'%20fill='%23C31D20'%20fill-rule='nonzero'%3e%3cpath%20d='M7.55269822,13.7609409%20C10.8552199,9.97176134%2014.2271223,7.63452926%2017.1034483,6.5677512%20L17.0816429,0.884990191%20C17.0593112,0.508963963%2016.8188535,0.182653682%2016.4703158,0.055395956%20C16.1217781,-0.0718617705%2015.7322263,0.0244201241%2015.4799397,0.300178022%20L12.9584465,3.07097775%20L0.368821458,17.4916392%20C0.0232151224,17.8857306%20-0.0894678188,18.437454%200.0732192079,18.9389805%20C0.235906234,19.4405071%200.649247199,19.815643%201.15754056,19.9230783%20C1.66583392,20.0305135%202.19185783,19.853926%202.53746417,19.4598346%20L7.5467513,13.7690073%20L7.55269822,13.7609409%20Z'%20id='路径'%3e%3c/path%3e%3cpath%20d='M10.6896552,12.0927463%20L15.1004089,17.5535201%20C15.4511303,17.8402432%2015.9409156,17.8973222%2016.3502521,17.6991755%20C16.7595885,17.5010287%2017.0117165,17.0848129%2016.993637,16.6370685%20L17.1034483,10.0202479%20C14.5615201,9.75868982%2012.477139,10.7130773%2010.6896552,12.0927463%20Z'%20id='路径'%3e%3c/path%3e%3c/g%3e%3crect%20id='矩形'%20x='0'%20y='0'%20width='24'%20height='24'%3e%3c/rect%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
新增自定义签名
为了实现构建的软件包的安全性和完整性校验,开发者需要按照本章节指导,实现软件包的自定义签名。
本章节将介绍如何新增自定义签名的操作步骤,具体代码需要由开发者实现。
开发示例中涉及到的文件路径为“{project_dir}/src/app/add_custom_define_cms_verify”,文件目录结构如下。
├── cms_verify.c // 实现签名工具的代码
├── CMakeLists.txt // CMake构建文件
├── build_cms_verify.sh // 实现生成签名工具.so脚本件
└── build_signature.sh // 生成cms签名文件与crl吊销列表的脚本
└── replace_cms_so.sh // 替换签名工具的脚本
操作步骤
以下步骤中涉及到的代码样例仅作参考,无具体功能,不能直接使用。开发者需要根据操作步骤指导实现相关代码。
- 在cms_verify.c实现签名工具的代码。
int prepareUpgradeImageCms(const char *pathname_cms, const char *pathname_crl, const char *pathname_tar) { // pathname_cms:签名文件的绝对路径 // pathname_crl:吊销列表的绝对路径 // pathname_tar:待校验文件的绝对路径 return 0; } - 在CMakeLists.txt中实现构建CMake的代码。
#设置CMake的最低版本 cmake_minimum_required(VERSION 3.16) #交叉编译选项 if (CROSSCOMPILE_ENABLED) set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_SYSTEM_PROCESSOR aarch64) set(target_arch aarch64-linux-gnu) set(CMAKE_C_COMPILER /usr/bin/aarch64-linux-gnu-gcc) set(CMAKE_CXX_COMPILER /usr/bin/aarch64-linux-gnu-g++) set(CMAKE_LIBRARY_ARCHITECTURE ${target_arch} CACHE STRING "" FORCE) set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY) endif() add_library(verify SHARED cms_verify.c) - 在build_cms_verify.sh中实现生成签名工具.so文件的代码。
#!/bin/bash CUR_DIR=$(dirname "$(readlink -f "$0")") function main() { echo "build cms_verify lib..." if [ ! -d "${CUR_DIR}/build" ];then mkdir -p "${CUR_DIR}/build" else rm -rf "${CUR_DIR}/build"/* fi cd "${CUR_DIR}/build" # CMakeLists.txt需要与该示例脚本在同一级目录下运行 # 注意x86编译环境需要安装Arm64编译工具后,开启该选项 cmake -DCROSSCOMPILE_ENABLED=ON .. make echo "build cms_verify lib success" return 0 } main - 在build_signature.sh实现生成软件包的cms签名文件与crl吊销列表的代码。
#!/bin/bash function signature() { # 生成cms签名文件 echo "build cms file success" # 生成crl吊销列表文件 echo "build crl file success" } signature - 在replace_cms_so.sh将OM SDK软件包自带的签名工具({omsdk 根目录}/lib/libverify.so)文件替换为开发者生成的签名工具(libverify.so)。
#!/bin/bash CUR_DIR=$(dirname "$(readlink -f "$0")") OMSDK_TAR_PATH="${CUR_DIR}/../../../platform/omsdk" # 构建工程OM SDK软件包的解压目录 function replace_cms_verify() { # 将OM SDK自带的的签名工具(libverify.so)替换为开发者构建的签名工具(libverify.so) cp -f "${CUR_DIR}/build/libverify.so" "${OMSDK_TAR_PATH}/lib/libverify.so" cp -f "${CUR_DIR}/build/libverify.so" "${OMSDK_TAR_PATH}/software/RedfishServer/lib/c/libverify.so" } replace_cms_verify - 在“product_dir/build/build.sh”中实现调用自定义签名的编译脚本。
# 添加自定义签名工具 # build_cms_verify.sh、replace_cms_so.sh具体实现可参考对应章节实现 # PRODUCT_SCRIPT_PATH="{product_dir}/src/app" bash "${PRODUCT_SCRIPT_PATH}/add_custom_define_cms_verify/build_cms_verify.sh" bash "${PRODUCT_SCRIPT_PATH}/add_custom_define_cms_verify/replace_cms_so.sh"
父主题: 构建软件包
