[isar-cip-core,v2,2/3] swupdate.bbclass: make signed swupdate file reproducible

Commit Message

Venkata Pyla Oct. 26, 2023, 8:29 a.m. UTC

From: venkata pyla <venkata.pyla@toshiba-tsip.com>

The swupdate file when signed with "cms" method it is not reproducible
because "cms" method add signing time as attributes in the signature data.

These attributes are not used in the verification process and so
disabling them with "-noattr" option.

Fixes: #80

Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
---
 classes/swupdate.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 55dad32..3cf17a2 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -130,7 +130,7 @@  IMAGE_CMD:swu() {
                         -out "$file"."${SWU_SIGNATURE_EXT}" \
                         -signer "/usr/share/swupdate-signing/swupdate-sign.crt" \
                         -inkey "/usr/share/swupdate-signing/swupdate-sign.key" \
-                        -outform DER -nosmimecap -binary
+                        -outform DER -noattr -binary
                 fi
                 # Set file timestamps for reproducible builds
                 if [ -n "${SOURCE_DATE_EPOCH}" ]; then