image_type_phosphor: Support single signature for the tarball contents Currently the contents of the code update tarball are individually signed and signature files for each file are created. In order to ensure that the contents of the tarball are the expected ones as a full package, it is necessary to create an additional single signature file bashed on the individual signature files. (From meta-phosphor rev: 80b9baede615563bc15e5218cb051f57ae451b8d) Signed-off-by: George Liu <liuxiwei@inspur.com> Change-Id: I6373d4f0387e8f64c2c30be05e0d43af4ed9b913 Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

commit: f0afcf836269e7fba7c33c58146f2fcd3db57ae2 [log] [tgz]
author: George Liu <liuxiwei@inspur.com> Tue Dec 15 09:46:10 2020 +0800
committer: Andrew Geissler <geissonator@yahoo.com> Thu Jan 14 11:02:34 2021 -0600
tree: dbf348d44076ef018fe2bb08e0da8f6e596d00d8
parent: c17750fc725df234be31d799cd17efd47b198da6 [diff] [blame]
diff --git a/meta-phosphor/classes/image_types_phosphor.bbclass b/meta-phosphor/classes/image_types_phosphor.bbclass
index e466347..fa5d319 100644
--- a/meta-phosphor/classes/image_types_phosphor.bbclass
+++ b/meta-phosphor/classes/image_types_phosphor.bbclass

@@ -332,6 +332,14 @@
 		openssl dgst -sha256 -sign ${SIGNING_KEY} -out "${file}.sig" $file
 		signature_files="${signature_files} ${file}.sig"
 	done
+
+	if [ -n "$signature_files" ]; then
+		sort_signature_files=`echo "$signature_files" | tr ' ' '\n' | sort | tr '\n' ' '`
+		cat $sort_signature_files > image-full
+		openssl dgst -sha256 -sign ${SIGNING_KEY} -out image-full.sig image-full
+		signature_files="${signature_files} image-full.sig"
+		rm -rf image-full
+	fi
 }
 
 do_generate_static_alltar() {
commit	f0afcf836269e7fba7c33c58146f2fcd3db57ae2	[log] [tgz]
author	George Liu <liuxiwei@inspur.com>	Tue Dec 15 09:46:10 2020 +0800
committer	Andrew Geissler <geissonator@yahoo.com>	Thu Jan 14 11:02:34 2021 -0600
tree	dbf348d44076ef018fe2bb08e0da8f6e596d00d8
parent	c17750fc725df234be31d799cd17efd47b198da6 [diff] [blame]