aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore7
-rw-r--r--Makefile1
-rwxr-xr-xscripts/build-debian-control-files.py16
-rwxr-xr-xscripts/build-firmware-package.py40
-rwxr-xr-xscripts/build-homebrew-formula.py39
-rwxr-xr-xscripts/build-shadow-tree.py2
-rw-r--r--source/Makefile3
m---------source/core/hash/sha10
-rwxr-xr-xsource/debian/rules2
m---------source/sw/libhal0
m---------source/sw/pkcs110
m---------source/sw/stm320
12 files changed, 56 insertions, 54 deletions
diff --git a/.gitignore b/.gitignore
index c09a26f..2c60a18 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,15 @@
-.pbuilder-sell-by-date
build
+build.log
cryptech-alpha*.dsc
-cryptech-alpha*.tar.xz
cryptech-alpha*_source.build
+cryptech-alpha*_source.buildinfo
cryptech-alpha*_source.changes
+cryptech-alpha*.tar.xz
+.pbuilder-sell-by-date
screenlog.*
source/cryptech-alpha-firmware.tar.gz
source/cryptech_version.py*
source/debian/changelog
source/debian/control
+source/debian/files
tap
diff --git a/Makefile b/Makefile
index 9afede5..fcbd30c 100644
--- a/Makefile
+++ b/Makefile
@@ -85,6 +85,7 @@ shadow:
./scripts/build-shadow-tree.py
${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
+ rm -f $@
fakeroot ./scripts/build-firmware-package.py $@ $^
bitstream: ${BITSTREAM}
diff --git a/scripts/build-debian-control-files.py b/scripts/build-debian-control-files.py
index 9817248..46958ea 100755
--- a/scripts/build-debian-control-files.py
+++ b/scripts/build-debian-control-files.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
import subprocess
import argparse
@@ -25,18 +25,18 @@ Priority: optional
Standards-Version: 3.9.6
Build-Depends: debhelper (>= 9),
dh-python,
- python (>= 2.7),
- python-yaml
+ python3-yaml,
+ python3
Homepage: http://trac.cryptech.is/wiki
Package: {args.package}
Architecture: any
-Depends: python,
- python-serial (>= 3.0),
- python-tornado (>= 4.0),
- python-crypto,
+Depends: python3,
+ python3-serial (>= 3.0),
+ python3-tornado (>= 4.0),
+ python3-crypto,
${{misc:Depends}},
- ${{python:Depends}},
+ ${{python3:Depends}},
${{shlibs:Depends}}
{conflicts}\
Description: Cryptech Project open-source cryptographic software and firmware.
diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py
index 9a58970..b36b55e 100755
--- a/scripts/build-firmware-package.py
+++ b/scripts/build-firmware-package.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
import subprocess
import tempfile
@@ -6,18 +6,25 @@ import argparse
import hashlib
import tarfile
import json
+import sys
import os
+def run(*args, **kwargs):
+ kwargs.update(stdout = subprocess.PIPE, universal_newlines = True, check = True)
+ return subprocess.run(args, **kwargs)
+
parser = argparse.ArgumentParser()
parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create")
parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball")
args = parser.parse_args()
tar = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz")
-head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip()
-time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip()
-commits = dict((path, hash) for hash, path, branch in
- (line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()))
+head = run("git", "rev-parse", "HEAD").stdout.strip()
+time = run("git", "show", "-s", "--format=%ct", "HEAD").stdout.strip()
+commits = { path: hash
+ for hash, path, branch in (
+ line.split()
+ for line in run("git", "submodule", "status").stdout.splitlines() ) }
sha256 = {}
for fn in args.firmware:
@@ -25,20 +32,15 @@ for fn in args.firmware:
sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest()
tar.add(fn, os.path.basename(fn))
-with tempfile.NamedTemporaryFile() as f:
- os.fchmod(f.fileno(), 0644)
- use_gpg = os.path.isdir(os.getenv("GNUPGHOME", ""))
- if use_gpg:
- gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
- stdin = subprocess.PIPE, stdout = f)
- jf = gpg.stdin
- else:
- jf = f
- json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), jf, indent = 2)
- if use_gpg:
- gpg.stdin.close()
- if gpg.wait():
- raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+manifest = json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2, sort_keys = True)
+
+if os.path.isdir(os.getenv("GNUPGHOME", "")):
+ manifest = run("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning",
+ input = manifest).stdout
+
+with tempfile.NamedTemporaryFile("w+") as f:
+ os.fchmod(f.fileno(), 0o644)
+ f.write(manifest)
f.seek(0)
tar.add(f.name, "MANIFEST")
diff --git a/scripts/build-homebrew-formula.py b/scripts/build-homebrew-formula.py
index 54cdcae..56987c4 100755
--- a/scripts/build-homebrew-formula.py
+++ b/scripts/build-homebrew-formula.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
# Yes, this is a Python program writing a Ruby program.
@@ -32,7 +32,7 @@ template = '''\
# code, however, is what Homebrew considers "bindings", so we install
# those where user scripts as well as our own can find them...then we
# add a symlink so that our scripts can find our bindings regardless
-# of which copy of Python 2.7 Homebrew decides we should use this week.
+# of which copy of Python Homebrew decides we should use this week.
#
# We have to build our own software before installing our Python code,
# because at least one of the Python modules we install
@@ -54,16 +54,18 @@ class {classname} < Formula
url "{url}"
sha256 "{sha256}"
+ depends_on "python@3.8"
+
{conflicts}
resource "pyserial" do
- url "https://pypi.python.org/packages/3c/d8/a9fa247ca60b02b3bebbd61766b4f321393b57b13c53b18f6f62cf172c08/pyserial-3.1.1.tar.gz"
- sha256 "d657051249ce3cbd0446bcfb2be07a435e1029da4d63f53ed9b4cdde7373364c"
+ url "https://files.pythonhosted.org/packages/cc/74/11b04703ec416717b247d789103277269d567db575d2fd88f25d9767fe3d/pyserial-3.4.tar.gz"
+ sha256 "6e2d401fdee0eab996cf734e67773a0143b932772ca8b42451440cfed942c627"
end
resource "PyYAML" do
- url "http://pyyaml.org/download/pyyaml/PyYAML-3.11.tar.gz"
- sha256 "c36c938a872e5ff494938b33b14aaa156cb439ec67548fcab3535bb78b0846e8"
+ url "http://pyyaml.org/download/pyyaml/PyYAML-5.3.1.tar.gz"
+ sha256 "b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d"
end
resource "tornado" do
@@ -71,16 +73,6 @@ class {classname} < Formula
sha256 "f267acc96d5cf3df0fd8a7bfb5a91c2eb4ec81d5962d1a7386ceb34c655634a8"
end
- resource "singledispatch" do
- url "https://pypi.python.org/packages/source/s/singledispatch/singledispatch-3.4.0.3.tar.gz"
- sha256 "5b06af87df13818d14f08a028e42f566640aef80805c3b50c5056b086e3c2b9c"
- end
-
- resource "backports_abc" do
- url "https://files.pythonhosted.org/packages/source/b/backports_abc/backports_abc-0.5.tar.gz"
- sha256 "033be54514a03e255df75c5aee8f9e672f663f93abb723444caec8fe43437bde"
- end
-
resource "pycrypto" do
url "https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz"
sha256 "f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c"
@@ -88,11 +80,14 @@ class {classname} < Formula
def install
- ENV.prepend_create_path "PYTHONPATH", libexec/"vendor/lib/python2.7/site-packages"
+ xy = Language::Python.major_minor_version "python3"
+
+ ENV.prepend_create_path "PYTHONPATH", libexec/"vendor/lib/python#{{xy}}/site-packages"
resources.each do |r|
+ ohai "Building resource #{{r.url}}"
r.stage do
- system "python", *Language::Python.setup_install_args(libexec/"vendor")
+ system "python3", *Language::Python.setup_install_args(libexec/"vendor")
end
end
@@ -100,10 +95,10 @@ class {classname} < Formula
ENV.deparallelize
system "make", "-C", "sw/pkcs11"
- system "python", *Language::Python.setup_install_args(prefix)
+ system "python3", *Language::Python.setup_install_args(prefix)
bin.env_script_all_files(libexec/"bin", :PYTHONPATH => ENV["PYTHONPATH"])
- ln_s lib/"python2.7/site-packages/cryptech", libexec/"vendor/lib/python2.7/site-packages/cryptech"
+ ln_s lib/"python#{{xy}}/site-packages/cryptech", libexec/"vendor/lib/python#{{xy}}/site-packages/cryptech"
share.install "cryptech-alpha-firmware.tar.gz"
lib.install "sw/pkcs11/libcryptech-pkcs11.dylib"
@@ -118,8 +113,8 @@ with open(args.tarball, "rb") as f:
classname = "".join(word.capitalize() for word in args.package.split("-"))
-conflicts = "".join(" conflicts_with \"{}\", :because => \"HSM firmware and PKCS #11 library must match\"\n".format(conflict)
- for conflict in args.conflicts.split())
+conflicts = "\n".join(" conflicts_with \"{}\", :because => \"HSM firmware and PKCS #11 library must match\"".format(conflict)
+ for conflict in args.conflicts.split())
url = os.path.join(args.url_base, os.path.basename(args.tarball))
diff --git a/scripts/build-shadow-tree.py b/scripts/build-shadow-tree.py
index 378797f..0f3a4a1 100755
--- a/scripts/build-shadow-tree.py
+++ b/scripts/build-shadow-tree.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
# Create a symlink build tree like the old X11 project "lndir" program.
#
diff --git a/source/Makefile b/source/Makefile
index 5095766..0e1f613 100644
--- a/source/Makefile
+++ b/source/Makefile
@@ -22,4 +22,5 @@ install: all
install -D -m 644 cryptech-alpha-firmware.tar.gz ${DESTDIR}/usr/share/cryptech-alpha-firmware.tar.gz
install -D -m 644 sw/pkcs11/libcryptech-pkcs11.so ${DESTDIR}/usr/lib/libcryptech-pkcs11.so
ln -s libcryptech-pkcs11.so ${DESTDIR}/usr/lib/libcryptech-pkcs11.so.0
- python setup.py install --install-layout=deb --root=${DESTDIR}
+ python3 setup.py install --install-layout=deb --root=${DESTDIR}
+ find ${DESTDIR} -type d -name __pycache__ -exec rm -rf {} +
diff --git a/source/core/hash/sha1 b/source/core/hash/sha1
-Subproject d3564a0907fe14b92ab02e4da2d9f733bc32e34
+Subproject a4085c16e207ebfda27e4589b3a7641b0b6ea62
diff --git a/source/debian/rules b/source/debian/rules
index a0c3a65..607ba42 100755
--- a/source/debian/rules
+++ b/source/debian/rules
@@ -19,7 +19,7 @@ include /usr/share/dpkg/default.mk
include /usr/share/dpkg/pkg-info.mk
%:
- dh $@ --with python2
+ dh $@ --with python3
# Distinct binary package versions for a single source package built
# on multiple releases, to keep reprepro happy. See:
diff --git a/source/sw/libhal b/source/sw/libhal
-Subproject aab1cf4d694b4d4fefa77f02b4c42d7683a2f43
+Subproject 6212a592c52372080c7c5035c6a2513dcb50cf6
diff --git a/source/sw/pkcs11 b/source/sw/pkcs11
-Subproject 5936befa654ce79b2f9ee7cd4f3beb6489bac22
+Subproject b424b2af8b3e5097eb7e829d2a728a1720d5d0b
diff --git a/source/sw/stm32 b/source/sw/stm32
-Subproject 52f72e1e5dc5d3b646b54363f811ee2fd7958c1
+Subproject 314ba09b1447ec20c7ffad587691c83b965e740