9] debian: Make CONFIG_HW_COMPATIBILTY optional
Add option for qemu.
@@ -1,7 +1,7 @@
From 7107052e6aa1a35a2900070797ac013d49814f0b Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Wed, 29 Sep 2021 11:32:41 +0200
-Subject: [PATCH 6/8] debian/rules: Add Embedded Lua handler option
+Subject: [PATCH 6/9] debian/rules: Add Embedded Lua handler option
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
similarity index 89%
rename from recipes-core/swupdate/files/0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
rename to recipes-core/swupdate/files/0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch
@@ -1,7 +1,7 @@
-From 93b9a179119394395c72e62e59a73d29e9bba735 Mon Sep 17 00:00:00 2001
+From 625db939a1dec7d1aa6fbcb01c2c4cbd699bfe7b Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Mon, 7 Feb 2022 09:28:39 +0100
-Subject: [PATCH 8/8] debian: Remove SWUpdate USB service and Udev rules
+Subject: [PATCH 7/9] debian: Remove SWUpdate USB service and Udev rules
The current implementation will install an abitrary SWUpdate binary
from a plug-in USB stick. This is a major security risk for devices
@@ -19,10 +19,10 @@ Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
delete mode 100644 debian/swupdate.udev
diff --git a/debian/rules b/debian/rules
-index e1c4a921..84ed55d4 100755
+index 12eb0ba5..76fce010 100755
--- a/debian/rules
+++ b/debian/rules
-@@ -103,7 +103,6 @@ override_dh_auto_install:
+@@ -101,7 +101,6 @@ override_dh_auto_install:
override_dh_installsystemd:
dh_installsystemd --no-start
dh_installsystemd --name=swupdate-progress
new file mode 100644
@@ -0,0 +1,29 @@
+From cddd3472aad2d8e48d557705b82ffcc0c7d14a02 Mon Sep 17 00:00:00 2001
+From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
+Date: Mon, 14 Feb 2022 12:27:43 +0100
+Subject: [PATCH 8/9] Add Profile option to disable CONFIG_HASH_VERIFY
+
+This change also enables CONFIG_HASH_VERIFY by default.
+
+Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
+---
+ debian/rules | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/debian/rules b/debian/rules
+index 76fce010..4dc9e170 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -42,6 +42,9 @@ endif
+ ifneq (,$(filter pkg.swupdate.hwcompatibility,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_HW_COMPATIBILITY=y >> configs/debian_defconfig
+ endif
++ifeq (,$(filter pkg.swupdate.nohashverify,$(DEB_BUILD_PROFILES)))
++ echo CONFIG_HASH_VERIFY=y >> configs/debian_defconfig
++endif
+ ifeq (,$(filter pkg.swupdate.nowebserver,$(DEB_BUILD_PROFILES)))
+ echo CONFIG_WEBSERVER=y >> configs/debian_defconfig
+ echo CONFIG_MONGOOSESSL=y >> configs/debian_defconfig
+--
+2.34.1
+
similarity index 94%
rename from recipes-core/swupdate/files/0007-debian-prepare-build-for-isar-debian-buster.patch
rename to recipes-core/swupdate/files/0009-debian-prepare-build-for-isar-debian-buster.patch
@@ -1,7 +1,7 @@
-From 123190b2aa72818186ba12a04d793ff7d4244828 Mon Sep 17 00:00:00 2001
+From 5dda7f815dafdfbd1b187ccc912eca38e9aee7bb Mon Sep 17 00:00:00 2001
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
Date: Wed, 29 Sep 2021 16:17:03 +0200
-Subject: [PATCH 7/8] debian: prepare build for isar debian buster
+Subject: [PATCH 9/9] debian: prepare build for isar debian buster
Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
@@ -47,7 +47,7 @@ index 192c4a2a..9318fa12 100644
libebgenv-dev <pkg.swupdate.efibootguard> | efibootguard-dev <pkg.swupdate.efibootguard>,
libcmocka-dev,
diff --git a/debian/rules b/debian/rules
-index 12eb0ba5..e1c4a921 100755
+index 4dc9e170..370ca3d8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -19,13 +19,15 @@ endif
@@ -22,7 +22,8 @@ SRC_URI += "file://0001-debian-config-Make-image-encryption-optional.patch \
file://0004-debian-rules-Add-option-to-disable-webserver.patch \
file://0005-debian-Make-CONFIG_HW_COMPATIBILTY-optional.patch \
file://0006-debian-rules-Add-Embedded-Lua-handler-option.patch \
- file://0008-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch"
+ file://0007-debian-Remove-SWUpdate-USB-service-and-Udev-rules.patch \
+ file://0008-Add-Profile-option-to-disable-CONFIG_HASH_VERIFY.patch"
# end patching for dm-verity based images
@@ -38,7 +39,7 @@ SWUPDATE_BUILD_PROFILES += "cross nocheck"
# SWUPDATE_BUILD_PROFILES += "pkg.swupdate.embeddedlua"
# modify for debian buster build
-SRC_URI_append_buster = " file://0007-debian-prepare-build-for-isar-debian-buster.patch"
+SRC_URI_append_buster = " file://0009-debian-prepare-build-for-isar-debian-buster.patch"
# disable documentation due to missing packages
SWUPDATE_BUILD_PROFILES_append = " nodoc "