From patchwork Thu May 17 09:37:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raphael Freudiger X-Patchwork-Id: 915267 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:400c:c09::239; helo=mail-wm0-x239.google.com; envelope-from=swupdate+bncbaabbtu26xlqkgqeykwy23a@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=siemens.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.b="LoV+f2KY"; dkim-atps=neutral Received: from mail-wm0-x239.google.com (mail-wm0-x239.google.com [IPv6:2a00:1450:400c:c09::239]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40mmRm0pMJz9s1B for ; Thu, 17 May 2018 19:37:23 +1000 (AEST) Received: by mail-wm0-x239.google.com with SMTP id 70-v6sf1639377wmb.2 for ; Thu, 17 May 2018 02:37:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1526549838; cv=pass; d=google.com; s=arc-20160816; b=BR49Pz5K+TlOBaM38TGk6tIULQv+dNIUmqrrh8lgCHUko1at4UOgsrUePispj8OssW Cwdy7vDKNedkBXrtqIZTZWhukc04RGIYLuTSbpWlI3KVpCMB3dBAfDUUgdCSOaGf+GNy LmwKWm0uoVK5iNhYfMDlqk/ZUZGS0MkOlmNoaZJ+N5e9p9zcC81xrX2f1oE4/E5TYB41 FaMwUWpYoLPeJ4SB1vbTWCdLYMM4/TooXZHY/kBD9SkQAfFA+2dlgds5+b/nH3SpSRlH N02uuADKm4C6SM5HBRTZgOHVleqA/F4FRMeKXx8cJRBqGWRit+twzN2KI3g8ZwtBr4N3 /F1g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:date:subject:cc:to:from :arc-authentication-results:arc-message-signature:mime-version :sender:dkim-signature:arc-authentication-results; bh=/4a1ntE8MuCOOTQR+MK2Ghz6+xsCBlOr/eSCuObTj9c=; b=EA7g7Fj6TsPg7fWxD+A1wF2P50yg6V48hhKoIlO3Dbg9DUJBAUbYW8ckxWLvtF7VIy n28L2LBQ4+/3YTPbcjf9422deu2qxbQxW8jlicEi5FD8w3isR4fQD0l5wHSnZO6gmdwF MFE4aeeUDqVcUtlIX6kFB/vyzxBPE//bkrD7Oo40dAeGX5DaHFpYjOkwjLmLZwn1M/BZ e0rYSG8lElQFWCSIbrGwE12Rb3BOsaCF+utITp8RNolCul4BSqZ2IXBV2bAYmjkqsSqS mbHYUyWzlgoIQMdSOML3jfGFSgw2A9T29B+3EBxY4HhTWgEAI5SnlVzYTLMeP9kGTqgp q0DQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of raphael.freudiger@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=raphael.freudiger@siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:mime-version:from:to:cc:subject:date:message-id :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=/4a1ntE8MuCOOTQR+MK2Ghz6+xsCBlOr/eSCuObTj9c=; b=LoV+f2KYMpH3RHCU4ZVyUonE6ZHEZN3SbTrIuYZSLj7TGq6vnoKdvjV/XYDLLW6kC+ 3aJ7YyQ6HdxSmIHUakla3kda9b9W4QLdk+WFGP5JebXJ1Pnb5xE+cV6FkKm8lRBS70oZ xykPNlJwwhdXdZJUVHTRnoKczSgoE7DnaDY9grjilvOZEKzUjwhw/d2qlA9AiCUpIYca hwUDber08zWiRVrPqVfYV13TouCI//YawEC8hPQ2u2pqM2+xhjKw5l6Ax0LPDHH62BkJ tEfUgisWUb+DygNAt9P0uTHMdoxV2+OBpU1HpUWCbrXDiEhaGPdnZM9ckjRGMZxBvH2G ukPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:mime-version:from:to:cc:subject:date :message-id:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=/4a1ntE8MuCOOTQR+MK2Ghz6+xsCBlOr/eSCuObTj9c=; b=DzeQdy9qx/wy+lrBbxAjHgNyxXH69dGdXy+9/ryT4AUUZDK0SI6c2+HEcsksYaCo1k duAxgsZsvVeioiBhzr6w6Bf4vSfuAqCGWeGcCrPtx2NW3XW7Rbvy9ljeUlB8gZWZkBdp QmxK1u3vl0bFXOyikTG6LTw29iO1Vo8LN8T8M39bt0Y3yMZEQqCLU5sdO8dW7PRGLST3 5BByT+k6Zu5R7s0evDTnIBjQS7Cv/yY9ju6oyPgtBDJDeIVA8Y0unYyt61FUHbq7bpD0 OK4mViIiieLsxCZ+ra5CLCbta7m8SI5bAe0K27Asvib+A2joYlW5XFtNAFO/noWdUehH MlkA== Sender: swupdate@googlegroups.com X-Gm-Message-State: ALKqPwf/KEIch6b7rX3N4TSEvO9UD/jJKDqoHoCv5gK9OPF4+bKU8QWU iVphatZV/yObrS/06n41cQA= X-Google-Smtp-Source: AB8JxZq6pzMtqMdG6FAS+0Egm1PuRFZSH05XKnae4X0xQMmnf+t80GaNdEXctKI7eEHuKJWBffU4RA== X-Received: by 2002:a1c:9e15:: with SMTP id h21-v6mr17564wme.5.1526549838904; Thu, 17 May 2018 02:37:18 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: swupdate@googlegroups.com Received: by 2002:a1c:3acd:: with SMTP id h196-v6ls1166754wma.12.canary-gmail; Thu, 17 May 2018 02:37:18 -0700 (PDT) X-Received: by 2002:a1c:b205:: with SMTP id b5-v6mr143024wmf.0.1526549838483; Thu, 17 May 2018 02:37:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526549838; cv=none; d=google.com; s=arc-20160816; b=wkU2BjLNHsGy1KPI1Ktz5GKa/YP6hGGOKPmI17Ez0XKD3+z2KqnbYv+qKXPwvmFOHh YJ665OuokdKrcGfXDmp99ygmtyHVoWm9TFyVXSXgzYEfoq16ulgvBZlzYLyUHFbCIpGX lllsxpO0yAdZ1LCnGNXIQPn+n3VekBKFFOkX/7CwQojvuGAo5P1IbofY8JmDmJAdLhJc WEBDu4siAfqXzE22W2NyrdqBQD3TJIGlaTF+E47HXDO7G3skbLqeGX0MrtWbSEGcRDbW MrFW6H5NcwHf7ydqBbHpKYcSLnF4z9pJNCXVAELOFctyMILjHSiWLVmyU1pbOZinpO2J msSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from:arc-authentication-results; bh=BsagoKVdwjp+CYQdKtSV1KrvZeWNdtIUrEn5eFRHvX8=; b=SS/mIA2iylPfHz0ZQ44A6dpR+4esLS5Wjy4S6H00wv747X/dEIF4Wdu7FnIw5ejqXy K65FfokMab+XvyNM/SytnwyH4yeFyyESgi7RKQFWIzFLmojwWqAjdyDl/pVKNRoQE7OH RaEK400VlvC4w6EGvK2rVZs4QhsnLk1nHMqBHvfJqWVEp0+uKZ/8TPKfHAMG9re7Z4h4 E2X9ahdAECT9LbOL90v2P55CBjnp3m91WRWHHqffxWvrWm7wUysmnw6pj5Ivtj00cRBv 40BEqYdgUTYMF081MbRBRjPcs2vUF/r3Fh8xQm77LAT+8xsLJ6z+gCznOuE0GsrYgB6a 4I6A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of raphael.freudiger@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=raphael.freudiger@siemens.com Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id g18-v6si795953wmc.4.2018.05.17.02.37.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 May 2018 02:37:18 -0700 (PDT) Received-SPF: pass (google.com: domain of raphael.freudiger@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id w4H9bH6d018104 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 17 May 2018 11:37:18 +0200 Received: from dev.vm6.ccp.siemens.com ([167.87.2.66]) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id w4H9bHPB021864; Thu, 17 May 2018 11:37:17 +0200 Received: from dev.vm6.ccp.siemens.com (localhost [127.0.0.1]) by dev.vm6.ccp.siemens.com (Postfix) with ESMTP id 4CB47343AEE3; Thu, 17 May 2018 11:37:17 +0200 (CEST) From: Raphael Freudiger To: swupdate@googlegroups.com Cc: Raphael Freudiger Subject: [swupdate] [meta-swupdate][PATCH v2 1/2] swupdate_class: split out common python functionality Date: Thu, 17 May 2018 11:37:09 +0200 Message-Id: <20180517093710.4155-1-raphael.freudiger@siemens.com> X-Mailer: git-send-email 2.11.0 X-Original-Sender: raphael.freudiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of raphael.freudiger@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=raphael.freudiger@siemens.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , This is a preparation step to be able to use it as an fstype. Signed-off-by: Raphael Freudiger --- classes/swupdate-common.bbclass | 89 +++++++++++++++++++++++++++++++++++++++++ classes/swupdate.bbclass | 89 +---------------------------------------- 2 files changed, 91 insertions(+), 87 deletions(-) create mode 100644 classes/swupdate-common.bbclass diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass new file mode 100644 index 0000000..f53c55f --- /dev/null +++ b/classes/swupdate-common.bbclass @@ -0,0 +1,89 @@ +def swupdate_is_hash_needed(s, filename): + with open(os.path.join(s, "sw-description"), 'r') as f: + for line in f: + if line.find("@%s" % (filename)) != -1: + return True + return False + +def swupdate_get_sha256(s, filename): + import hashlib + + m = hashlib.sha256() + + with open(os.path.join(s, filename), 'rb') as f: + while True: + data = f.read(1024) + if not data: + break + m.update(data) + return m.hexdigest() + +def swupdate_write_sha256(s, filename, hash): + write_lines = [] + + with open(os.path.join(s, "sw-description"), 'r') as f: + for line in f: + write_lines.append(line.replace("@%s" % (filename), hash)) + + with open(os.path.join(s, "sw-description"), 'w+') as f: + for line in write_lines: + f.write(line) + +def prepare_sw_description(d, list_for_cpio): + + for file in list_for_cpio: + if file != 'sw-description' and swupdate_is_hash_needed(s, file): + hash = swupdate_get_sha256(s, file) + swupdate_write_sha256(s, file, hash) + + signing = d.getVar('SWUPDATE_SIGNING', True) + if signing == "1": + bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') + signing = "RSA" + if signing: + if signing == "CUSTOM": + sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) + if sign_tool: + ret = os.system(sign_tool) + if ret != 0: + bb.fatal("Failed to sign with %s" % (sign_tool)) + else: + bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") + elif signing == "RSA": + privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) + if not privkey: + bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") + if not os.path.exists(privkey): + bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) + passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) + if passout: + passout = "-passin file:'%s' " % (passout) + else: + passout = "" + signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( + privkey, + passout, + os.path.join(s, 'sw-description.sig'), + os.path.join(s, 'sw-description')) + if os.system(signcmd) != 0: + bb.fatal("Failed to sign sw-description with %s" % (privkey)) + elif signing == "CMS": + cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) + if not cms_cert: + bb.fatal("SWUPDATE_CMS_CERT is not set") + if not os.path.exists(cms_cert): + bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) + cms_key = d.getVar('SWUPDATE_CMS_KEY', True) + if not cms_key: + bb.fatal("SWUPDATE_CMS_KEY isn't set") + if not os.path.exists(cms_key): + bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) + signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( + os.path.join(s, 'sw-description'), + os.path.join(s, 'sw-description.sig'), + cms_cert, + cms_key) + if os.system(signcmd) != 0: + bb.fatal("Failed to sign sw-description with %s" % (privkey)) + else: + bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass index 02db631..e24b387 100644 --- a/classes/swupdate.bbclass +++ b/classes/swupdate.bbclass @@ -11,43 +11,13 @@ # To use, add swupdate to the inherit clause and set # set the images (all of them must be found in deploy directory) # that are part of the compound image. +inherit swupdate-common.bbclass S = "${WORKDIR}/${PN}" DEPENDS += "${@ 'openssl-native' if d.getVar('SWUPDATE_SIGNING', True) else ''}" IMAGE_DEPENDS ?= "" -def swupdate_is_hash_needed(s, filename): - with open(os.path.join(s, "sw-description"), 'r') as f: - for line in f: - if line.find("@%s" % (filename)) != -1: - return True - return False - -def swupdate_get_sha256(s, filename): - import hashlib - - m = hashlib.sha256() - - with open(os.path.join(s, filename), 'rb') as f: - while True: - data = f.read(1024) - if not data: - break - m.update(data) - return m.hexdigest() - -def swupdate_write_sha256(s, filename, hash): - write_lines = [] - - with open(os.path.join(s, "sw-description"), 'r') as f: - for line in f: - write_lines.append(line.replace("@%s" % (filename), hash)) - - with open(os.path.join(s, "sw-description"), 'w+') as f: - for line in write_lines: - f.write(line) - def swupdate_getdepends(d): def adddep(depstr, deps): for i in (depstr or "").split(): @@ -136,62 +106,7 @@ python do_swuimage () { shutil.copyfile(src, dst) list_for_cpio.append(imagename) - for file in list_for_cpio: - if file != 'sw-description' and swupdate_is_hash_needed(s, file): - hash = swupdate_get_sha256(s, file) - swupdate_write_sha256(s, file, hash) - - signing = d.getVar('SWUPDATE_SIGNING', True) - if signing == "1": - bb.warn('SWUPDATE_SIGNING = "1" is deprecated, falling back to "RSA". It is advised to set it to "RSA" if using RSA signing.') - signing = "RSA" - if signing: - if signing == "CUSTOM": - sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True) - if sign_tool: - ret = os.system(sign_tool) - if ret != 0: - bb.fatal("Failed to sign with %s" % (sign_tool)) - else: - bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given") - elif signing == "RSA": - privkey = d.getVar('SWUPDATE_PRIVATE_KEY', True) - if not privkey: - bb.fatal("SWUPDATE_PRIVATE_KEY isn't set") - if not os.path.exists(privkey): - bb.fatal("SWUPDATE_PRIVATE_KEY %s doesn't exist" % (privkey)) - passout = d.getVar('SWUPDATE_PASSWORD_FILE', True) - if passout: - passout = "-passin file:'%s' " % (passout) - else: - passout = "" - signcmd = "openssl dgst -sha256 -sign '%s' %s -out '%s' '%s'" % ( - privkey, - passout, - os.path.join(s, 'sw-description.sig'), - os.path.join(s, 'sw-description')) - if os.system(signcmd) != 0: - bb.fatal("Failed to sign sw-description with %s" % (privkey)) - elif signing == "CMS": - cms_cert = d.getVar('SWUPDATE_CMS_CERT', True) - if not cms_cert: - bb.fatal("SWUPDATE_CMS_CERT is not set") - if not os.path.exists(cms_cert): - bb.fatal("SWUPDATE_CMS_CERT %s doesn't exist" % (cms_cert)) - cms_key = d.getVar('SWUPDATE_CMS_KEY', True) - if not cms_key: - bb.fatal("SWUPDATE_CMS_KEY isn't set") - if not os.path.exists(cms_key): - bb.fatal("SWUPDATE_CMS_KEY %s doesn't exist" % (cms_key)) - signcmd = "openssl cms -sign -in '%s' -out '%s' -signer '%s' -inkey '%s' -outform DER -nosmimecap -binary" % ( - os.path.join(s, 'sw-description'), - os.path.join(s, 'sw-description.sig'), - cms_cert, - cms_key) - if os.system(signcmd) != 0: - bb.fatal("Failed to sign sw-description with %s" % (privkey)) - else: - bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism."); + prepare_sw_description(d, list_for_cpio) line = 'for i in ' + ' '.join(list_for_cpio) + '; do echo $i;done | cpio -ov -H crc >' + os.path.join(imgdeploydir,d.getVar('IMAGE_NAME', True) + '.swu') os.system("cd " + s + ";" + line)