BugLink:
https://bugs.launchpad.net/bugs/1847969Add a fit_signed option and a script so we can build FIT images that
will be eventually signed.
Signed-off-by: Alfonso Sánchez-Beato <
[hidden email]>
Signed-off-by: Shrirang Bagul <
[hidden email]>
---
debian/rules | 2 +-
debian/rules.d/1-maintainer.mk | 1 +
debian/rules.d/2-binary-arch.mk | 14 ++++++++++++
debian/scripts/build-fit | 40 +++++++++++++++++++++++++++++++++
4 files changed, 56 insertions(+), 1 deletion(-)
create mode 100755 debian/scripts/build-fit
diff --git a/debian/rules b/debian/rules
index de9cdda0dff9..679a5cd2ca70 100755
--- a/debian/rules
+++ b/debian/rules
@@ -46,7 +46,7 @@ ifneq ($(DEB_HOST_ARCH),$(DEB_BUILD_ARCH))
endif
# Are any of the kernel signing options enabled.
-any_signed=$(sort $(filter-out false,$(uefi_signed) $(opal_signed)))
+any_signed=$(sort $(filter-out false,$(uefi_signed) $(fit_signed) $(opal_signed)))
ifeq ($(any_signed),true)
bin_pkg_name=$(bin_pkg_name_unsigned)
else
diff --git a/debian/rules.d/1-maintainer.mk b/debian/rules.d/1-maintainer.mk
index 8144be29523e..82683290cabb 100644
--- a/debian/rules.d/1-maintainer.mk
+++ b/debian/rules.d/1-maintainer.mk
@@ -91,6 +91,7 @@ printenv:
@echo "any_signed = $(any_signed)"
@echo " uefi_signed = $(uefi_signed)"
@echo " opal_signed = $(opal_signed)"
+ @echo " fit_signed = $(fit_signed)"
@echo "full_build = $(full_build)"
@echo "libc_dev_version = $(libc_dev_version)"
@echo "DEB_HOST_GNU_TYPE = $(DEB_HOST_GNU_TYPE)"
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 503ed2694055..0b91b83d88d2 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -447,6 +447,20 @@ endif
install -m644 $(abidir)/$*.compiler \
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
+ifeq ($(fit_signed),true)
+ install -d $(signingv)
+ cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
+ $(signingv)/$(instfile)-$(abi_release)-$*;
+# Build FIT image now that the modules folder exists
+ $(SHELL) $(DROOT)/scripts/build-fit \
+ $(CURDIR)/$(DEBIAN)/$(fit_its) \
+ "$(foreach f, $(fit_dtb_files), $(builddir)/build-$*/$(f))" \
+ $(abi_release)-$(target_flavour) \
+ $(CURDIR)/$(DROOT)/linux-modules-$(abi_release)-$* \
+ $(signingv)
+ cp -p $(signingv)/fit-$(abi_release)-$*.fit $(pkgdir_bin)/boot/
+endif
+
headers_tmp := $(CURDIR)/debian/tmp-headers
headers_dir := $(CURDIR)/debian/linux-libc-dev
diff --git a/debian/scripts/build-fit b/debian/scripts/build-fit
new file mode 100755
index 000000000000..09292611e39d
--- /dev/null
+++ b/debian/scripts/build-fit
@@ -0,0 +1,40 @@
+#!/bin/sh -e
+# Creates a FIT image
+# $1: ITS file (FIT components description)
+# $2: list of space-separated dtb files
+# $3: kernel version
+# $4: kernel modules directory
+# $5: destination directory
+
+. debian/debian.env
+
+echo "Creating FIT image"
+fit_its="$1"
+dtb_files="$2"
+KERNEL_VERSION="$3"
+KERNEL_MODULES_D="$4"
+dest_d="$5"
+
+set -x
+fit_d=$dest_d
+mkdir -p "$fit_d"
+# Export variables to be used by hooks
+export KERNEL_VERSION
+export KERNEL_MODULES_D
+initrd_f=initrd.img
+mkinitramfs -o "$initrd_f"
+mv "$initrd_f" "$fit_d"
+
+mkdir -p "$fit_d"/dtbs/
+for dtb in $dtb_files; do
+ cp -f "$dtb" "$fit_d"/dtbs/
+done
+
+cp -f "$dest_d"/vmlinuz-* "$fit_d"/zImage
+cp -f "$fit_its" "$fit_d"
+
+cd "$fit_d"
+mkimage -D "-I dts -O dtb -p 2000" -f "${fit_its##*/}" fit-"$KERNEL_VERSION".fit
+cd -
+
+rm -rf "$fit_d"/"$initrd_f" "$fit_d"/dtbs/ "$fit_d"/zImage "$fit_d"/"${fit_its##*/}"
--
2.17.1
--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team