[isar-cip-core][PATCH v4 0/8] Rework image classes

[isar-cip-core][PATCH v4 0/8] Rework image classes

[Felix Moessbauer]

Changes since v3:

- add patch to make sw-description spec compliant
- replace hand-crafted swu compression logic with imagetypes
  (+ support for zstd) 
- prefix variables in swupdate class to avoid collisions
- avoid double-inherit in swupdate.inc
- explicitly add sw-description path to FILESEXTRAPATHS as
  FILESOVERRIDES do not apply here (see comment for details)

Changes since v2:

- remove unnecessary dependency to template task (it is a dep anyways)

Changes since v1:

- separation of concerns: do not append to :wic typedep in :swu [1]

This series reworks the image classes so that they are fully based on
the existing imagetypes infrastructure. Issues with swupdate on non
default partition layouts are solved by directly using the underlying
image / rootfs variant instead of a fixed wic partition. To support
further customizations, an interface is provided to select the type of
the rootfs image (e.g. squashfs). The verity class then uses this interface
to configure the swu.

[1] As we now use the image (e.g. squashfs / verity) directly to create
the swu file, we also explicity need that image type (compressed).
For wic, we now explicitly have to state the imagetype again, as we copy
that into one of the partitions (but this is not an aspect of the swu type).
In addition, we cannot simply always add that type to IMAGE_TYPEDEP:wic, as
otherwise always a squashfs is built when the swupdate.bbclass is included.
One key aspect of the imagetypes is that they are non-intrusive. By that,
the classes can always be added and only become into effect when selecting
the corresponding type.

Best regards,
Felix Moessbauer
Siemens AG

Felix Moessbauer (8):
  register image classes via layer.conf
  refactor: use imagetypes for swu generation
  swu: directly image from squashfs rootfs
  swupdate: only check partition uuids on swupdate
  make sw-description spec compliant
  swu: replace custom image compression
  prefix swu related variables with SWU
  refactor verity image creation

 classes/swupdate.bbclass                      | 72 +++++++++++--------
 classes/verity.bbclass                        |  7 +-
 conf/layer.conf                               |  2 +
 kas/opt/ebg-secure-boot-snakeoil.yml          |  2 +-
 kas/opt/swupdate.yml                          |  4 +-
 .../images/{files => swu}/sw-description.tmpl |  7 +-
 recipes-core/images/swupdate.inc              | 21 ------
 7 files changed, 51 insertions(+), 64 deletions(-)
 rename recipes-core/images/{files => swu}/sw-description.tmpl (84%)

-- 
2.34.1

[isar-cip-core][PATCH v4 1/8] register image classes via layer.conf

[Felix Moessbauer]

This patch registers the provided image classes via the bblayer.conf
file. By that, no manual additions of these classes via kas is required
and erronous implementations are detected early (e.g. mandatory inputs
without defaults).

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 conf/layer.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/conf/layer.conf b/conf/layer.conf
index 0c5fd39..2c888b2 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
 
 LAYERDIR_cip-core = "${LAYERDIR}"
 LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
+
+IMAGE_CLASSES += "squashfs verity swupdate"
-- 
2.34.1

[isar-cip-core][PATCH v4 2/8] refactor: use imagetypes for swu generation

[Felix Moessbauer]

This patch reworks the implementation of the swupdate type.
All generic aspects are moved from the swupdate.inc file into the
swupdate class and made conditional on the swu type.
The sw-description file is now referenced using the image-type
infrastructure, which avoids manual additions to FILESEXTRAPATHS and
accidental overwrites of SRC_URI. The templating logic is moved into the
generic one provided by imagetypes.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass                      | 26 ++++++++++++-------
 kas/opt/swupdate.yml                          |  5 +---
 .../images/{files => swu}/sw-description.tmpl |  0
 recipes-core/images/swupdate.inc              | 15 -----------
 4 files changed, 18 insertions(+), 28 deletions(-)
 rename recipes-core/images/{files => swu}/sw-description.tmpl (100%)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 5eb4936..966f7c0 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -8,23 +8,33 @@
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
 #
 # SPDX-License-Identifier: MIT
+ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
 
 SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
 SWU_DESCRIPTION_FILE ?= "sw-description"
-SWU_ADDITIONAL_FILES ?= ""
+SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
 SWU_SIGNED ?= ""
 SWU_SIGNATURE_EXT ?= "sig"
 SWU_SIGNATURE_TYPE ?= "rsa"
 
 BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
 
-IMAGER_INSTALL += "cpio"
-IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
+IMAGE_TYPEDEP:wic += "squashfs"
+IMAGE_TYPEDEP:swu = "wic"
+IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
 
-do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
-do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
-do_swupdate_binary[network] = "${TASK_USE_SUDO}"
-do_swupdate_binary() {
+IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
+IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
+IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
+
+# This imagetype is neither machine nor distro specific. Hence, we cannot
+# use paths in FILESOVERRIDES. Manual modifications of this variable are
+# discouradged and hard to implement. Instead, we register this path explicitly
+FILESEXTRAPATHS:prepend = "${LAYERDIR_cip-core}/recipes-core/images/swu:"
+
+do_image_swu[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_image_swu[cleandirs] += "${WORKDIR}/swu"
+IMAGE_CMD:swu() {
     rm -f '${SWU_IMAGE_FILE}'
     cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
 
@@ -91,5 +101,3 @@ do_swupdate_binary() {
            fi
         done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
 }
-
-addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index ae5e3a1..80cd86e 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -19,11 +19,8 @@ local_conf_header:
     CIP_IMAGE_OPTIONS:append = " swupdate.inc"
 
   wic-swu: |
-    IMAGE_CLASSES += "squashfs"
-    IMAGE_TYPEDEP:wic += "squashfs"
-    IMAGE_FSTYPES = "wic"
+    IMAGE_FSTYPES += "swu"
     WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
     INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
-    WIC_DEPLOY_PARTITIONS = "1"
     ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
     ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl
similarity index 100%
rename from recipes-core/images/files/sw-description.tmpl
rename to recipes-core/images/swu/sw-description.tmpl
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index ee893dd..f4f5c42 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -10,26 +10,11 @@
 #
 
 inherit image_uuid
-inherit swupdate
 inherit read-only-rootfs
 
 IMAGE_INSTALL += " swupdate"
 IMAGE_INSTALL += " swupdate-handler-roundrobin"
 
-ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4.gz"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-SRC_URI += "file://sw-description.tmpl"
-TEMPLATE_FILES += "sw-description.tmpl"
-
-do_transform_template[vardeps] += "TARGET_IMAGE_UUID"
-addtask do_transform_template before do_swupdate_binary after do_generate_image_uuid
-
-TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
-
-SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"
-
 python() {
     for u in ['A', 'B']:
         if not d.getVar('ABROOTFS_PART_UUID_' + u):
-- 
2.34.1

[isar-cip-core][PATCH v4 3/8] swu: directly image from squashfs rootfs

[Felix Moessbauer]

This patch reworks the generation of the swu file. Instead of using the
rootfs partition created by wic, we directly use the squashfs rootfs as
default. By that, we do not have to deploy the WIC partitions and also
always select the correct rootfs independent of the partition number.
This is especially relevant for embedded boards, where the first
partitions contain the u-boot-spl and firmware.

For use-cases with other fs formats (like verity), we support to
overwrite the SWU_ROOTFS_NAME and SWU_ROOTFS_TYPE.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass             | 8 +++++---
 kas/opt/ebg-secure-boot-snakeoil.yml | 1 +
 kas/opt/swupdate.yml                 | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 966f7c0..50a15e1 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -6,9 +6,12 @@
 # Authors:
 #  Christian Storm <christian.storm@siemens.com>
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#  Felix Moessbauer <felix.moessbauer@siemens.com>
 #
 # SPDX-License-Identifier: MIT
-ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
+SWU_ROOTFS_TYPE ?= "squashfs"
+SWU_ROOTFS_NAME ?= "${IMAGE_FULLNAME}"
+ROOTFS_PARTITION_NAME ?= "${SWU_ROOTFS_NAME}.${SWU_ROOTFS_TYPE}.gz"
 
 SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
 SWU_DESCRIPTION_FILE ?= "sw-description"
@@ -19,8 +22,7 @@ SWU_SIGNATURE_TYPE ?= "rsa"
 
 BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
 
-IMAGE_TYPEDEP:wic += "squashfs"
-IMAGE_TYPEDEP:swu = "wic"
+IMAGE_TYPEDEP:swu = "wic ${SWU_ROOTFS_TYPE}.gz"
 IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
 
 IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index a182a67..8f2b7bb 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -19,6 +19,7 @@ local_conf_header:
     IMAGE_CLASSES += "verity"
     IMAGE_FSTYPES = "wic"
     IMAGE_TYPEDEP:wic += "verity"
+    SWU_ROOTFS_TYPE = "verity"
     WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
     INITRAMFS_INSTALL:append = " initramfs-verity-hook"
     # abrootfs cannot be installed together with verity
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 80cd86e..236b3c4 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -19,6 +19,7 @@ local_conf_header:
     CIP_IMAGE_OPTIONS:append = " swupdate.inc"
 
   wic-swu: |
+    IMAGE_TYPEDEP:wic += "squashfs"
     IMAGE_FSTYPES += "swu"
     WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
     INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
-- 
2.34.1

[isar-cip-core][PATCH v4 4/8] swupdate: only check partition uuids on swupdate

[Felix Moessbauer]

This patch moves the partition uuid check into a task to only execute
the logic in case an swu image is built. Previously this was checked at
parse time, leading to errors when not setting these variables and
building an image without swupdate support from an layer that also
provides images with swupdate support.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass         | 8 ++++++++
 recipes-core/images/swupdate.inc | 6 ------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 50a15e1..931ac30 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -103,3 +103,11 @@ IMAGE_CMD:swu() {
            fi
         done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
 }
+
+python do_check_swu_partition_uuids() {
+    for u in ['A', 'B']:
+        if not d.getVar('ABROOTFS_PART_UUID_' + u):
+            bb.fatal('ABROOTFS_PART_UUID_' + u + ' not set')
+}
+
+addtask check_swu_partition_uuids before do_image_swu
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index f4f5c42..08867cd 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -14,9 +14,3 @@ inherit read-only-rootfs
 
 IMAGE_INSTALL += " swupdate"
 IMAGE_INSTALL += " swupdate-handler-roundrobin"
-
-python() {
-    for u in ['A', 'B']:
-        if not d.getVar('ABROOTFS_PART_UUID_' + u):
-            bb.fatal('ABROOTFS_PART_UUID_' + u + ' not set')
-}
-- 
2.34.1

[isar-cip-core][PATCH v4 5/8] make sw-description spec compliant

[Felix Moessbauer]

Remove the filesystem attribute from the images object, as this can only
be applied to files objects.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 recipes-core/images/swu/sw-description.tmpl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/recipes-core/images/swu/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl
index 05125e6..01c5f53 100644
--- a/recipes-core/images/swu/sw-description.tmpl
+++ b/recipes-core/images/swu/sw-description.tmpl
@@ -17,7 +17,6 @@ software =
             device = "C:BOOT0:linux.efi->${ABROOTFS_PART_UUID_A},C:BOOT1:linux.efi->${ABROOTFS_PART_UUID_B}";
             type = "roundrobin";
             compressed = "zlib";
-            filesystem = "ext4";
             properties: {
                         subtype = "image";
                         configfilecheck = "/etc/os-release@not_match@IMAGE_UUID=${TARGET_IMAGE_UUID}";
-- 
2.34.1

[isar-cip-core][PATCH v4 6/8] swu: replace custom image compression

[Felix Moessbauer]

This patch replaces the custom compression logic for the rootfs in the
swupdate swu file by using the imagetype infrastructure. This handles
some corner-cases and in general streamlines the options used for
compressing. With the new infrastructure in place, we add support to
compress the image with zstd (only zlib and zstd are supported by
swupdate).

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass                    | 40 ++++++++++-----------
 recipes-core/images/swu/sw-description.tmpl |  2 +-
 2 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 931ac30..6085dce 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -11,7 +11,9 @@
 # SPDX-License-Identifier: MIT
 SWU_ROOTFS_TYPE ?= "squashfs"
 SWU_ROOTFS_NAME ?= "${IMAGE_FULLNAME}"
-ROOTFS_PARTITION_NAME ?= "${SWU_ROOTFS_NAME}.${SWU_ROOTFS_TYPE}.gz"
+# compression type as defined by swupdate (zlib or zstd)
+SWU_COMPRESSION_TYPE ?= "zlib"
+ROOTFS_PARTITION_NAME ?= "${SWU_ROOTFS_NAME}.${SWU_ROOTFS_TYPE}.${@get_swu_compression_type(d)}"
 
 SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
 SWU_DESCRIPTION_FILE ?= "sw-description"
@@ -22,12 +24,25 @@ SWU_SIGNATURE_TYPE ?= "rsa"
 
 BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
 
-IMAGE_TYPEDEP:swu = "wic ${SWU_ROOTFS_TYPE}.gz"
+IMAGE_TYPEDEP:swu = "wic ${SWU_ROOTFS_TYPE}.${@get_swu_compression_type(d)}"
 IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
 
 IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
 IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
-IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
+IMAGE_TEMPLATE_VARS:swu = " \
+    ROOTFS_PARTITION_NAME \
+    TARGET_IMAGE_UUID \
+    ABROOTFS_PART_UUID_A \
+    ABROOTFS_PART_UUID_B \
+    SWU_COMPRESSION_TYPE"
+
+# convert between swupdate compressor name and imagetype extension
+def get_swu_compression_type(d):
+    swu_ct = d.getVar('SWU_COMPRESSION_TYPE', True)
+    swu_to_image = {'zlib': 'gz', 'zstd': 'zst'}
+    if swu_ct not in swu_to_image:
+        bb.fatal('requested SWU_COMPRESSION_TYPE is not supported by swupdate')
+    return swu_to_image[swu_ct]
 
 # This imagetype is neither machine nor distro specific. Hence, we cannot
 # use paths in FILESOVERRIDES. Manual modifications of this variable are
@@ -40,25 +55,6 @@ IMAGE_CMD:swu() {
     rm -f '${SWU_IMAGE_FILE}'
     cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
 
-    # Compress files if requested
-    for file in ${SWU_ADDITIONAL_FILES}; do
-        basefile=$(basename "$file" .gz)
-        if [ "$basefile" = "$file" ]; then
-            continue
-        fi
-        for uncompressed in "${WORKDIR}/$basefile" "${DEPLOY_DIR_IMAGE}/$basefile"; do
-            if [ -e "$uncompressed" ]; then
-                rm  -f "$uncompressed.gz"
-                if [ -x "$(command -v pigz)" ]; then
-                    pigz "$uncompressed"
-                else
-                    gzip "$uncompressed"
-                fi
-                break
-            fi
-        done
-    done
-
     # Create symlinks for files used in the update image
     for file in ${SWU_ADDITIONAL_FILES}; do
         if [ -e "${WORKDIR}/$file" ]; then
diff --git a/recipes-core/images/swu/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl
index 01c5f53..b5a8622 100644
--- a/recipes-core/images/swu/sw-description.tmpl
+++ b/recipes-core/images/swu/sw-description.tmpl
@@ -16,7 +16,7 @@ software =
             filename = "${ROOTFS_PARTITION_NAME}";
             device = "C:BOOT0:linux.efi->${ABROOTFS_PART_UUID_A},C:BOOT1:linux.efi->${ABROOTFS_PART_UUID_B}";
             type = "roundrobin";
-            compressed = "zlib";
+            compressed = "${SWU_COMPRESSION_TYPE}";
             properties: {
                         subtype = "image";
                         configfilecheck = "/etc/os-release@not_match@IMAGE_UUID=${TARGET_IMAGE_UUID}";
-- 
2.34.1

[isar-cip-core][PATCH v4 7/8] prefix swu related variables with SWU

[Felix Moessbauer]

This patch ensures that all variables used in the swupdate.bbclass are
either only active when swu is selected, or are prefixed with SWU. By
that, we avoid accidental name collisions in the image recipe, as this
recipe always inherits the swupdate class (via the imagetype logic).

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass                    | 10 +++++-----
 recipes-core/images/swu/sw-description.tmpl |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 6085dce..fc30df8 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -13,16 +13,16 @@ SWU_ROOTFS_TYPE ?= "squashfs"
 SWU_ROOTFS_NAME ?= "${IMAGE_FULLNAME}"
 # compression type as defined by swupdate (zlib or zstd)
 SWU_COMPRESSION_TYPE ?= "zlib"
-ROOTFS_PARTITION_NAME ?= "${SWU_ROOTFS_NAME}.${SWU_ROOTFS_TYPE}.${@get_swu_compression_type(d)}"
+SWU_ROOTFS_PARTITION_NAME ?= "${SWU_ROOTFS_NAME}.${SWU_ROOTFS_TYPE}.${@get_swu_compression_type(d)}"
 
 SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
 SWU_DESCRIPTION_FILE ?= "sw-description"
-SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
+SWU_ADDITIONAL_FILES ?= "linux.efi ${SWU_ROOTFS_PARTITION_NAME}"
 SWU_SIGNED ?= ""
 SWU_SIGNATURE_EXT ?= "sig"
 SWU_SIGNATURE_TYPE ?= "rsa"
 
-BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
+SWU_BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
 
 IMAGE_TYPEDEP:swu = "wic ${SWU_ROOTFS_TYPE}.${@get_swu_compression_type(d)}"
 IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
@@ -30,7 +30,7 @@ IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SI
 IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
 IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
 IMAGE_TEMPLATE_VARS:swu = " \
-    ROOTFS_PARTITION_NAME \
+    SWU_ROOTFS_PARTITION_NAME \
     TARGET_IMAGE_UUID \
     ABROOTFS_PART_UUID_A \
     ABROOTFS_PART_UUID_B \
@@ -97,7 +97,7 @@ IMAGE_CMD:swu() {
                 fi
                 echo "$file.${SWU_SIGNATURE_EXT}"
            fi
-        done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
+        done | cpio -ovL -H crc > "${SWU_BUILDCHROOT_IMAGE_FILE}"'
 }
 
 python do_check_swu_partition_uuids() {
diff --git a/recipes-core/images/swu/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl
index b5a8622..cade7c3 100644
--- a/recipes-core/images/swu/sw-description.tmpl
+++ b/recipes-core/images/swu/sw-description.tmpl
@@ -13,7 +13,7 @@ software =
     version = "0.2";
     name = "cip software update";
     images: ({
-            filename = "${ROOTFS_PARTITION_NAME}";
+            filename = "${SWU_ROOTFS_PARTITION_NAME}";
             device = "C:BOOT0:linux.efi->${ABROOTFS_PART_UUID_A},C:BOOT1:linux.efi->${ABROOTFS_PART_UUID_B}";
             type = "roundrobin";
             compressed = "${SWU_COMPRESSION_TYPE}";
@@ -21,7 +21,7 @@ software =
                         subtype = "image";
                         configfilecheck = "/etc/os-release@not_match@IMAGE_UUID=${TARGET_IMAGE_UUID}";
             };
-            sha256 = "${ROOTFS_PARTITION_NAME}-sha256";
+            sha256 = "${SWU_ROOTFS_PARTITION_NAME}-sha256";
     });
     files: ({
             filename = "linux.efi";
-- 
2.34.1

[isar-cip-core][PATCH v4 8/8] refactor verity image creation

[Felix Moessbauer]

This patch simplifies the integration of verity with swupdate.
We now directly copy the generated verity image into the swu file,
instead of going via wic. This solves the issue with leading partitions,
shifting the partition layout and resulting in a wrong partition in the
swu file. Further, we cleanup some duplicated variables.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/verity.bbclass               | 7 +------
 kas/opt/ebg-secure-boot-snakeoil.yml | 1 -
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/classes/verity.bbclass b/classes/verity.bbclass
index 154b9e1..747a7ae 100644
--- a/classes/verity.bbclass
+++ b/classes/verity.bbclass
@@ -9,21 +9,16 @@
 # SPDX-License-Identifier: MIT
 #
 
-VERITY_IMAGE_TYPE ?= "squashfs"
-
-inherit ${VERITY_IMAGE_TYPE}
-
 IMAGE_TYPEDEP:verity = "${VERITY_IMAGE_TYPE}"
 IMAGER_INSTALL:verity += "cryptsetup"
 
+VERITY_IMAGE_TYPE ?= "squashfs"
 VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
 VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
 VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
 VERITY_HASH_BLOCK_SIZE ?= "1024"
 VERITY_DATA_BLOCK_SIZE ?= "1024"
 
-IMAGER_INSTALL += "cryptsetup"
-
 create_verity_env_file() {
 
     local ENV="${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.verity.env"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 8f2b7bb..3d0e3c9 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -16,7 +16,6 @@ header:
 
 local_conf_header:
   secure-boot-image: |
-    IMAGE_CLASSES += "verity"
     IMAGE_FSTYPES = "wic"
     IMAGE_TYPEDEP:wic += "verity"
     SWU_ROOTFS_TYPE = "verity"
-- 
2.34.1

Re: [isar-cip-core][PATCH v4 1/8] register image classes via layer.conf

[Jan Kiszka]

On 12.02.23 09:27, Felix Moessbauer wrote:
> This patch registers the provided image classes via the bblayer.conf
> file. By that, no manual additions of these classes via kas is required
> and erronous implementations are detected early (e.g. mandatory inputs
> without defaults).
> 

Then why is this commit not removing those obsolete IMAGE_CLASSES additions?

Jan

> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
>  conf/layer.conf | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/conf/layer.conf b/conf/layer.conf
> index 0c5fd39..2c888b2 100644
> --- a/conf/layer.conf
> +++ b/conf/layer.conf
> @@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
>  
>  LAYERDIR_cip-core = "${LAYERDIR}"
>  LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
> +
> +IMAGE_CLASSES += "squashfs verity swupdate"

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-core][PATCH v4 1/8] register image classes via layer.conf

[Moessbauer, Felix]

On Mon, 2023-02-13 at 15:51 +0100, Jan Kiszka wrote:
> On 12.02.23 09:27, Felix Moessbauer wrote:
> > This patch registers the provided image classes via the
> > bblayer.conf
> > file. By that, no manual additions of these classes via kas is
> > required
> > and erronous implementations are detected early (e.g. mandatory
> > inputs
> > without defaults).
> > 
> 
> Then why is this commit not removing those obsolete IMAGE_CLASSES
> additions?

Good catch. The kas-file changes reg. IMAGE_CLASSES from the following
commits should be moved into this commit.

Will send a v5 tomorrow.

Felix

> 
> Jan
> 
> > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> > ---
> >  conf/layer.conf | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/conf/layer.conf b/conf/layer.conf
> > index 0c5fd39..2c888b2 100644
> > --- a/conf/layer.conf
> > +++ b/conf/layer.conf
> > @@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
> >  
> >  LAYERDIR_cip-core = "${LAYERDIR}"
> >  LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
> > +
> > +IMAGE_CLASSES += "squashfs verity swupdate"
> 

Re: [isar-cip-core][PATCH v4 1/8] register image classes via layer.conf

[Jan Kiszka]

On 13.02.23 16:18, Moessbauer, Felix (T CED INW-CN) wrote:
> On Mon, 2023-02-13 at 15:51 +0100, Jan Kiszka wrote:
>> On 12.02.23 09:27, Felix Moessbauer wrote:
>>> This patch registers the provided image classes via the
>>> bblayer.conf
>>> file. By that, no manual additions of these classes via kas is
>>> required
>>> and erronous implementations are detected early (e.g. mandatory
>>> inputs
>>> without defaults).
>>>
>>
>> Then why is this commit not removing those obsolete IMAGE_CLASSES
>> additions?
> 
> Good catch. The kas-file changes reg. IMAGE_CLASSES from the following
> commits should be moved into this commit.
> 
> Will send a v5 tomorrow.
> 

Thanks. Then please also check the documentations. There is at least
doc/README.secureboot.md referencing this as well.

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-core][PATCH v4 2/8] refactor: use imagetypes for swu generation

[Jan Kiszka]

On 12.02.23 09:27, Felix Moessbauer wrote:
> This patch reworks the implementation of the swupdate type.
> All generic aspects are moved from the swupdate.inc file into the
> swupdate class and made conditional on the swu type.
> The sw-description file is now referenced using the image-type
> infrastructure, which avoids manual additions to FILESEXTRAPATHS and
> accidental overwrites of SRC_URI. The templating logic is moved into the
> generic one provided by imagetypes.
> 
> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
>  classes/swupdate.bbclass                      | 26 ++++++++++++-------
>  kas/opt/swupdate.yml                          |  5 +---
>  .../images/{files => swu}/sw-description.tmpl |  0
>  recipes-core/images/swupdate.inc              | 15 -----------
>  4 files changed, 18 insertions(+), 28 deletions(-)
>  rename recipes-core/images/{files => swu}/sw-description.tmpl (100%)
> 
> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
> index 5eb4936..966f7c0 100644
> --- a/classes/swupdate.bbclass
> +++ b/classes/swupdate.bbclass
> @@ -8,23 +8,33 @@
>  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>  #
>  # SPDX-License-Identifier: MIT
> +ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
>  
>  SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
>  SWU_DESCRIPTION_FILE ?= "sw-description"
> -SWU_ADDITIONAL_FILES ?= ""
> +SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
>  SWU_SIGNED ?= ""
>  SWU_SIGNATURE_EXT ?= "sig"
>  SWU_SIGNATURE_TYPE ?= "rsa"
>  
>  BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
>  
> -IMAGER_INSTALL += "cpio"
> -IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
> +IMAGE_TYPEDEP:wic += "squashfs"
> +IMAGE_TYPEDEP:swu = "wic"
> +IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
>  
> -do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> -do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
> -do_swupdate_binary[network] = "${TASK_USE_SUDO}"
> -do_swupdate_binary() {
> +IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
> +IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
> +IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
> +
> +# This imagetype is neither machine nor distro specific. Hence, we cannot
> +# use paths in FILESOVERRIDES. Manual modifications of this variable are
> +# discouradged and hard to implement. Instead, we register this path explicitly
> +FILESEXTRAPATHS:prepend = "${LAYERDIR_cip-core}/recipes-core/images/swu:"

This means downstream layers wanting to overload the sw-description.tmpl
now need to register their own FILESEXTRAPATHS? That at least requires
documentation. Or can we also drop LAYERDIR_cip-core here, and it would
still work?

> +
> +do_image_swu[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> +do_image_swu[cleandirs] += "${WORKDIR}/swu"
> +IMAGE_CMD:swu() {
>      rm -f '${SWU_IMAGE_FILE}'
>      cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
>  
> @@ -91,5 +101,3 @@ do_swupdate_binary() {
>             fi
>          done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
>  }
> -
> -addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
> diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
> index ae5e3a1..80cd86e 100644
> --- a/kas/opt/swupdate.yml
> +++ b/kas/opt/swupdate.yml
> @@ -19,11 +19,8 @@ local_conf_header:
>      CIP_IMAGE_OPTIONS:append = " swupdate.inc"
>  
>    wic-swu: |
> -    IMAGE_CLASSES += "squashfs"
> -    IMAGE_TYPEDEP:wic += "squashfs"
> -    IMAGE_FSTYPES = "wic"
> +    IMAGE_FSTYPES += "swu"
>      WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
>      INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
> -    WIC_DEPLOY_PARTITIONS = "1"

Why can we already drop this at this point?

>      ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
>      ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
> diff --git a/recipes-core/images/files/sw-description.tmpl b/recipes-core/images/swu/sw-description.tmpl
> similarity index 100%
> rename from recipes-core/images/files/sw-description.tmpl
> rename to recipes-core/images/swu/sw-description.tmpl
> diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
> index ee893dd..f4f5c42 100644
> --- a/recipes-core/images/swupdate.inc
> +++ b/recipes-core/images/swupdate.inc
> @@ -10,26 +10,11 @@
>  #
>  
>  inherit image_uuid
> -inherit swupdate
>  inherit read-only-rootfs
>  
>  IMAGE_INSTALL += " swupdate"
>  IMAGE_INSTALL += " swupdate-handler-roundrobin"
>  
> -ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4.gz"
> -
> -FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
> -
> -SRC_URI += "file://sw-description.tmpl"
> -TEMPLATE_FILES += "sw-description.tmpl"
> -
> -do_transform_template[vardeps] += "TARGET_IMAGE_UUID"
> -addtask do_transform_template before do_swupdate_binary after do_generate_image_uuid
> -
> -TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
> -
> -SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"
> -
>  python() {
>      for u in ['A', 'B']:
>          if not d.getVar('ABROOTFS_PART_UUID_' + u):

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-core][PATCH v4 2/8] refactor: use imagetypes for swu generation

[Moessbauer, Felix]

On Mon, 2023-02-13 at 16:28 +0100, Jan Kiszka wrote:
> On 12.02.23 09:27, Felix Moessbauer wrote:
> > This patch reworks the implementation of the swupdate type.
> > All generic aspects are moved from the swupdate.inc file into the
> > swupdate class and made conditional on the swu type.
> > The sw-description file is now referenced using the image-type
> > infrastructure, which avoids manual additions to FILESEXTRAPATHS
> > and
> > accidental overwrites of SRC_URI. The templating logic is moved
> > into the
> > generic one provided by imagetypes.
> > 
> > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> > ---
> >  classes/swupdate.bbclass                      | 26 ++++++++++++---
> > ----
> >  kas/opt/swupdate.yml                          |  5 +---
> >  .../images/{files => swu}/sw-description.tmpl |  0
> >  recipes-core/images/swupdate.inc              | 15 -----------
> >  4 files changed, 18 insertions(+), 28 deletions(-)
> >  rename recipes-core/images/{files => swu}/sw-description.tmpl
> > (100%)
> > 
> > diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
> > index 5eb4936..966f7c0 100644
> > --- a/classes/swupdate.bbclass
> > +++ b/classes/swupdate.bbclass
> > @@ -8,23 +8,33 @@
> >  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> >  #
> >  # SPDX-License-Identifier: MIT
> > +ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
> >  
> >  SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-
> > ${MACHINE}.swu"
> >  SWU_DESCRIPTION_FILE ?= "sw-description"
> > -SWU_ADDITIONAL_FILES ?= ""
> > +SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
> >  SWU_SIGNED ?= ""
> >  SWU_SIGNATURE_EXT ?= "sig"
> >  SWU_SIGNATURE_TYPE ?= "rsa"
> >  
> >  BUILDCHROOT_IMAGE_FILE ?=
> > "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
> >  
> > -IMAGER_INSTALL += "cpio"
> > -IMAGER_INSTALL += "${@'openssl' if
> > bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
> > +IMAGE_TYPEDEP:wic += "squashfs"
> > +IMAGE_TYPEDEP:swu = "wic"
> > +IMAGER_INSTALL:swu += "cpio ${@'openssl' if
> > bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
> >  
> > -do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> > -do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
> > -do_swupdate_binary[network] = "${TASK_USE_SUDO}"
> > -do_swupdate_binary() {
> > +IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
> > +IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
> > +IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID
> > ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
> > +
> > +# This imagetype is neither machine nor distro specific. Hence, we
> > cannot
> > +# use paths in FILESOVERRIDES. Manual modifications of this
> > variable are
> > +# discouradged and hard to implement. Instead, we register this
> > path explicitly
> > +FILESEXTRAPATHS:prepend = "${LAYERDIR_cip-core}/recipes-
> > core/images/swu:"
> 
> This means downstream layers wanting to overload the sw-
> description.tmpl
> now need to register their own FILESEXTRAPATHS? That at least
> requires
> documentation. Or can we also drop LAYERDIR_cip-core here, and it
> would
> still work?

That is exactly as it always has been. But downstream layer have to add
it only if they override the SWU_DESCRIPTION_FILE. IMHO this is
reasonable. I highly vote for keeping it like that, as these kind of
things bite us again and again with each bitbake update.

For the OVA part which I recently re-modeled in ISAR, this is not
required as both vmware and virtualbox are machines, and both
/${MACHINE} and /${DISTRO} is appended to any search paths.

> 
> > +
> > +do_image_swu[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> > +do_image_swu[cleandirs] += "${WORKDIR}/swu"
> > +IMAGE_CMD:swu() {
> >      rm -f '${SWU_IMAGE_FILE}'
> >      cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}'
> > '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
> >  
> > @@ -91,5 +101,3 @@ do_swupdate_binary() {
> >             fi
> >          done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
> >  }
> > -
> > -addtask swupdate_binary before do_build after do_deploy
> > do_copy_boot_files do_install_imager_deps do_transform_template
> > diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
> > index ae5e3a1..80cd86e 100644
> > --- a/kas/opt/swupdate.yml
> > +++ b/kas/opt/swupdate.yml
> > @@ -19,11 +19,8 @@ local_conf_header:
> >      CIP_IMAGE_OPTIONS:append = " swupdate.inc"
> >  
> >    wic-swu: |
> > -    IMAGE_CLASSES += "squashfs"
> > -    IMAGE_TYPEDEP:wic += "squashfs"
> > -    IMAGE_FSTYPES = "wic"
> > +    IMAGE_FSTYPES += "swu"
> >      WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
> >      INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
> > -    WIC_DEPLOY_PARTITIONS = "1"
> 
> Why can we already drop this at this point?

Good catch. That has to move into the next commit.

Felix

> 
> >      ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
> >      ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
> > diff --git a/recipes-core/images/files/sw-description.tmpl
> > b/recipes-core/images/swu/sw-description.tmpl
> > similarity index 100%
> > rename from recipes-core/images/files/sw-description.tmpl
> > rename to recipes-core/images/swu/sw-description.tmpl
> > diff --git a/recipes-core/images/swupdate.inc b/recipes-
> > core/images/swupdate.inc
> > index ee893dd..f4f5c42 100644
> > --- a/recipes-core/images/swupdate.inc
> > +++ b/recipes-core/images/swupdate.inc
> > @@ -10,26 +10,11 @@
> >  #
> >  
> >  inherit image_uuid
> > -inherit swupdate
> >  inherit read-only-rootfs
> >  
> >  IMAGE_INSTALL += " swupdate"
> >  IMAGE_INSTALL += " swupdate-handler-roundrobin"
> >  
> > -ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4.gz"
> > -
> > -FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
> > -
> > -SRC_URI += "file://sw-description.tmpl"
> > -TEMPLATE_FILES += "sw-description.tmpl"
> > -
> > -do_transform_template[vardeps] += "TARGET_IMAGE_UUID"
> > -addtask do_transform_template before do_swupdate_binary after
> > do_generate_image_uuid
> > -
> > -TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID
> > ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
> > -
> > -SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"
> > -
> >  python() {
> >      for u in ['A', 'B']:
> >          if not d.getVar('ABROOTFS_PART_UUID_' + u):
> 
> Jan
> 

Re: [isar-cip-core][PATCH v4 2/8] refactor: use imagetypes for swu generation

[Jan Kiszka]

On 14.02.23 03:10, Moessbauer, Felix (T CED INW-CN) wrote:
> On Mon, 2023-02-13 at 16:28 +0100, Jan Kiszka wrote:
>> On 12.02.23 09:27, Felix Moessbauer wrote:
>>> This patch reworks the implementation of the swupdate type.
>>> All generic aspects are moved from the swupdate.inc file into the
>>> swupdate class and made conditional on the swu type.
>>> The sw-description file is now referenced using the image-type
>>> infrastructure, which avoids manual additions to FILESEXTRAPATHS
>>> and
>>> accidental overwrites of SRC_URI. The templating logic is moved
>>> into the
>>> generic one provided by imagetypes.
>>>
>>> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
>>> ---
>>>  classes/swupdate.bbclass                      | 26 ++++++++++++---
>>> ----
>>>  kas/opt/swupdate.yml                          |  5 +---
>>>  .../images/{files => swu}/sw-description.tmpl |  0
>>>  recipes-core/images/swupdate.inc              | 15 -----------
>>>  4 files changed, 18 insertions(+), 28 deletions(-)
>>>  rename recipes-core/images/{files => swu}/sw-description.tmpl
>>> (100%)
>>>
>>> diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
>>> index 5eb4936..966f7c0 100644
>>> --- a/classes/swupdate.bbclass
>>> +++ b/classes/swupdate.bbclass
>>> @@ -8,23 +8,33 @@
>>>  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>  #
>>>  # SPDX-License-Identifier: MIT
>>> +ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
>>>
>>>  SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-
>>> ${MACHINE}.swu"
>>>  SWU_DESCRIPTION_FILE ?= "sw-description"
>>> -SWU_ADDITIONAL_FILES ?= ""
>>> +SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
>>>  SWU_SIGNED ?= ""
>>>  SWU_SIGNATURE_EXT ?= "sig"
>>>  SWU_SIGNATURE_TYPE ?= "rsa"
>>>
>>>  BUILDCHROOT_IMAGE_FILE ?=
>>> "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
>>>
>>> -IMAGER_INSTALL += "cpio"
>>> -IMAGER_INSTALL += "${@'openssl' if
>>> bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
>>> +IMAGE_TYPEDEP:wic += "squashfs"
>>> +IMAGE_TYPEDEP:swu = "wic"
>>> +IMAGER_INSTALL:swu += "cpio ${@'openssl' if
>>> bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
>>>
>>> -do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
>>> -do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
>>> -do_swupdate_binary[network] = "${TASK_USE_SUDO}"
>>> -do_swupdate_binary() {
>>> +IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
>>> +IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
>>> +IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID
>>> ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
>>> +
>>> +# This imagetype is neither machine nor distro specific. Hence, we
>>> cannot
>>> +# use paths in FILESOVERRIDES. Manual modifications of this
>>> variable are
>>> +# discouradged and hard to implement. Instead, we register this
>>> path explicitly
>>> +FILESEXTRAPATHS:prepend = "${LAYERDIR_cip-core}/recipes-
>>> core/images/swu:"
>>
>> This means downstream layers wanting to overload the sw-
>> description.tmpl
>> now need to register their own FILESEXTRAPATHS? That at least
>> requires
>> documentation. Or can we also drop LAYERDIR_cip-core here, and it
>> would
>> still work?
> 
> That is exactly as it always has been. But downstream layer have to add
> it only if they override the SWU_DESCRIPTION_FILE. IMHO this is
> reasonable. I highly vote for keeping it like that, as these kind of
> things bite us again and again with each bitbake update.
> 

If I write

[my-image.bb]
inherit swupdate

and place an own sw-description.tmpl in my own files/ folder, will that
be picked (as to be naturally expected) or the one from cip-core?

Jan

-- 
Siemens AG, Technology
Competence Center Embedded Linux

Re: [isar-cip-core][PATCH v4 2/8] refactor: use imagetypes for swu generation

[Moessbauer, Felix]

On Tue, 2023-02-14 at 08:18 +0100, Jan Kiszka wrote:
> On 14.02.23 03:10, Moessbauer, Felix (T CED INW-CN) wrote:
> > On Mon, 2023-02-13 at 16:28 +0100, Jan Kiszka wrote:
> > > On 12.02.23 09:27, Felix Moessbauer wrote:
> > > > This patch reworks the implementation of the swupdate type.
> > > > All generic aspects are moved from the swupdate.inc file into
> > > > the
> > > > swupdate class and made conditional on the swu type.
> > > > The sw-description file is now referenced using the image-type
> > > > infrastructure, which avoids manual additions to
> > > > FILESEXTRAPATHS
> > > > and
> > > > accidental overwrites of SRC_URI. The templating logic is moved
> > > > into the
> > > > generic one provided by imagetypes.
> > > > 
> > > > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> > > > ---
> > > >  classes/swupdate.bbclass                      | 26
> > > > ++++++++++++---
> > > > ----
> > > >  kas/opt/swupdate.yml                          |  5 +---
> > > >  .../images/{files => swu}/sw-description.tmpl |  0
> > > >  recipes-core/images/swupdate.inc              | 15 -----------
> > > >  4 files changed, 18 insertions(+), 28 deletions(-)
> > > >  rename recipes-core/images/{files => swu}/sw-description.tmpl
> > > > (100%)
> > > > 
> > > > diff --git a/classes/swupdate.bbclass
> > > > b/classes/swupdate.bbclass
> > > > index 5eb4936..966f7c0 100644
> > > > --- a/classes/swupdate.bbclass
> > > > +++ b/classes/swupdate.bbclass
> > > > @@ -8,23 +8,33 @@
> > > >  #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
> > > >  #
> > > >  # SPDX-License-Identifier: MIT
> > > > +ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
> > > > 
> > > >  SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-
> > > > ${MACHINE}.swu"
> > > >  SWU_DESCRIPTION_FILE ?= "sw-description"
> > > > -SWU_ADDITIONAL_FILES ?= ""
> > > > +SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
> > > >  SWU_SIGNED ?= ""
> > > >  SWU_SIGNATURE_EXT ?= "sig"
> > > >  SWU_SIGNATURE_TYPE ?= "rsa"
> > > > 
> > > >  BUILDCHROOT_IMAGE_FILE ?=
> > > > "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
> > > > 
> > > > -IMAGER_INSTALL += "cpio"
> > > > -IMAGER_INSTALL += "${@'openssl' if
> > > > bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
> > > > +IMAGE_TYPEDEP:wic += "squashfs"
> > > > +IMAGE_TYPEDEP:swu = "wic"
> > > > +IMAGER_INSTALL:swu += "cpio ${@'openssl' if
> > > > bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
> > > > 
> > > > -do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
> > > > -do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
> > > > -do_swupdate_binary[network] = "${TASK_USE_SUDO}"
> > > > -do_swupdate_binary() {
> > > > +IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
> > > > +IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
> > > > +IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME
> > > > TARGET_IMAGE_UUID
> > > > ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
> > > > +
> > > > +# This imagetype is neither machine nor distro specific.
> > > > Hence, we
> > > > cannot
> > > > +# use paths in FILESOVERRIDES. Manual modifications of this
> > > > variable are
> > > > +# discouradged and hard to implement. Instead, we register
> > > > this
> > > > path explicitly
> > > > +FILESEXTRAPATHS:prepend = "${LAYERDIR_cip-core}/recipes-
> > > > core/images/swu:"
> > > 
> > > This means downstream layers wanting to overload the sw-
> > > description.tmpl
> > > now need to register their own FILESEXTRAPATHS? That at least
> > > requires
> > > documentation. Or can we also drop LAYERDIR_cip-core here, and it
> > > would
> > > still work?
> > 
> > That is exactly as it always has been. But downstream layer have to
> > add
> > it only if they override the SWU_DESCRIPTION_FILE. IMHO this is
> > reasonable. I highly vote for keeping it like that, as these kind
> > of
> > things bite us again and again with each bitbake update.
> > 
> 
> If I write
> 
> [my-image.bb]
> inherit swupdate
> 
> and place an own sw-description.tmpl in my own files/ folder, will
> that
> be picked (as to be naturally expected) or the one from cip-core?

This will not be picked up, as the cip-core path is prepended.
This is indeed not ideal. We better append the path, so local files
always are preferred.

Will change it in the next revision.

Felix


> 
> Jan
>