[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] reproducible OpenWrt: strip certificates from images

Holger Levsen gitlab at salsa.debian.org
Thu Mar 7 14:20:26 GMT 2019 

Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
74fc1f1d by Alexander Couzens at 2019-03-07T14:19:11Z
reproducible OpenWrt: strip certificates from images

OpenWrt is signing some images depending on board
and appending this signatures to the images it signed it
using fwtool.

Signed-off-by: Alexander Couzens <lynxis at fe80.eu>
Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- bin/reproducible_openwrt.sh


Changes:

=====================================
bin/reproducible_openwrt.sh
=====================================
@@ -268,6 +268,8 @@ openwrt_compile() {
 	echo "$(date -u) - Building OpenWrt ${OPENWRT_VERSION} ($TARGET) - $RUN build run."
 	echo "============================================================================="
 	ionice -c 3 $MAKE $OPTIONS
+
+	openwrt_strip_metadata_signature "$PWD"
 }
 
 openwrt_create_signing_keys() {
@@ -351,6 +353,18 @@ openwrt_get_banner() {
 	echo "===bannerend==="
 }
 
+# OpenWrt is signing some images and appending the signature as meta data
+openwrt_strip_metadata_signature() {
+	local openwrttop=$1
+
+	cd "$openwrttop"
+	find bin/targets/ -type f | \
+		grep -E -v '(\.ipk|sha256sums|config.seed|kernel-debug.tar.bz2|manifest|Packages.gz|Packages|Packages.sig)$' | \
+		while read -r line ; do
+			fwtool -s /dev/null -t "$line" || true
+	done
+}
+
 # openwrt_build is run on a remote host
 # RUN - b1 or b2. b1 means first run, b2 second
 # TARGET - a target including subtarget. E.g. ar71xx_generic



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/commit/74fc1f1de0e79fcb643cb8c4f428e5a37138b24e

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/commit/74fc1f1de0e79fcb643cb8c4f428e5a37138b24e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20190307/f8384b61/attachment-0001.html>

More information about the Qa-jenkins-scm mailing list