image: strip metadata from images when used in other artifacts

Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/include/image-commands.mk b/include/image-commands.mk
index 2d2d53cd652df91702ecf40108a9badb9ae7d258..376553b8d2d355e25eeccffeddadd5548f6dcd9e 100644 (file)
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -37,7 +37,11 @@ define Build/package-kernel-ubifs
 endef
 
 define Build/append-image
-       dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+       cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+       fwtool -s /dev/null -t "$@.stripmeta" || :
+       fwtool -i /dev/null -t "$@.stripmeta" || :
+       dd if="$@.stripmeta" >> "$@"
+       rm "$@.stripmeta"
 endef
 
 ifdef IB
@@ -46,8 +50,12 @@ define Build/append-image-stage
 endef
 else
 define Build/append-image-stage
-       dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)
-       dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+       cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+       fwtool -s /dev/null -t "$@.stripmeta" || :
+       fwtool -i /dev/null -t "$@.stripmeta" || :
+       dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
+       dd if="$@.stripmeta" >> "$@"
+       rm "$@.stripmeta"
 endef
 endif