From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 09 Oct 2025 16:58:47 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f59.google.com (mail-qv1-f59.google.com [209.85.219.59]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 599EwjqG013637 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 9 Oct 2025 16:58:45 +0200 Received: by mail-qv1-f59.google.com with SMTP id 6a1803df08f44-78ea15d3583sf33014886d6.1 for ; Thu, 09 Oct 2025 07:58:45 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1760021920; cv=pass; d=google.com; s=arc-20240605; b=XHCFTIRvZCj1CuWRUZPFFxUjEoDMZyCjlYQuZq2tMZshg+vp7zZW7xNkF/Jr593ZNG oEFicdgQzSKq94ZfpB7i35CZse4XcI3W07uDWSmxyjyVOJkHaPCSkogrqWZsQBG5fhhn 1Ovc6HpGpwMW/AViT3rAtLAqa72iYbgUtWrWq5TPdozHJwur2iB9e5goxhXTIxzWT3kH dhN0V47kfwGOPDphBgAGIm/jLcH//QavxzozK6x6dbEXuuqgvu9oR6veNitNlAFzI+b3 6MK31DUWeIoPh6RnUlTzVPOPGd1Ewl2QEtBMMlH0z6gWI7P/hEkp3pQO+1o/htWeunn/ qyyA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature; bh=wtWuODLXUvY/X69CfzVChX7TyhcqUy4IGHH/rm6fp88=; fh=Ed8eSRz5ESu4WFWr4kSfkKdYYZwiiOrw2clMv0VkZoE=; b=OU2O/gJyku61rDFBcOu7cKKEha+4JRNFZ2hWQOr1VQNLu3BEWsTLdcrxGi8gNDTJaH mrh0dOP3XbSDsAzBeVaF9HgHNyjM7fXywxGm2JSYjQRSuylR9fkonVAel+Efd/X7qfIM eBylHFwS5pMcOu3Y2nAdZmVXFbbm8U0qSSYEbotXkMRTpgQp/QsM64JYdDEyrkbQpwN8 TlCcaHjdHfbkJgngBY2yjou7XOJ/ySMrQGnG9+pamGV4v1iQ3rUX0i7FMPJT5gkcJmH2 rdZXcWGmtD9pb3KpnztSjs8gH/hKlS5PJFc9wRip8Mk7uFPuoFkzs4IUiT9kre5y11DQ KgAQ==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=K+yHKu9I; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1760021920; x=1760626720; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wtWuODLXUvY/X69CfzVChX7TyhcqUy4IGHH/rm6fp88=; b=lnQCbXfVVFUEEZ2lHRf+6qV39Q9kApu92vH2BVS9c5jB4YP7STgfrY1x6MkThtPQgO nq05GboDA8fqz3UNSobo80TwJhmHuEY6fUrMeHRZ1T2wkJb4brl4q7PAh/Pf1wNDm3gi IhElAJpZdqyhQOkDYaWNMQvP5+pmMbSGvl06wJ9Wc7D5yFpel9PbwV4aoOu+u77KCEXi XllJo40C6G4G9PiGpBMxixHFy6Quq2ozWBGH5NTxcR8lKeDNp81NrrC6ninTkU8WVYPG xn525sQUy5OvJKCCAnqnlms8p3vWbH39V6iheJYbsRKJ7PZD1eU6pnXnD1h51ACDH8gD PzJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760021920; x=1760626720; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:x-beenthere:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=wtWuODLXUvY/X69CfzVChX7TyhcqUy4IGHH/rm6fp88=; b=EcjTI+O64MgLW7Bzv3cF4fMdWxRG9fViDjjtZxxNSqD1HayfVbZC5ItnVYLqpSagQe Yj3LBQpmPtadW99fziXqPY7xb5LxcfAzxWISn1GQ9JfFPuineQfuFbCILjy5sTS75nrU 6PxB3mdn47RxHH2aQqMdR2NI9aUkz8XdZiKD9X9JsNS2bDmGzBBYfjYcxyDA983bWN3i Z0I/j7AoiresQdKuegvwa5/m2z6ggfy8gvVN0cogSs7yr5FhP2Ddwsh3p8t4dDTtgvg4 bHrdoLxRf0TQGVt/zcUxKeP7X/7J09HuA2UD9Lpz78esZS1l10Qb2D/VnqQQJ0l+2ejF Zb8w== X-Forwarded-Encrypted: i=3; AJvYcCV9Av6mZx9wwvZ+FOgYld3w1cPds7ZsUHwyJjp0bTznqUbAZpaHyeTqEYSY8ioEInZF/YIP@ilbers.de X-Gm-Message-State: AOJu0Yx50rh32GPqjYoUDulebVIZr+OQBD+nkFZGKjpSPJDVB1Xt4ONN Wv67d86YVRiE2rp7C5zL4FjsfFf1fgDoAEI0I+hHN7YGOIaMOdxPP5ae X-Google-Smtp-Source: AGHT+IFyrBxQ0sAu09Dou4HA1Z2EAtlG0YZ71kvTvdyNq7WWoI8+uZWcE7fodJ85md9/AHkSRt4Y3Q== X-Received: by 2002:a05:6214:4012:b0:879:b99b:993c with SMTP id 6a1803df08f44-87b21065d5dmr125957846d6.18.1760021919370; Thu, 09 Oct 2025 07:58:39 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="ARHlJd7qQfweNt7ZrsEAbVSaDzD40+uANxRSBzZhSHAzi1XCJw==" Received: by 2002:a0c:e74a:0:b0:87b:bc55:2a6d with SMTP id 6a1803df08f44-87bbc552e93ls11058276d6.2.-pod-prod-03-us; Thu, 09 Oct 2025 07:58:38 -0700 (PDT) X-Received: by 2002:a05:6214:1c8f:b0:81c:ded8:7099 with SMTP id 6a1803df08f44-87b2ef94644mr99421686d6.58.1760021918123; Thu, 09 Oct 2025 07:58:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1760021918; cv=pass; d=google.com; s=arc-20240605; b=G9FmsXnZAe1vDSt8hagVRZKDcaZ+CJvPJ59EnZxU1FyFUK9iHlKQGs07X1BphNpVBg jUx9gIfzOxO2TRR4ifVddtslQPyBhbE60bhrBZXC+eOColxTkt9Yn4U9FLdeIUNt1fN3 pWUl1iSJHajkg+iZhBCvs8FeK/4RhFeNNHc6OsR386AJgSGwkxUErHQpkMTGuXjRxaBJ o+g0ucVH7YvMmzOnwGTSD7zod9RI7pQrasY7XqMsbxWCmkaNK3HQGcVCKjvCAdtDGrjL uOmYTztQCEZLouxtn9PuyFMM7jHObwtKMdG1JVoYD9mT22OloJf2s+pfQ033M52cG8rO nknQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:content-id:user-agent :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=UkmTmgFZtiCltSAx03ieXPJX+HYfy+uicFVB4k2xesw=; fh=WfvhB5UdIPJnPli7m7AhZteqlaJkRFlbo2oZotLy5ck=; b=FHekQqz/9/ZRC0ZIhIVkP2107yb+rvIEBNKZofzH3OiI1nyTgP8ACT+291OA5baCkx aNpbqmMNG4y1ih4d096j2+SFt8udADxqOcXMdBWuqEt5HkwvpVltr24V6X1fnnwIxp7d fK57q1OlZfxL3h46eJv3LE3uQ8bIdIIJY4yxEoQWStXnHueqXnJ3ZbEmS8uyf/RmOQlY U7u/BSMwstlgPEco5R/isX1ECE54WQ0whFOK+P09dtniaWfSDezzHr5jCbwZ//8k5Ft9 nhTAcHV2uqxeZvsN3N0+5TT0/Mdpm+FDBG6Xko6ZkBrKnsr+FsUGfWDxa41Y3kS6XjQN H6jg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=K+yHKu9I; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id 6a1803df08f44-87ab6bf99b4si952786d6.3.2025.10.09.07.58.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Oct 2025 07:58:38 -0700 (PDT) Received-SPF: pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wVhSJZwBOwZHZVXrEcYYyNnyQVBIQbv8NmtSMp+0baAxj3pj74QA9G4amIPAXEEnfdQcBsoMhDj9uDNSVfBR3rqsnwmRp0eNVtPBfYJoRSKA05uylN2w9xoX0QyUSbK7x8h2je0jNQLA/ioSU5Mrfyk6nxqCqjXUJL2ip5+YKKUz1JBM9PzVUpEjLhW+394L+1xA3sE9UtSLtG/Jx7lEXfLqz5ElmMfc2MsCGs5Hbad5wsHdJhc3oCJaoTzAKWHwSxhW3S65wfTxMDotjof/Sa5Cy0Ga5zz5+Kogg9Q/pAzlZiXUnid1Yr36WCnBGDplKyxuQH87xSNfpsjQYNaWFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UkmTmgFZtiCltSAx03ieXPJX+HYfy+uicFVB4k2xesw=; b=Z1wG6bBlSyVyPKG/DeiFPdzSSnxV1yccc/5zlXWmzTmHuSifGsZBTthqnsAyGXVFQmprOaWZ8q2EMWHgNWY+YlX08qRnBr817j7wSKKowWlgZpxFmSTa0Wqqvvz3LMR1ebUfx4Zqs7Y23Yzv/CUnVqyGh7gITJ0Q0sA7mMFJYhMwTXGxr5JFnJoTH90jJY1va/44waq8g3DArQULgZQ+IgJb5h1Wnp0NZud76HuYM7MTGq1EmYcJjwHG6PnoYWdYbhXSc4fD4kFYhGoZshLf9/dWS7HJ7oyVAvSnCWeEJYWz5YTUdTQnHD6i/VPp/Pxrs9/nLZXWUYs5/toTxFAAWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:629::5) by AM7PR10MB3288.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:10c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.9; Thu, 9 Oct 2025 14:58:35 +0000 Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::b0ad:e93d:d30d:b90]) by AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::b0ad:e93d:d30d:b90%4]) with mapi id 15.20.9182.017; Thu, 9 Oct 2025 14:58:35 +0000 From: "'cedric.hombourger@siemens.com' via isar-users" To: "isar-users@googlegroups.com" , "Vadivel, Arulpandiyan" , "MOESSBAUER, Felix" CC: "Kiszka, Jan" Subject: Re: [PATCH] meta-isar: add support to verify sha512 checksum for target image Thread-Topic: [PATCH] meta-isar: add support to verify sha512 checksum for target image Thread-Index: AQHcOR2JNiLe7HddCkO7qMaYG5nIcbS515eAgAANIQCAAANpgA== Date: Thu, 9 Oct 2025 14:58:35 +0000 Message-ID: <7e02c46a294768fd459208cb0989d91da2e5bc53.camel@siemens.com> References: <20251009130928.84805-1-arulpandiyan.vadivel@siemens.com> <8d487c2c05a0a9b0cdde1b0241642187f001941c.camel@siemens.com> In-Reply-To: <8d487c2c05a0a9b0cdde1b0241642187f001941c.camel@siemens.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Evolution 3.52.3-0ubuntu1+intune x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AS8PR10MB7875:EE_|AM7PR10MB3288:EE_ x-ms-office365-filtering-correlation-id: a52e4eee-0100-4442-0a78-08de07445299 x-ms-exchange-atpmessageproperties: SA x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700021; x-microsoft-antispam-message-info: =?utf-8?B?dUFIemdZZHJOV0ZlR0o4MisrVm9lMjhRSkJOazFuLzFGaXpBQ28zeFJGRXlo?= =?utf-8?B?em04Njh0RzBwaUNIa0VDdk1UTEl4TC80NzA2Q3Z4SVNxOFcwZ1ZPaXNZKys0?= =?utf-8?B?SGtHWnpTdVRrb2drWThlbUZSY0JYWFFuRkJwZWdzZVdBd3N0V0Z4OWNHUDh4?= =?utf-8?B?eXJZU0ZVdmswRTQrTXAvSnZlREJxY084ZVZOMU0vL1NlQUZrTm9nSW9aMG5u?= =?utf-8?B?RUxLZGJyR3RmQ0V4a2ZpcHpldnZyU3ZOUU9NY2JLR3pXKzA5NkpmbldUQjBB?= =?utf-8?B?eElrV3o5N0IvdU9oQVhLMmdJSVNXeFhGc3N6cDFjeHlvR05xdTBGaEVvZnlx?= =?utf-8?B?UkNBMjZRRVNBOFlVQTlBajQ2QmQreXhuUnZRL2MxVkhlcjV3SSsyL2JWdC9P?= =?utf-8?B?YVphV0UreFpCKzZyYThTUEVuWGtZRnJBdkNQelJRSGdEaVhWTVRyaFJwblRq?= =?utf-8?B?ZnowM2hCVER1VHJNR3NDUW9vTFpHVHFhWFVHVm1CMDF0c2tTN3lsc0M5SU81?= =?utf-8?B?QXp1RUZYbHFFd0cvZ0JzZ1NPNzVBUFFJQjlBQmplU2pNRUdLcjJsV1kzM0xE?= =?utf-8?B?NGk1bkVHdmxseGtLRmx4MWFPQlFRc3pMOHRqMVF2TzVNcys3a3BpU3RVRGI5?= =?utf-8?B?dnFGWDVZcDNFTGYzZFNmUFJyYkY3K2ZtclV3b3I0S3VaUXJpaXJxVzlUNTBZ?= =?utf-8?B?eXRGMDFIMWJ0OXNMeWZCdy9QcGs4V3Exb1pYcFVVOGpjVlMvYklLYnBMa0l6?= =?utf-8?B?QVVyYW1BQm1odUhDS1JucGZCUUNJRG1RT3c3OS9ST2paZ2RKVjl1VWxvSDgw?= =?utf-8?B?bkNDZ0JSUzlkOXlVWk9sUDhiWW5PQXNZaEpzQStDVmlPRkVkcjFpRlExMTVW?= =?utf-8?B?N0FZa28xRjBzVXAvc0VNaVIwN2RDTENtTjBOZWZjcW5waHZMR3dDODRTbHlm?= =?utf-8?B?SVdldFZ0ck5NYjgwbWNjc2pHWjZwUGwwMnZJcHZtSXM1bXhKU1ZkTDRQMDl3?= =?utf-8?B?Q3g2dUxNNEZqYXpZREV1aDJwQmtIV3RYeGJnN1ZJUEU3ckg0dG50VXpJRkpn?= =?utf-8?B?Mis1RXdQMER2emd6TGNqUmZSa1NtczY0UitXcHZzSk9CdHd4dENKR1FUajUy?= =?utf-8?B?cW1LcWZieUl1Z0lYdHgzVnFFbEkzTnhRTFBCekNGaXB2ZEdRck53QzBaUHNs?= =?utf-8?B?Vi9acnRLMGtBSjJEOEg0Z0cwaWdDRVRvQVpReXpITC95aHB3bnd4VUxodm1B?= =?utf-8?B?WEt4UmJQMUJPNUU2RlA5UENmRUlKdEJuTFdRbFk5YVEwbzdZTlE2Vkxmemxu?= =?utf-8?B?YzFYSEN4dVVva045c1U5YzJoV3dqcDBic0tpQVRwckF0QUlTS1FhY1NFRFpR?= =?utf-8?B?b1VMR0ROZmhQTUp3bFhyb3c2ZWpIdWdZUjlHejNYTlhVcXNuWE15U0YranlO?= =?utf-8?B?S1BxU0M3Y2swclRiMTM1K3VqS3Jld3JkUm9VbDdUcmhmNTRId01MVTdFT0RH?= =?utf-8?B?b2hNdFVmVURYemVwK3RzWnI3aCtrTW5rT2xIWVN4b0FLZzFTanFaVHJUS3JW?= =?utf-8?B?UEcvLzBQV0hzKzJ3N2lzSUhLQ1I0U0VRY2FhVGNzNjRKbGUxdjBKeVNqRFRu?= =?utf-8?B?bm5hL0lMT2tNcHRlWHF4bzE5N2I4U1I3RzNTaFRpT1RPcThtc2tSNnlybkhS?= =?utf-8?B?aHc1OHZvR2FGZGNMYm1rRkVDVElHN0FBZUh5RXRwV05wUk1lVExXTWFic1hq?= =?utf-8?B?eVUycTMxZVdMQ2pTVmxNOHB0bFhmK3RxNWVQcU1rdlJnaUFoQUxtNU5Fa3Br?= =?utf-8?B?bUVHQWJWN0wyM1FOZm9CNTVnQUlxWmlzam40eU5ySEU5NFVpQVZSQ2hXbGRJ?= =?utf-8?B?RFFyR2ZJd05lMXg1dzM0TVpKL25LUys3TzJqZG1YV3RRdUxxMFlIVklXV1Q4?= =?utf-8?B?WE5tY0tIeUQrQlVEc1l0UmFPcnJjanJ1bFZBSGVvd2tiUDhRSDdWNHpDVDk5?= =?utf-8?B?U2ZYT2NNRGIrYnRGRDFWYWNSN3ZkV2ZrMUUyQUFqZDlWY01NRlpZNklETG1h?= =?utf-8?Q?RCx0NC?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700021);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?QmovMWx5RWswRFVtQjJCMDNnaDl6R09uNXZ4T3E4TmFtcVZod3BlOEYvNjlW?= =?utf-8?B?STVBVTNUWXFrMFhVMzBNbHpGMkFVc01YeVpVN0JrS1JhWU56WnNnN3RhMDla?= =?utf-8?B?R1Fnd3Nsd1NHSnJGeEVTWk5qemsyRDBkQlhZQ3BCMW9GK1gxSFdrcnJtVVIv?= =?utf-8?B?M2poWWVkRnhGaGRkdjFVaVRHMWYvdUp4OExETEVYb0FPWDdBeWw3YjhNd3hS?= =?utf-8?B?Vjh3TmY1Yld3OXl4NXVCUjJibndaQ1N6M3o4N3lxQy9WM2o0clBuT3k3WkZ0?= =?utf-8?B?Zys5QTZaMDI1ZldoZHRGN3pxRXNocjNRNmNiWEM1anIxZTlDWFU2S1ZhSmlj?= =?utf-8?B?cUEyZTZsTDc4bmhhRXlwME05YjhZd2hpQ3hlTktHWXVEY2dMVS9xald1ZlJz?= =?utf-8?B?MXNIdWNacUZjZGUxY1FYZUVIU1Jldmw4SWZYZll0MXg3KzRaNHpCdFRFVVJs?= =?utf-8?B?NCtKRVhRcXQyTHFsYnlpb2FSNzBQdHgxaStGYnhwOHNYajdVSjBvQnorWkNO?= =?utf-8?B?ZTI2bVY5S0NWVzlxaTJ6UlErdVJGVTBPWUdaMkN4ajFWK0RmcHpwdXk1TlFY?= =?utf-8?B?N3hxT1hiYmo0citRQVZlcUpwSFNOTmQ0V0JON1hnR1lCYUp4M3hycGRnVVZF?= =?utf-8?B?bzltejRKQmRaNGNtbHFqc00zL2FHWXdvZUlhWDIzdkxkQmFYd0lsZnZhOTE1?= =?utf-8?B?L1d0M3ZueVp1aUZCenV4VTlGckk2UExEckJLYnMvQXdsa3FtV0xiWU12NVVa?= =?utf-8?B?WUdFN2trSG5VSGRYU3o3WFc4bEpEcmE1dm9Ya3VXdGFCU005RGpveDZkOElQ?= =?utf-8?B?UzlTaDJMYnFlWHNIS0pDOWNKOHpBZFlFb0llbE5udzY0NTRVZHNTamZ3bnVK?= =?utf-8?B?L1R2Lzh4L0x5aW50d2RuTGxqZ216eWRoMGdDalVaK2JFampsZGhWV0dmMmlV?= =?utf-8?B?UlRPdnh0ZEFQSHJrN25lMkdhRTlpcGdid3V1S0ZrOG56aFJXbjFMajBZY1Yw?= =?utf-8?B?SEZiTFBWN1lyWEdkWlRxaHp0b0R6alphenhrWUQveDVOK2xwaUZzTElTSVc2?= =?utf-8?B?dHUyTlNPeG1XSVlxdHpxVVBFNWsvWXRTWXFGZTVXRjAxaU5Rb09YbFBNSXFj?= =?utf-8?B?WTNhdTFubjVpQ1pTSXRQdXBlSlpLMVEvb09DSFNrR1JhdzRvUDh6TG9BN200?= =?utf-8?B?STJHVzBZb2JLTjltMHd5WnpvKzZEMThjcGF0RnM0L0tDY0hjWDBPWW1UR3R0?= =?utf-8?B?ZHVrVCtuZzlVRWdoTk5IK0VGY0JDZEtFRmdTTUdLN2FlSDBsTGdiSlZFNlQy?= =?utf-8?B?R2NZWlB3aVNpZzMvRkhnMEZEZXAyaEFLa3QzZWQ2K0RIb010VUxYMDFHTXdH?= =?utf-8?B?TUJTdjcxVXJSRG1VSnBHcFVickZ6THVvNFNqSWo5QUU4ZkkxL1dpeGdMNk5k?= =?utf-8?B?QU44UXRPRU5LaXg2eUVYT3pITUI0dDkrdU1HSWtCSWhXMkp0aDBLTktUVU4v?= =?utf-8?B?MEY4SUhRMmY3QzBmbXYrVmgyZ3Q1SUdCOHdkcnI0Sm0wbVI3dUMwVXowUm5q?= =?utf-8?B?YUZRMndlelZyeVhkdlhsQVVuK2l5NE9zeTBUQzcyWis2eFVkaFVmbWp0dHRY?= =?utf-8?B?YURxL2gzV3ptVlFoTmpmRWpnUlo1NHhtaGNWZFNtVjRpWS9PT0ZlaUVEWVBU?= =?utf-8?B?VjFBV0ZFRmY1elo2bmhwYStjcUV2eEdoT2RxV0t4TkVqRElndW1QR0dPcW1M?= =?utf-8?B?cmU3WEZMRG5IaFB6bmNxcFB5dkJHUVZkZTlHSHJiV0VudzNneUZacmlTTDMz?= =?utf-8?B?TUFGUTdvUnBBaFRlTE43bXNqdWowWXpOYlYxYUs3VTFMTkI4d0NNenJndEhp?= =?utf-8?B?U1BjelUyczk1THI1KzdJYVU2aWl3L3VaTlJrOW82NS9lNjZDSmkxSThYejgy?= =?utf-8?B?dDY2eml3NTBVdTVEWXcyVHNxMUxsZG5sckVSTWFtWDJJWGQrUW8xd3BiU2dG?= =?utf-8?B?eCtGTWF3VVVYTHNMSXpMbWlnZ1V3Y0F2NStrVWZvV3ZCWThGWG1EK2hhWWJr?= =?utf-8?B?SVNVV2FBRUo2dER3VHhGUm5hV1U4ZzdvYWkzR3NJamZlWHM4K1YzZStZOHV1?= =?utf-8?B?K3VZSVhSQzVIbGZ6NndRTTdLSHk5cloxMDJGVlQ0ZUFOaG9hVHFYNmt6c3BD?= =?utf-8?Q?Fe4/uOMqTDUiBUW8e6G+lRk=3D?= Content-Type: text/plain; charset="UTF-8" Content-ID: <2B8C1A7DCD916748BB8AF7325ECEEF71@EURPRD10.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: a52e4eee-0100-4442-0a78-08de07445299 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2025 14:58:35.7397 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iQ/hQF09ZZuBFSaLdOeWr1vAI67Coo6F3cJsWA2GrUtQB7MJ5V6+Cf6QQcEFs96gZR/n/VgHp656CiyePmfG6t/tJaY8v/cZnddGyGBRU9I= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3288 X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=K+yHKu9I; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "cedric.hombourger@siemens.com" Reply-To: "cedric.hombourger@siemens.com" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: F6GUDOcDiu9V On Thu, 2025-10-09 at 14:46 +0000, Moessbauer, Felix (FT RPD CED OES- DE) wrote: > On Thu, 2025-10-09 at 13:59 +0000, Hombourger, Cedric (FT FDS CES LX) > wrote: > > On Thu, 2025-10-09 at 18:39 +0530, Arulpandiyan Vadivel wrote: > > > In current approach, target images from installer is installed > > > without any > > > verifications and validations. > > > Adding support of verifying image with sha512 checksum before > > > installing image > > > Currently during the image installation .bmap files also listed > > > in > > > the menu. > > > Update to show only image name instead of showing supported > > > artifacts > > > like .bmap and .sha512. > > > Added a class to support generating sha512 checksum for the > > > images. >=20 > Hi, is there a particular reason why not rely on the checksums in the > bmap? These are WAY better than checksums on compressed artifacts and > are also correctly checked by the bmap tool (instead of an error > prone > custom implementation). >=20 > > >=20 > > > Signed-off-by: Arulpandiyan Vadivel > > > > > > --- > > > =C2=A0.../classes/installer-add-rootfs.bbclass=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 |=C2=A0 6 +- > > > =C2=A0...eploy-image_0.1.bb =3D> deploy-image_0.2.bb} |=C2=A0 2 +- > > > =C2=A0.../files/usr/bin/deploy-image-wic.sh=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 | 56 > > > ++++++++++++++++++- > > > =C2=A0meta/classes/image-checksum.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | 14 +++++ > > > =C2=A0meta/classes/image.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 1 + > > > =C2=A05 files changed, 76 insertions(+), 3 deletions(-) > > > =C2=A0rename meta-isar/recipes-installer/deploy-image/{deploy- > > > image_0.1.bb > > > =3D> deploy-image_0.2.bb} (96%) > > > =C2=A0create mode 100644 meta/classes/image-checksum.bbclass > > >=20 > > > diff --git a/meta-isar/classes/installer-add-rootfs.bbclass > > > b/meta- > > > isar/classes/installer-add-rootfs.bbclass > > > index c738f690..185e4a3c 100644 > > > --- a/meta-isar/classes/installer-add-rootfs.bbclass > > > +++ b/meta-isar/classes/installer-add-rootfs.bbclass > > > @@ -19,7 +19,7 @@ IMAGE_DATA_POSTFIX ??=3D "wic.zst" > > > =C2=A0IMAGE_DATA_POSTFIX:buster ??=3D "wic.xz" > > > =C2=A0IMAGE_DATA_POSTFIX:bullseye ??=3D "wic.xz" > > > =C2=A0 > > > -ROOTFS_ADDITIONAL_FILES ??=3D "installer-target installer-target- > > > bmap" > > > +ROOTFS_ADDITIONAL_FILES ??=3D "installer-target installer-target- > > > bmap > > > installer-target-sha512" > > > =C2=A0 > > > =C2=A0def get_installer_source(d, suffix): > > > =C2=A0=C2=A0=C2=A0=C2=A0 installer_target_image =3D d.getVar('INSTALL= ER_TARGET_IMAGE') > > > or > > > "" > > > @@ -49,4 +49,8 @@ ROOTFS_ADDITIONAL_FILE_installer- > > > target[destination] =3D "${@ get_installer_destin > > > =C2=A0ROOTFS_ADDITIONAL_FILE_installer-target-bmap[source] =3D "${@ > > > get_installer_source(d, "wic.bmap")}" > > > =C2=A0ROOTFS_ADDITIONAL_FILE_installer-target-bmap[destination] =3D "= ${@ > > > get_installer_destination(d, "wic.bmap")}" > > > =C2=A0 > > > +# Add support for SHA512 checksum files > > > +ROOTFS_ADDITIONAL_FILE_installer-target-sha512[source] =3D "${@ > > > get_installer_source(d, d.getVar('IMAGE_DATA_POSTFIX') + > > > '.sha512')}" > > > +ROOTFS_ADDITIONAL_FILE_installer-target-sha512[destination] =3D > > > "${@ > > > get_installer_destination(d, d.getVar('IMAGE_DATA_POSTFIX') + > > > '.sha512')}" > > > + > > > =C2=A0do_rootfs_install[mcdepends] +=3D "${@ get_mc_depends(d, > > > "do_image_wic")}" > > > diff --git a/meta-isar/recipes-installer/deploy-image/deploy- > > > image_0.1.bb b/meta-isar/recipes-installer/deploy-image/deploy- > > > image_0.2.bb > > > similarity index 96% > > > rename from meta-isar/recipes-installer/deploy-image/deploy- > > > image_0.1.bb > > > rename to meta-isar/recipes-installer/deploy-image/deploy- > > > image_0.2.bb > > > index b287a8d1..0259a5af 100644 > > > --- a/meta-isar/recipes-installer/deploy-image/deploy- > > > image_0.1.bb > > > +++ b/meta-isar/recipes-installer/deploy-image/deploy- > > > image_0.2.bb > > > @@ -1,5 +1,5 @@ > > > =C2=A0# This software is a part of ISAR. > > > -# Copyright (C) Siemens AG, 2024 > > > +# Copyright (C) Siemens AG, 2025 > > > =C2=A0# > > > =C2=A0# SPDX-License-Identifier: MIT > > > =C2=A0 > > > diff --git a/meta-isar/recipes-installer/deploy- > > > image/files/usr/bin/deploy-image-wic.sh b/meta-isar/recipes- > > > installer/deploy-image/files/usr/bin/deploy-image-wic.sh > > > index 333762f1..963f5756 100755 > > > --- a/meta-isar/recipes-installer/deploy- > > > image/files/usr/bin/deploy- > > > image-wic.sh > > > +++ b/meta-isar/recipes-installer/deploy- > > > image/files/usr/bin/deploy- > > > image-wic.sh > > > @@ -10,11 +10,65 @@ SCRIPT_DIR=3D$( dirname -- "$( readlink -f -- > > > "$0"; > > > )"; ) > > > =C2=A0 > > > =C2=A0. "${SCRIPT_DIR}/../lib/deploy-image-wic/handle-config.sh" > > > =C2=A0 > > > +verify_checksum() { > > > +=C2=A0=C2=A0=C2=A0 checksum_file=3D"$1" > > > +=C2=A0=C2=A0=C2=A0 hash_image_file=3D"$2" > > > + > > > +=C2=A0=C2=A0=C2=A0 # Get the extension from the checksum file > > > +=C2=A0=C2=A0=C2=A0 algorithm=3D$(echo "$checksum_file" | awk -F. '{p= rint $NF}') > > > + > > > +=C2=A0=C2=A0=C2=A0 #Read the expected checksum > > inconsistency (missing space after #) > >=20 > > > +=C2=A0=C2=A0=C2=A0 expected_checksum=3D$(cut -d' ' -f1 "$checksum_fi= le") > > > + > > > +=C2=A0=C2=A0=C2=A0 # Check if the checksum file was empty > > > +=C2=A0=C2=A0=C2=A0 if [[ -z "$expected_checksum" ]]; then > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 dialog --msgbox "Error: C= hecksum file is empty or > > > unreadable, Installation aborted." 6 60 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 exit 1 > > > +=C2=A0=C2=A0=C2=A0 fi > > > + > > > +=C2=A0=C2=A0=C2=A0 # Calculate the current checksum of the file > > > +=C2=A0=C2=A0=C2=A0 local current_checksum > > > +=C2=A0=C2=A0=C2=A0 case "$algorithm" in > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sha512) > > could easily be changed to sha512|sha256|md5 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 c= urrent_checksum=3D$("${algorithm}sum" > > > "$hash_image_file" > >=20 > > this may take a while, use dialog to let the user abort the > > verification while running in the background? or ask upfront if > > integrity of the image should be checked (only if checksum files > > were > > found) > >=20 > > also sha512sum -c may be used and would greatly simply this > > function >=20 > I'm wondering why you decided to use sha512 which is super slow. The > checksums anyways just protect against bitflips as the checksum files > are not signed. By that, a much faster checksum like sha1 or sha256 > can > be used as well. >=20 > >=20 > > > > awk '{print $1}') > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;= ; > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *) > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 d= ialog --msgbox "Error: Unsupported > > > algorithm($algorithm), Installation aborted." 6 60 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 e= xit 1 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;= ; > > > +=C2=A0=C2=A0=C2=A0 esac > > > + > > > +=C2=A0=C2=A0=C2=A0 # Compare the checksums > > this comment does not add any value > > > +=C2=A0=C2=A0=C2=A0 if [[ "$current_checksum" =3D=3D "$expected_check= sum" ]]; then > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 echo "Checksum validation= success for $checksum_file and > > > $hash_image_file" > > > +=C2=A0=C2=A0=C2=A0 else > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 dialog --msgbox "Error: C= hecksum validation failure for > > > $checksum_file and $hash_image_file, Installation aborted." 6 60 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 exit 1 > > I would not mix backend and UI code in the same function. Return > > well > > defined error codes and display error messages in your UI code > > > +=C2=A0=C2=A0=C2=A0 fi > > > +} > > > + > > > +hash_files_uri=3D$(find "$installdata" -type f -iname "*.sha512") > >=20 > > you have above a mechanism to handle various algorithms but only > > sha512 > > is considered here > >=20 > > > +if [ -n "$hash_files_uri" ]; then > > > +=C2=A0=C2=A0=C2=A0 for hash_file in $hash_files_uri; do > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 # extract the checksum / = bmap file from signed files > > > name > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 hash_image_file=3D"${hash= _file%.*}" > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if [ -f "$hash_image_file= " ] && [ -f "$hash_file" ]; > > > then > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 v= erify_checksum "$hash_file" "$hash_image_file" > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 else > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 d= ialog --msgbox "[ERROR] Checksum file or image file > > > is > > > missing! Installation aborted" 6 60 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 e= xit 1 > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi > > > +=C2=A0=C2=A0=C2=A0 done > > > +else > > > +=C2=A0=C2=A0=C2=A0 dialog --msgbox "Error: No checksum file(s) found= for image > > > artifacts, Installation aborted." 6 60 > > > +=C2=A0=C2=A0=C2=A0 exit 1 > >=20 > > this should only be fatal if the installer was configured to > > generate > > checksum files along image artifacts and if there are not there but > > only in that case! >=20 > What would be valuable is to encode the checksum either in the initrd > or a dm-verity container to sign this externally. By that, we could > ensure that only "allowed" artifacts can be deployed. But then the > question still remains, why not simply use a dm-verity container for > cryptographic integrity and the bmap checksums to check if the > artifact > is written correctly. I am really liking the idea! >=20 > >=20 > > > +fi > > > + > > > =C2=A0if ! $installer_unattended; then > > > =C2=A0=C2=A0=C2=A0=C2=A0 installer_image_uri=3D$(find "$installdata" = -type f -iname > > > "*.wic*" -a -not -iname "*.wic.bmap" -exec basename {} \;) > > > =C2=A0=C2=A0=C2=A0=C2=A0 if [ -z "$installer_image_uri" ] || [ ! -f > > > "$installdata/$installer_image_uri" ]; then > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 pushd "$installdata" > > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 for f in $(find . -type f= ); do > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 for f in $(find . -type f= -iname "*.wic.zst" -exec > > > basename > > > {} \;); do > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 array+=3D("$f" "$f") > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 done > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 popd > > > diff --git a/meta/classes/image-checksum.bbclass > > > b/meta/classes/image-checksum.bbclass > > > new file mode 100644 > > > index 00000000..673235a0 > > > --- /dev/null > > > +++ b/meta/classes/image-checksum.bbclass > > > @@ -0,0 +1,14 @@ > > > +# This software is a part of ISAR. > > > +# Copyright (C) 2025 Siemens AG > > > +# > > > +# SPDX-License-Identifier: MIT > > > + > > > +do_generate_checksum() { > > > +=C2=A0=C2=A0=C2=A0 cd ${DEPLOY_DIR_IMAGE} > > > +=C2=A0=C2=A0=C2=A0 for postfix in ${IMAGE_FSTYPES}; do > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ -f "${IMAGE_FULLNAME}.$= postfix" ] || continue > > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sha512sum "${IMAGE_FULLNA= ME}.$postfix" > > > > "${IMAGE_FULLNAME}.$postfix.sha512" > > > +=C2=A0=C2=A0=C2=A0 done > > > +} > > > + > > > +do_image_wic[postfuncs] +=3D "do_generate_checksum" > > > diff --git a/meta/classes/image.bbclass > > > b/meta/classes/image.bbclass > > > index bd1b8552..57216014 100644 > > > --- a/meta/classes/image.bbclass > > > +++ b/meta/classes/image.bbclass > > > @@ -141,6 +141,7 @@ IMAGE_CLASSES ??=3D "" > > > =C2=A0IMGCLASSES =3D "imagetypes imagetypes_wic imagetypes_vm > > > imagetypes_container squashfs" > > > =C2=A0IMGCLASSES +=3D "${IMAGE_CLASSES}" > > > =C2=A0inherit ${IMGCLASSES} > > > +inherit image-checksum > > not sure we want to always generate checksums (e.g. for development > > builds, I don't need or want them but would for release builds) > > > =C2=A0 > > > =C2=A0# convenience variables to be used by CMDs > > > =C2=A0IMAGE_FILE_HOST =3D > > > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.${type}" > >=20 > > While I believe the feature being added would be useful, I think we > > should make it an opt-in and ensure that no changes are introduced > > in > > builds that do not require or want the feature >=20 > I would like to clarify the requirements first, mainly by defining a > threat model. Agreed. We should carefully document the why (something along the lines providing a way to only permit installation images from trusted parties and with a confirmation that they have not been tampered in some fashion) >=20 > Felix >=20 > >=20 > > tests using the Isar test suite are also missing. >=20 > --=20 > Siemens AG > Linux Expert Center > Friedrich-Ludwig-Bauer-Str. 3 > 85748 Garching, Germany >=20 --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= 7e02c46a294768fd459208cb0989d91da2e5bc53.camel%40siemens.com.