Am Wed, 13 Jan 2021 11:46:03 +0100
schrieb Jan Kiszka [off-list ref]:

On 11.01.21 16:48, Henning Schild wrote:

quoted

From: Claudius Heine <redacted>
  

Can you also provide a reasoning here?

This is taken from a layer where we use a postupdate-script as part of
an swu. The whole swu is not signed, still we want basic integrity
checking based on checksums.

My guess is that whenever you have SWU_ADDITIONAL_FILES and do not
sign, you might get a problem because of missing checksums.

But i would wait for Claudius to provide the reasoning. I guess it
should become part of the commit message in a v2.

Henning

quoted

Signed-off-by: Claudius Heine <redacted>
Signed-off-by: Henning Schild <redacted>
---
 classes/swupdate-img.bbclass | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/classes/swupdate-img.bbclass

b/classes/swupdate-img.bbclass index a21d6ec..a7a70f6 100644

--- a/classes/swupdate-img.bbclass
+++ b/classes/swupdate-img.bbclass

@@ -39,14 +39,14 @@ do_swupdate_image() {
         image_do_mounts
         cp -f '${SIGN_KEY}' '${WORKDIR}/dev.key'
         test -e '${SIGN_CRT}' && cp -f '${SIGN_CRT}'

'${WORKDIR}/dev.crt' -
-        # Fill in file check sums
-        for file in ${SWU_ADDITIONAL_FILES}; do
-            sed -i "s:$file-sha256:$(sha256sum
'${WORKDIR}/swu/'$file | cut -f 1 -d ' '):g" \
-                '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
-        done
     fi
 
+    # Fill in file check sums
+    for file in ${SWU_ADDITIONAL_FILES}; do
+        sed -i "s:$file-sha256:$(sha256sum '${WORKDIR}/swu/'$file
| cut -f 1 -d ' '):g" \
+            '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
+    done
+
     cd "${WORKDIR}/swu"
     for file in '${SWU_DESCRIPTION_FILE}' ${SWU_ADDITIONAL_FILES};
do echo "$file"
  

Jan