[OE-core] [PATCH v2 0/3] Enforce Shared State Signing when optionsset
Joshua Lock
jlock at vmware.com
Tue Jul 30 13:16:03 UTC 2019
There are 2 surprising behaviours in the current shared state signing
implementation which this pull request addresses:
1) when signature verification is enabled a failure to verify doesn't prevent
the shared state object from being used. A warning is printed and the
unsigned shared state object is used to accelerate the task.
2) when signing is enabled the taskhash doesn't change and any existing,
unsigned, shared state objects will not be signed. This is particularly
problematic when combined with 1.
Please review the following changes for suitability for inclusion. If you have
any objections or suggestions for improvement, please respond to the patches. If
you agree with the changes, please provide your Acked-by.
Changes since v1:
* removed spurious Python subclass class and handling of an error condition that
couldn't occur
The following changes since commit 835f7eac0610325e906591cd81890bebe8627580:
meta/lib/oeqa: Test for bootimg-biosplusefi Source (2019-07-23 22:26:28 +0100)
are available in the Git repository at:
https://github.com/joshuagl/poky joshuagl/signed-sstate2
https://github.com/joshuagl/poky/tree/joshuagl/signed-sstate2
Joshua Lock (3):
sstate: fix log message
classes/sstate: don't use unsigned sstate when verification enabled
classes/sstate: regenerate sstate when signing enabled
meta/classes/sstate.bbclass | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
--
2.21.0
More information about the Openembedded-core
mailing list