From 4d6f6ceebcb0422bfcf3443e7f4eb7a9eb1e4338 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 13 Jul 2020 00:36:11 -0400 Subject: Still more fun building packages with Python 3 --- .gitignore | 7 +++++-- Makefile | 1 + scripts/build-firmware-package.py | 29 ++++++++++++++--------------- source/sw/libhal | 2 +- source/sw/pkcs11 | 2 +- source/sw/stm32 | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index c09a26f..2c60a18 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,15 @@ -.pbuilder-sell-by-date build +build.log cryptech-alpha*.dsc -cryptech-alpha*.tar.xz cryptech-alpha*_source.build +cryptech-alpha*_source.buildinfo cryptech-alpha*_source.changes +cryptech-alpha*.tar.xz +.pbuilder-sell-by-date screenlog.* source/cryptech-alpha-firmware.tar.gz source/cryptech_version.py* source/debian/changelog source/debian/control +source/debian/files tap diff --git a/Makefile b/Makefile index 9afede5..fcbd30c 100644 --- a/Makefile +++ b/Makefile @@ -85,6 +85,7 @@ shadow: ./scripts/build-shadow-tree.py ${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER} + rm -f $@ fakeroot ./scripts/build-firmware-package.py $@ $^ bitstream: ${BITSTREAM} diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py index 4f078f4..6ce49ab 100755 --- a/scripts/build-firmware-package.py +++ b/scripts/build-firmware-package.py @@ -6,6 +6,7 @@ import argparse import hashlib import tarfile import json +import sys import os parser = argparse.ArgumentParser() @@ -14,8 +15,8 @@ parser.add_argument("firmware", nargs = "+", help = "firmware args = parser.parse_args() tar = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz") -head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip().decode() -time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip().decode() +head = subprocess.check_output(("git", "rev-parse", "HEAD")).decode().strip() +time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).decode().strip() commits = dict((path, hash) for hash, path, branch in (line.decode().split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines())) sha256 = {} @@ -25,20 +26,18 @@ for fn in args.firmware: sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest() tar.add(fn, os.path.basename(fn)) -with tempfile.NamedTemporaryFile() as f: +manifest = json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2, sort_keys = True) + +if os.path.isdir(os.getenv("GNUPGHOME", "")): + gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), + stdin = subprocess.PIPE, stdout = subprocess.PIPE, universal_newlines = True) + manifest = gpg.communicate(manifest)[0] + if gpg.returncode: + sys.exit("gpg failed") + +with tempfile.NamedTemporaryFile("w+") as f: os.fchmod(f.fileno(), 0o644) - use_gpg = os.path.isdir(os.getenv("GNUPGHOME", "")) - if use_gpg: - gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), - stdin = subprocess.PIPE, stdout = f) - jf = gpg.stdin - else: - jf = f - jf.write(json.dumps(dict(head = head, time = time, commits = commits, sha256 = sha256), indent = 2).encode()) - if use_gpg: - gpg.stdin.close() - if gpg.wait(): - raise subprocess.CalledProcessError(gpg.returncode, "gpg") + f.write(manifest) f.seek(0) tar.add(f.name, "MANIFEST") diff --git a/source/sw/libhal b/source/sw/libhal index aab1cf4..f120a26 160000 --- a/source/sw/libhal +++ b/source/sw/libhal @@ -1 +1 @@ -Subproject commit aab1cf4d694b4d4fefa77f02b4c42d7683a2f43f +Subproject commit f120a263ec422739d201843a5979bfabdf410708 diff --git a/source/sw/pkcs11 b/source/sw/pkcs11 index 5936bef..bf8e254 160000 --- a/source/sw/pkcs11 +++ b/source/sw/pkcs11 @@ -1 +1 @@ -Subproject commit 5936befa654ce79b2f9ee7cd4f3beb6489bac227 +Subproject commit bf8e254c435c972a7ab28700eab48a2b6ae79c57 diff --git a/source/sw/stm32 b/source/sw/stm32 index 52f72e1..b7e1cf4 160000 --- a/source/sw/stm32 +++ b/source/sw/stm32 @@ -1 +1 @@ -Subproject commit 52f72e1e5dc5d3b646b54363f811ee2fd7958c19 +Subproject commit b7e1cf46f7c88740732dea1d9885193567af2e78 -- cgit v1.2.3