diff mbox series

[isar-cip-core] verity: Prepare generation of metadata file for Isar update

Message ID 4747221e-c969-463e-bee0-6a3304e7a144@siemens.com (mailing list archive)
State Accepted
Headers show
Series [isar-cip-core] verity: Prepare generation of metadata file for Isar update | expand

Commit Message

Jan Kiszka Oct. 12, 2023, 6:54 p.m. UTC 
From: Jan Kiszka <jan.kiszka@siemens.com>

This will be corrupted once SUDO_CHROOT is switched by isar to use
image_run which will also out some schroot boot-up messages.

Rather than deleting the metadata initially, we truncate any existing
file to 0 so that file permissions are set outside of the schroot
already. That is needed to modify the file after the schroot as well.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

I've squeezed that before "update ISAR to latest version on master 
branch" to avoid the regression the latter patch would have caused (or 
caused so far in next) otherwise.

 classes/verity.bbclass | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Felix Moessbauer Oct. 13, 2023, 3:10 a.m. UTC | #1 
On Thu, 2023-10-12 at 20:54 +0200, Jan Kiszka wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> This will be corrupted once SUDO_CHROOT is switched by isar to use
> image_run which will also out some schroot boot-up messages.
> 
> Rather than deleting the metadata initially, we truncate any existing
> file to 0 so that file permissions are set outside of the schroot
> already. That is needed to modify the file after the schroot as well.

I'm not sure if the schroot setup messages can be disabled, but it is
probably anyways better to not have any wrappers in between the
generator and the output file.

Acked-by: Felix Moessbauer <felix.moessbauer@siemens.com>

> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
> I've squeezed that before "update ISAR to latest version on master 
> branch" to avoid the regression the latter patch would have caused
> (or 
> caused so far in next) otherwise.
> 
>  classes/verity.bbclass | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/classes/verity.bbclass b/classes/verity.bbclass
> index bacf5926..9030c844 100644
> --- a/classes/verity.bbclass
> +++ b/classes/verity.bbclass
> @@ -85,11 +85,11 @@ do_image_verity[cleandirs] = "${WORKDIR}/verity"
>  do_image_verity[prefuncs] = "calculate_verity_data_blocks
> derive_verity_salt_and_uuid"
>  IMAGE_CMD:verity() {
>      rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
> -    rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
> +    echo -n >${WORKDIR}/${VERITY_IMAGE_METADATA}
>  
>      cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE}
> ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
>  
> -    ${SUDO_CHROOT} /sbin/veritysetup format \
> +    ${SUDO_CHROOT} sh -c '/sbin/veritysetup format \
>          --hash-block-size "${VERITY_HASH_BLOCK_SIZE}"  \
>          --data-block-size "${VERITY_DATA_BLOCK_SIZE}"  \
>          --data-blocks "${VERITY_DATA_BLOCKS}" \
> @@ -98,7 +98,7 @@ IMAGE_CMD:verity() {
>          "${VERITY_IMAGE_UUID_OPTION}" \
>          "${PP_DEPLOY}/${VERITY_OUTPUT_IMAGE}" \
>          "${PP_DEPLOY}/${VERITY_OUTPUT_IMAGE}" \
> -        >"${WORKDIR}/${VERITY_IMAGE_METADATA}"
> +        >>"${PP_WORK}/${VERITY_IMAGE_METADATA}"'
>  
>      echo "Hash offset:         ${VERITY_INPUT_IMAGE_SIZE}" \
>          >>"${WORKDIR}/${VERITY_IMAGE_METADATA}"
diff mbox series

Patch

diff --git a/classes/verity.bbclass b/classes/verity.bbclass
index bacf5926..9030c844 100644
--- a/classes/verity.bbclass
+++ b/classes/verity.bbclass
@@ -85,11 +85,11 @@  do_image_verity[cleandirs] = "${WORKDIR}/verity"
 do_image_verity[prefuncs] = "calculate_verity_data_blocks derive_verity_salt_and_uuid"
 IMAGE_CMD:verity() {
     rm -f ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
-    rm -f ${WORKDIR}/${VERITY_IMAGE_METADATA}
+    echo -n >${WORKDIR}/${VERITY_IMAGE_METADATA}
 
     cp -a ${DEPLOY_DIR_IMAGE}/${VERITY_INPUT_IMAGE} ${DEPLOY_DIR_IMAGE}/${VERITY_OUTPUT_IMAGE}
 
-    ${SUDO_CHROOT} /sbin/veritysetup format \
+    ${SUDO_CHROOT} sh -c '/sbin/veritysetup format \
         --hash-block-size "${VERITY_HASH_BLOCK_SIZE}"  \
         --data-block-size "${VERITY_DATA_BLOCK_SIZE}"  \
         --data-blocks "${VERITY_DATA_BLOCKS}" \
@@ -98,7 +98,7 @@  IMAGE_CMD:verity() {
         "${VERITY_IMAGE_UUID_OPTION}" \
         "${PP_DEPLOY}/${VERITY_OUTPUT_IMAGE}" \
         "${PP_DEPLOY}/${VERITY_OUTPUT_IMAGE}" \
-        >"${WORKDIR}/${VERITY_IMAGE_METADATA}"
+        >>"${PP_WORK}/${VERITY_IMAGE_METADATA}"'
 
     echo "Hash offset:    	${VERITY_INPUT_IMAGE_SIZE}" \
         >>"${WORKDIR}/${VERITY_IMAGE_METADATA}"