| Message ID | 6c59a659-d47e-48d5-81af-a729b8533f62@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [BACKPORT] uboot-sign: fix U-Boot binary with public key | expand |
Thank you for your submission. Patchtest identified one or more issues with the patch. Please see the log below for more information: --- Testing patch /home/patchtest/share/mboxes/BACKPORT-uboot-sign-fix-U-Boot-binary-with-public-key.patch FAIL: test Signed-off-by presence: Mbox is missing Signed-off-by. Add it manually or with "git commit --amend -s" (test_mbox.TestMbox.test_signed_off_by_presence) PASS: test author valid (test_mbox.TestMbox.test_author_valid) PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags) PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) SKIP: pretest src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.pretest_src_uri_left_files) SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) SKIP: test src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.test_src_uri_left_files) SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) --- Please address the issues identified and submit a new revision of the patch, or alternatively, reply to this email with an explanation of why the patch should be accepted. If you believe these results are due to an error in patchtest, please submit a bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category under 'Yocto Project Subprojects'). For more information on specific failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank you!
> Thank you for your submission. Patchtest identified one > or more issues with the patch. Please see the log below for > more information: > > --- > Testing patch /home/patchtest/share/mboxes/BACKPORT-uboot-sign-fix-U-Boot-binary-with-public-key.patch > > FAIL: test Signed-off-by presence: Mbox is missing Signed-off-by. Add it manually or with "git commit --amend -s" (test_mbox.TestMbox.test_signed_off_by_presence) This is a backport request and references a commit in master (which has the appropriate signoffs). I am happy to change my backport request formatting as needed to avoid this false positive. > > PASS: test author valid (test_mbox.TestMbox.test_author_valid) > PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence) > PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags) > PASS: test max line length (test_metadata.TestMetadata.test_max_line_length) > PASS: test mbox format (test_mbox.TestMbox.test_mbox_format) > PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade) > PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format) > PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length) > PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list) > > SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint) > SKIP: pretest src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.pretest_src_uri_left_files) > SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore) > SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format) > SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence) > SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format) > SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format) > SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned) > SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence) > SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence) > SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint) > SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head) > SKIP: test src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.test_src_uri_left_files) > SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence) > > --- > > Please address the issues identified and > submit a new revision of the patch, or alternatively, reply to this > email with an explanation of why the patch should be accepted. If you > believe these results are due to an error in patchtest, please submit a > bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category > under 'Yocto Project Subprojects'). For more information on specific > failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank > you!
Clayton, This is not the way to request backports. Please just read the list for past submissions and it will be clear how those should be made. Steve, Please do NOT backport this change to stable releases, as it seems incorrect and causes issues downstream and should probably get reverted from master. Thanks. On Tue, Nov 26, 2024 at 08:17:34AM -0700, Clayton Casciato via lists.openembedded.org wrote: > Hi, Steve! > > I would like to backport this from master to Styhead and Scarthgap. > > Thank you! > > Clayton Casciato > > -- > > commit 0d14e99aa18ee38293df63d585fafc270a4538be > Author: Clayton Casciato <majortomtosourcecontrol@gmail.com> > Date: Fri Nov 22 08:00:00 2024 -0700 > > uboot-sign: fix U-Boot binary with public key > > Fixes [YOCTO #15649] > > The U-Boot binary in the "deploy" directory is missing the public key > when the removed logic branch is used. > > The simple concatenation of the binary and DTB with public key works as > expected on a BeagleBone Black. > > Given: > MACHINE = beaglebone-yocto > UBOOT_SIGN_KEYNAME = "dev" > > Post-patch (poky/build/tmp/deploy/images/beaglebone-yocto): > $ hexdump -e "16 \"%_p\" \"\\n\"" u-boot-beaglebone-yocto.dtb \ > | tr -d '\n' | grep -o 'key-dev' > key-dev > > $ hexdump -e "16 \"%_p\" \"\\n\"" u-boot.img \ > | tr -d '\n' | grep -o 'key-dev' > key-dev > > Non-Poky BeagleBone Black testing (Scarthgap): > U-Boot 2024.01 [...] > [...] > Using 'conf-ti_omap_am335x-boneblack.dtb' configuration > Verifying Hash Integrity ... sha256,rsa4096:dev+ OK > Trying 'kernel-1' kernel subimage > [...] > > Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > > diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass > index a17be745ce..7ee73b872a 100644 > --- a/meta/classes-recipe/uboot-sign.bbclass > +++ b/meta/classes-recipe/uboot-sign.bbclass > @@ -122,13 +122,7 @@ concat_dtb() { > # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB > # with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble) > if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then > - if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ > - [ -e "${UBOOT_DTB_BINARY}" ]; then > - oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET} > - if [ -n "${binary}" ]; then > - cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} > - fi > - elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then > + if [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then > if [ -n "${binary}" ]; then > cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \ > ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} >
On 12/6/24 4:30 PM, Denys Dmytriyenko wrote: > Clayton, Hi, Denys > > This is not the way to request backports. Please just read the list for past > submissions and it will be clear how those should be made. Steve has previously communicated this is an acceptable format. Please see https://lists.openembedded.org/g/openembedded-core/message/207185 I take it you would prefer to see a distinct request for each branch. > > > Steve, > > Please do NOT backport this change to stable releases, as it seems incorrect > and causes issues downstream and should probably get reverted from master. I agree given the feedback. > > Thanks. Thank you! > > > > On Tue, Nov 26, 2024 at 08:17:34AM -0700, Clayton Casciato via lists.openembedded.org wrote: >> Hi, Steve! >> >> I would like to backport this from master to Styhead and Scarthgap. >> >> Thank you! >> >> Clayton Casciato >> >> -- >> >> commit 0d14e99aa18ee38293df63d585fafc270a4538be >> Author: Clayton Casciato <majortomtosourcecontrol@gmail.com> >> Date: Fri Nov 22 08:00:00 2024 -0700 >> >> uboot-sign: fix U-Boot binary with public key >> >> Fixes [YOCTO #15649] >> >> The U-Boot binary in the "deploy" directory is missing the public key >> when the removed logic branch is used. >> >> The simple concatenation of the binary and DTB with public key works as >> expected on a BeagleBone Black. >> >> Given: >> MACHINE = beaglebone-yocto >> UBOOT_SIGN_KEYNAME = "dev" >> >> Post-patch (poky/build/tmp/deploy/images/beaglebone-yocto): >> $ hexdump -e "16 \"%_p\" \"\\n\"" u-boot-beaglebone-yocto.dtb \ >> | tr -d '\n' | grep -o 'key-dev' >> key-dev >> >> $ hexdump -e "16 \"%_p\" \"\\n\"" u-boot.img \ >> | tr -d '\n' | grep -o 'key-dev' >> key-dev >> >> Non-Poky BeagleBone Black testing (Scarthgap): >> U-Boot 2024.01 [...] >> [...] >> Using 'conf-ti_omap_am335x-boneblack.dtb' configuration >> Verifying Hash Integrity ... sha256,rsa4096:dev+ OK >> Trying 'kernel-1' kernel subimage >> [...] >> >> Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> >> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> >> >> diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass >> index a17be745ce..7ee73b872a 100644 >> --- a/meta/classes-recipe/uboot-sign.bbclass >> +++ b/meta/classes-recipe/uboot-sign.bbclass >> @@ -122,13 +122,7 @@ concat_dtb() { >> # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB >> # with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble) >> if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then >> - if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ >> - [ -e "${UBOOT_DTB_BINARY}" ]; then >> - oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET} >> - if [ -n "${binary}" ]; then >> - cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} >> - fi >> - elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then >> + if [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then >> if [ -n "${binary}" ]; then >> cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \ >> ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} >>
diff --git a/meta/classes-recipe/uboot-sign.bbclass b/meta/classes-recipe/uboot-sign.bbclass index a17be745ce..7ee73b872a 100644 --- a/meta/classes-recipe/uboot-sign.bbclass +++ b/meta/classes-recipe/uboot-sign.bbclass @@ -122,13 +122,7 @@ concat_dtb() { # If we're not using a signed u-boot fit, concatenate SPL w/o DTB & U-Boot DTB # with public key (otherwise U-Boot will be packaged by uboot_fitimage_assemble) if [ "${SPL_SIGN_ENABLE}" != "1" ] ; then - if [ "x${UBOOT_SUFFIX}" = "ximg" -o "x${UBOOT_SUFFIX}" = "xrom" ] && \ - [ -e "${UBOOT_DTB_BINARY}" ]; then - oe_runmake EXT_DTB="${UBOOT_DTB_SIGNED}" ${UBOOT_MAKE_TARGET} - if [ -n "${binary}" ]; then - cp ${binary} ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX} - fi - elif [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then + if [ -e "${UBOOT_NODTB_BINARY}" -a -e "${UBOOT_DTB_BINARY}" ]; then if [ -n "${binary}" ]; then cat ${UBOOT_NODTB_BINARY} ${UBOOT_DTB_SIGNED} | tee ${binary} > \ ${UBOOT_BINARYNAME}-${type}.${UBOOT_SUFFIX}
Hi, Steve! I would like to backport this from master to Styhead and Scarthgap. Thank you! Clayton Casciato -- commit 0d14e99aa18ee38293df63d585fafc270a4538be Author: Clayton Casciato <majortomtosourcecontrol@gmail.com> Date: Fri Nov 22 08:00:00 2024 -0700 uboot-sign: fix U-Boot binary with public key Fixes [YOCTO #15649] The U-Boot binary in the "deploy" directory is missing the public key when the removed logic branch is used. The simple concatenation of the binary and DTB with public key works as expected on a BeagleBone Black. Given: MACHINE = beaglebone-yocto UBOOT_SIGN_KEYNAME = "dev" Post-patch (poky/build/tmp/deploy/images/beaglebone-yocto): $ hexdump -e "16 \"%_p\" \"\\n\"" u-boot-beaglebone-yocto.dtb \ | tr -d '\n' | grep -o 'key-dev' key-dev $ hexdump -e "16 \"%_p\" \"\\n\"" u-boot.img \ | tr -d '\n' | grep -o 'key-dev' key-dev Non-Poky BeagleBone Black testing (Scarthgap): U-Boot 2024.01 [...] [...] Using 'conf-ti_omap_am335x-boneblack.dtb' configuration Verifying Hash Integrity ... sha256,rsa4096:dev+ OK Trying 'kernel-1' kernel subimage [...] Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>