Uploaded image for project: 'Image Builder'
  1. Image Builder
  2. COMPOSER-1932

osbuild: embedding firmware from container sources.

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • osbuild
    • None
    • False
    • None
    • False
    • Testable

      In the case of custom hardware, the customer is responsible for the device firmware and is unwilling or not allowed to publish it in LVFS as it has no reason to live outside their Edge product.

       

      org.osbuild.fwupd.firmware
      {
          "type": "org.osbuild.fwupd.firmware",
          "inputs": {
            "images": {
               "type": "org.osbuild.containers",
               "origin": "org.osbuild.source",
               "references": {
                    "sha256:d4ee….": {
                          "name": "quay.io/company/radar-firmware"
                    }
               }
            }
          },
          "options": {
            "destination": {
              "type": "vendor-firmware",
              "path": "/usr/share/fwupd/remotes.d/vendor/firmware",
              "quirks": "/usr/share/fwupd/quirks.d",
            }
          }
       },
      
      

      Would install:

      • any cab file within the container into /usr/share/fwupd/remotes.d/vendor/firmware
      • any file in the quirks.d directory inside the container into /usr/share/fwupd/quirks.d.

       An example of how such embedded container firmware could be created by customers would be:

       #!/usr/bin/bash
      
      IMAGE=quay.io/mangelajo/firmware-test
      TAG=0.2
      
      CONTAINER=$(buildah from --arch "embedded" --os "none" scratch)
      buildah add "${CONTAINER}" stm32f103-example-vcp-0.2.cab quirks.d/*
      buildah config -l fwupd.cab.container=true "${CONTAINER}"
      buildah commit "${CONTAINER}" "${IMAGE}:${TAG}"
      podman push "${IMAGE}:${VERSION}"
      buildah rm "${CONTAINER}"
      
      # optional signature
      DIGEST=$(podman inspect "${IMAGE}:${TAG}" | jq '.[]["Digest"]' | cut -d\" -f 2)
      cosign sign --key cosign.key "${IMAGE}@${DIGEST}"
      
      

      And this is an example of how the contents of such container can be extracted in the osbuild pipeline code:

      $ IMAGE=quay.io/mangelajo/firmware-test
      $ TAG=0.2
      
      $ CONTAINER=$(buildah from --name firmware_extract --platform none/embedded "${IMAGE}:${TAG}")
      
      $ buildah unshare -m firmware_extract << 'EOF'
      ls $firmware_extract
      EOF
      stm32f103-example-vcp-0.2.cab
      
      $ buildah rm $CONTAINER
      
      

              Unassigned Unassigned
              majopela@redhat.com Miguel Angel Ajo Pelayo
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: