diff options
| -rw-r--r-- | .gitignore | 7 | ||||
| -rw-r--r-- | Makefile | 1 | ||||
| -rwxr-xr-x | scripts/build-debian-control-files.py | 16 | ||||
| -rwxr-xr-x | scripts/build-firmware-package.py | 40 | ||||
| -rwxr-xr-x | scripts/build-homebrew-formula.py | 39 | ||||
| -rwxr-xr-x | scripts/build-shadow-tree.py | 2 | ||||
| -rw-r--r-- | source/Makefile | 3 | ||||
| m--------- | source/core/hash/sha1 | 0 | ||||
| -rwxr-xr-x | source/debian/rules | 2 | ||||
| m--------- | source/sw/libhal | 0 | ||||
| m--------- | source/sw/pkcs11 | 0 | ||||
| m--------- | source/sw/stm32 | 0 |
12 files changed, 56 insertions, 54 deletions
@@ -1,12 +1,15 @@ -.pbuilder-sell-by-date build +build.log cryptech-alpha*.dsc -cryptech-alpha*.tar.xz cryptech-alpha*_source.build +cryptech-alpha*_source.buildinfo cryptech-alpha*_source.changes +cryptech-alpha*.tar.xz +.pbuilder-sell-by-date screenlog.* source/cryptech-alpha-firmware.tar.gz source/cryptech_version.py* source/debian/changelog source/debian/control +source/debian/files tap @@ -85,6 +85,7 @@ shadow: ./scripts/build-shadow-tree.py ${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER} + rm -f $@ fakeroot ./scripts/build-firmware-package.py $@ $^ bitstream: ${BITSTREAM} diff --git a/scripts/build-debian-control-files.py b/scripts/build-debian-control-files.py index 9817248..46958ea 100755 --- a/scripts/build-debian-control-files.py +++ b/scripts/build-debian-control-files.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 import subprocess import argparse @@ -25,18 +25,18 @@ Priority: optional Standards-Version: 3.9.6 Build-Depends: debhelper (>= 9), dh-python, - python (>= 2.7), - python-yaml + python3-yaml, + python3 Homepage: http://trac.cryptech.is/wiki Package: {args.package} Architecture: any -Depends: python, - python-serial (>= 3.0), - python-tornado (>= 4.0), - python-crypto, +Depends: python3, + python3-serial (>= 3.0), + python3-tornado (>= 4.0), + python3-crypto, ${{misc:Depends}}, - ${{python:Depends}}, + ${{python3:Depends}}, ${{shlibs:Depends}} {conflicts}\ Description: Cryptech Project open-source cryptographic software and firmware. diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py index 9a58970..b36b55e 100755 --- a/scripts/build-firmware-package.py +++ b/scripts/build-firmware-package.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 import subprocess import tempfile @@ -6,18 +6,25 @@ import argparse import hashlib import tarfile import json +import sys import os +def run(*args, **kwargs): + kwargs.update(stdout = subprocess.PIPE, universal_newlines = True, check = True) + return subprocess.run(args, **kwargs) + parser = argparse.ArgumentParser() parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create") parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball") args = parser.parse_args() tar = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz") -head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip() -time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip() -commits = dict((path, hash) for hash, path, branch in - (line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines())) +head = run("git", "rev-parse", "HEAD").stdout.strip() +time = run("git", "show", "-s", "--format=%ct", "HEAD").stdout.strip() +commits = { path: hash + for hash, path, branch in ( + line.split() + for line in run("git", "submodule", "status").stdout.splitlines() ) } sha256 = {} for fn in args.firmware: @@ -25,20 +32,15 @@ for fn in args.firmware: sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest() tar.add(fn, os.path.basename(fn)) -with tempfile.NamedTemporaryFile() as f: - os.fchmod(f.fileno(), 0644) - use_gpg = os.path.isdir(os.getenv("GNUPGHOME", "")) - if use_gpg: - gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), - stdin = subprocess.PIPE, stdout = f) - jf = gpg.stdin - else: - jf = f - json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), jf, indent = 2) - if use_gpg: - gpg.stdin.close() - if gpg.wait(): - raise subprocess.CalledProcessError(gpg.returncode, "gpg") +manifest = json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2, sort_keys = True) + +if os.path.isdir(os.getenv("GNUPGHOME", "")): + manifest = run("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning", + input = manifest).stdout + +with tempfile.NamedTemporaryFile("w+") as f: + os.fchmod(f.fileno(), 0o644) + f.write(manifest) f.seek(0) tar.add(f.name, "MANIFEST") diff --git a/scripts/build-homebrew-formula.py b/scripts/build-homebrew-formula.py index 54cdcae..56987c4 100755 --- a/scripts/build-homebrew-formula.py +++ b/scripts/build-homebrew-formula.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # Yes, this is a Python program writing a Ruby program. @@ -32,7 +32,7 @@ template = '''\ # code, however, is what Homebrew considers "bindings", so we install # those where user scripts as well as our own can find them...then we # add a symlink so that our scripts can find our bindings regardless -# of which copy of Python 2.7 Homebrew decides we should use this week. +# of which copy of Python Homebrew decides we should use this week. # # We have to build our own software before installing our Python code, # because at least one of the Python modules we install @@ -54,16 +54,18 @@ class {classname} < Formula url "{url}" sha256 "{sha256}" + depends_on "python@3.8" + {conflicts} resource "pyserial" do - url "https://pypi.python.org/packages/3c/d8/a9fa247ca60b02b3bebbd61766b4f321393b57b13c53b18f6f62cf172c08/pyserial-3.1.1.tar.gz" - sha256 "d657051249ce3cbd0446bcfb2be07a435e1029da4d63f53ed9b4cdde7373364c" + url "https://files.pythonhosted.org/packages/cc/74/11b04703ec416717b247d789103277269d567db575d2fd88f25d9767fe3d/pyserial-3.4.tar.gz" + sha256 "6e2d401fdee0eab996cf734e67773a0143b932772ca8b42451440cfed942c627" end resource "PyYAML" do - url "http://pyyaml.org/download/pyyaml/PyYAML-3.11.tar.gz" - sha256 "c36c938a872e5ff494938b33b14aaa156cb439ec67548fcab3535bb78b0846e8" + url "http://pyyaml.org/download/pyyaml/PyYAML-5.3.1.tar.gz" + sha256 "b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d" end resource "tornado" do @@ -71,16 +73,6 @@ class {classname} < Formula sha256 "f267acc96d5cf3df0fd8a7bfb5a91c2eb4ec81d5962d1a7386ceb34c655634a8" end - resource "singledispatch" do - url "https://pypi.python.org/packages/source/s/singledispatch/singledispatch-3.4.0.3.tar.gz" - sha256 "5b06af87df13818d14f08a028e42f566640aef80805c3b50c5056b086e3c2b9c" - end - - resource "backports_abc" do - url "https://files.pythonhosted.org/packages/source/b/backports_abc/backports_abc-0.5.tar.gz" - sha256 "033be54514a03e255df75c5aee8f9e672f663f93abb723444caec8fe43437bde" - end - resource "pycrypto" do url "https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz" sha256 "f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c" @@ -88,11 +80,14 @@ class {classname} < Formula def install - ENV.prepend_create_path "PYTHONPATH", libexec/"vendor/lib/python2.7/site-packages" + xy = Language::Python.major_minor_version "python3" + + ENV.prepend_create_path "PYTHONPATH", libexec/"vendor/lib/python#{{xy}}/site-packages" resources.each do |r| + ohai "Building resource #{{r.url}}" r.stage do - system "python", *Language::Python.setup_install_args(libexec/"vendor") + system "python3", *Language::Python.setup_install_args(libexec/"vendor") end end @@ -100,10 +95,10 @@ class {classname} < Formula ENV.deparallelize system "make", "-C", "sw/pkcs11" - system "python", *Language::Python.setup_install_args(prefix) + system "python3", *Language::Python.setup_install_args(prefix) bin.env_script_all_files(libexec/"bin", :PYTHONPATH => ENV["PYTHONPATH"]) - ln_s lib/"python2.7/site-packages/cryptech", libexec/"vendor/lib/python2.7/site-packages/cryptech" + ln_s lib/"python#{{xy}}/site-packages/cryptech", libexec/"vendor/lib/python#{{xy}}/site-packages/cryptech" share.install "cryptech-alpha-firmware.tar.gz" lib.install "sw/pkcs11/libcryptech-pkcs11.dylib" @@ -118,8 +113,8 @@ with open(args.tarball, "rb") as f: classname = "".join(word.capitalize() for word in args.package.split("-")) -conflicts = "".join(" conflicts_with \"{}\", :because => \"HSM firmware and PKCS #11 library must match\"\n".format(conflict) - for conflict in args.conflicts.split()) +conflicts = "\n".join(" conflicts_with \"{}\", :because => \"HSM firmware and PKCS #11 library must match\"".format(conflict) + for conflict in args.conflicts.split()) url = os.path.join(args.url_base, os.path.basename(args.tarball)) diff --git a/scripts/build-shadow-tree.py b/scripts/build-shadow-tree.py index 378797f..0f3a4a1 100755 --- a/scripts/build-shadow-tree.py +++ b/scripts/build-shadow-tree.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # Create a symlink build tree like the old X11 project "lndir" program. # diff --git a/source/Makefile b/source/Makefile index 5095766..0e1f613 100644 --- a/source/Makefile +++ b/source/Makefile @@ -22,4 +22,5 @@ install: all install -D -m 644 cryptech-alpha-firmware.tar.gz ${DESTDIR}/usr/share/cryptech-alpha-firmware.tar.gz install -D -m 644 sw/pkcs11/libcryptech-pkcs11.so ${DESTDIR}/usr/lib/libcryptech-pkcs11.so ln -s libcryptech-pkcs11.so ${DESTDIR}/usr/lib/libcryptech-pkcs11.so.0 - python setup.py install --install-layout=deb --root=${DESTDIR} + python3 setup.py install --install-layout=deb --root=${DESTDIR} + find ${DESTDIR} -type d -name __pycache__ -exec rm -rf {} + diff --git a/source/core/hash/sha1 b/source/core/hash/sha1 -Subproject d3564a0907fe14b92ab02e4da2d9f733bc32e34 +Subproject a4085c16e207ebfda27e4589b3a7641b0b6ea62 diff --git a/source/debian/rules b/source/debian/rules index a0c3a65..607ba42 100755 --- a/source/debian/rules +++ b/source/debian/rules @@ -19,7 +19,7 @@ include /usr/share/dpkg/default.mk include /usr/share/dpkg/pkg-info.mk %: - dh $@ --with python2 + dh $@ --with python3 # Distinct binary package versions for a single source package built # on multiple releases, to keep reprepro happy. See: diff --git a/source/sw/libhal b/source/sw/libhal -Subproject aab1cf4d694b4d4fefa77f02b4c42d7683a2f43 +Subproject 6212a592c52372080c7c5035c6a2513dcb50cf6 diff --git a/source/sw/pkcs11 b/source/sw/pkcs11 -Subproject 5936befa654ce79b2f9ee7cd4f3beb6489bac22 +Subproject b424b2af8b3e5097eb7e829d2a728a1720d5d0b diff --git a/source/sw/stm32 b/source/sw/stm32 -Subproject 52f72e1e5dc5d3b646b54363f811ee2fd7958c1 +Subproject 314ba09b1447ec20c7ffad587691c83b965e740 |