diff options
| author | Rob Austein <sra@hactrn.net> | 2020-07-13 00:36:11 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2020-07-13 00:36:11 -0400 |
| commit | 4d6f6ceebcb0422bfcf3443e7f4eb7a9eb1e4338 (patch) | |
| tree | 4cc3ee6c35b659c8cafee076b6931d1d9d922b8b | |
| parent | 68f48b7e850de48063d95645c3d76e0a2be5c079 (diff) | |
Still more fun building packages with Python 3
| -rw-r--r-- | .gitignore | 7 | ||||
| -rw-r--r-- | Makefile | 1 | ||||
| -rwxr-xr-x | scripts/build-firmware-package.py | 29 | ||||
| m--------- | source/sw/libhal | 0 | ||||
| m--------- | source/sw/pkcs11 | 0 | ||||
| m--------- | source/sw/stm32 | 0 |
6 files changed, 20 insertions, 17 deletions
@@ -1,12 +1,15 @@ -.pbuilder-sell-by-date build +build.log cryptech-alpha*.dsc -cryptech-alpha*.tar.xz cryptech-alpha*_source.build +cryptech-alpha*_source.buildinfo cryptech-alpha*_source.changes +cryptech-alpha*.tar.xz +.pbuilder-sell-by-date screenlog.* source/cryptech-alpha-firmware.tar.gz source/cryptech_version.py* source/debian/changelog source/debian/control +source/debian/files tap @@ -85,6 +85,7 @@ shadow: ./scripts/build-shadow-tree.py ${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER} + rm -f $@ fakeroot ./scripts/build-firmware-package.py $@ $^ bitstream: ${BITSTREAM} diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py index 4f078f4..6ce49ab 100755 --- a/scripts/build-firmware-package.py +++ b/scripts/build-firmware-package.py @@ -6,6 +6,7 @@ import argparse import hashlib import tarfile import json +import sys import os parser = argparse.ArgumentParser() @@ -14,8 +15,8 @@ parser.add_argument("firmware", nargs = "+", help = "firmware args = parser.parse_args() tar = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz") -head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip().decode() -time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip().decode() +head = subprocess.check_output(("git", "rev-parse", "HEAD")).decode().strip() +time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).decode().strip() commits = dict((path, hash) for hash, path, branch in (line.decode().split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines())) sha256 = {} @@ -25,20 +26,18 @@ for fn in args.firmware: sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest() tar.add(fn, os.path.basename(fn)) -with tempfile.NamedTemporaryFile() as f: +manifest = json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2, sort_keys = True) + +if os.path.isdir(os.getenv("GNUPGHOME", "")): + gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), + stdin = subprocess.PIPE, stdout = subprocess.PIPE, universal_newlines = True) + manifest = gpg.communicate(manifest)[0] + if gpg.returncode: + sys.exit("gpg failed") + +with tempfile.NamedTemporaryFile("w+") as f: os.fchmod(f.fileno(), 0o644) - use_gpg = os.path.isdir(os.getenv("GNUPGHOME", "")) - if use_gpg: - gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), - stdin = subprocess.PIPE, stdout = f) - jf = gpg.stdin - else: - jf = f - jf.write(json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2).encode()) - if use_gpg: - gpg.stdin.close() - if gpg.wait(): - raise subprocess.CalledProcessError(gpg.returncode, "gpg") + f.write(manifest) f.seek(0) tar.add(f.name, "MANIFEST") diff --git a/source/sw/libhal b/source/sw/libhal -Subproject aab1cf4d694b4d4fefa77f02b4c42d7683a2f43 +Subproject f120a263ec422739d201843a5979bfabdf41070 diff --git a/source/sw/pkcs11 b/source/sw/pkcs11 -Subproject 5936befa654ce79b2f9ee7cd4f3beb6489bac22 +Subproject bf8e254c435c972a7ab28700eab48a2b6ae79c5 diff --git a/source/sw/stm32 b/source/sw/stm32 -Subproject 52f72e1e5dc5d3b646b54363f811ee2fd7958c1 +Subproject b7e1cf46f7c88740732dea1d9885193567af2e7 |