Commit 74fc1f1d authored by lynxis lazus's avatar lynxis lazus Committed by Holger Levsen

reproducible OpenWrt: strip certificates from images

OpenWrt is signing some images depending on board
and appending this signatures to the images it signed it
using fwtool.
Signed-off-by: lynxis lazus's avatarAlexander Couzens <>
Signed-off-by: Holger Levsen's avatarHolger Levsen <>
parent 05db9170
......@@ -268,6 +268,8 @@ openwrt_compile() {
echo "$(date -u) - Building OpenWrt ${OPENWRT_VERSION} ($TARGET) - $RUN build run."
echo "============================================================================="
ionice -c 3 $MAKE $OPTIONS
openwrt_strip_metadata_signature "$PWD"
openwrt_create_signing_keys() {
......@@ -351,6 +353,18 @@ openwrt_get_banner() {
echo "===bannerend==="
# OpenWrt is signing some images and appending the signature as meta data
openwrt_strip_metadata_signature() {
local openwrttop=$1
cd "$openwrttop"
find bin/targets/ -type f | \
grep -E -v '(\.ipk|sha256sums|config.seed|kernel-debug.tar.bz2|manifest|Packages.gz|Packages|Packages.sig)$' | \
while read -r line ; do
fwtool -s /dev/null -t "$line" || true
# openwrt_build is run on a remote host
# RUN - b1 or b2. b1 means first run, b2 second
# TARGET - a target including subtarget. E.g. ar71xx_generic
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment