aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore7
-rw-r--r--Makefile1
-rwxr-xr-xscripts/build-firmware-package.py29
m---------source/sw/libhal0
m---------source/sw/pkcs110
m---------source/sw/stm320
6 files changed, 20 insertions, 17 deletions
diff --git a/.gitignore b/.gitignore
index c09a26f..2c60a18 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,15 @@
-.pbuilder-sell-by-date
build
+build.log
cryptech-alpha*.dsc
-cryptech-alpha*.tar.xz
cryptech-alpha*_source.build
+cryptech-alpha*_source.buildinfo
cryptech-alpha*_source.changes
+cryptech-alpha*.tar.xz
+.pbuilder-sell-by-date
screenlog.*
source/cryptech-alpha-firmware.tar.gz
source/cryptech_version.py*
source/debian/changelog
source/debian/control
+source/debian/files
tap
diff --git a/Makefile b/Makefile
index 9afede5..fcbd30c 100644
--- a/Makefile
+++ b/Makefile
@@ -85,6 +85,7 @@ shadow:
./scripts/build-shadow-tree.py
${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
+ rm -f $@
fakeroot ./scripts/build-firmware-package.py $@ $^
bitstream: ${BITSTREAM}
diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py
index 4f078f4..6ce49ab 100755
--- a/scripts/build-firmware-package.py
+++ b/scripts/build-firmware-package.py
@@ -6,6 +6,7 @@ import argparse
import hashlib
import tarfile
import json
+import sys
import os
parser = argparse.ArgumentParser()
@@ -14,8 +15,8 @@ parser.add_argument("firmware", nargs = "+", help = "firmware
args = parser.parse_args()
tar = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz")
-head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip().decode()
-time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip().decode()
+head = subprocess.check_output(("git", "rev-parse", "HEAD")).decode().strip()
+time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).decode().strip()
commits = dict((path, hash) for hash, path, branch in
(line.decode().split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()))
sha256 = {}
@@ -25,20 +26,18 @@ for fn in args.firmware:
sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest()
tar.add(fn, os.path.basename(fn))
-with tempfile.NamedTemporaryFile() as f:
+manifest = json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2, sort_keys = True)
+
+if os.path.isdir(os.getenv("GNUPGHOME", "")):
+ gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
+ stdin = subprocess.PIPE, stdout = subprocess.PIPE, universal_newlines = True)
+ manifest = gpg.communicate(manifest)[0]
+ if gpg.returncode:
+ sys.exit("gpg failed")
+
+with tempfile.NamedTemporaryFile("w+") as f:
os.fchmod(f.fileno(), 0o644)
- use_gpg = os.path.isdir(os.getenv("GNUPGHOME", ""))
- if use_gpg:
- gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
- stdin = subprocess.PIPE, stdout = f)
- jf = gpg.stdin
- else:
- jf = f
- jf.write(json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2).encode())
- if use_gpg:
- gpg.stdin.close()
- if gpg.wait():
- raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+ f.write(manifest)
f.seek(0)
tar.add(f.name, "MANIFEST")
diff --git a/source/sw/libhal b/source/sw/libhal
-Subproject aab1cf4d694b4d4fefa77f02b4c42d7683a2f43
+Subproject f120a263ec422739d201843a5979bfabdf41070
diff --git a/source/sw/pkcs11 b/source/sw/pkcs11
-Subproject 5936befa654ce79b2f9ee7cd4f3beb6489bac22
+Subproject bf8e254c435c972a7ab28700eab48a2b6ae79c5
diff --git a/source/sw/stm32 b/source/sw/stm32
-Subproject 52f72e1e5dc5d3b646b54363f811ee2fd7958c1
+Subproject b7e1cf46f7c88740732dea1d9885193567af2e7