[Branch,~linaro-maintainers/linaro-image-tools/trunk] Rev 329: Optionally check signatures on hwpacks and images.

Message ID 20110427134613.876.63108.launchpad@loganberry.canonical.com
State Accepted
Headers show

Commit Message

James Westby April 27, 2011, 1:46 p.m.
Merge authors:
  Mattias Backman (mabac)
Related merge proposals:
  https://code.launchpad.net/~mabac/linaro-image-tools/bug-638384-hwpacks-signature/+merge/58648
  proposed by: Mattias Backman (mabac)
  review: Approve - Loïc Minier (lool)
------------------------------------------------------------
revno: 329 [merge]
committer: James Westby <james.westby@linaro.org>
branch nick: trunk
timestamp: Wed 2011-04-27 09:43:59 -0400
message:
  Optionally check signatures on hwpacks and images.
modified:
  linaro-media-create
  linaro_image_tools/media_create/__init__.py


--
lp:linaro-image-tools
https://code.launchpad.net/~linaro-maintainers/linaro-image-tools/trunk

You are subscribed to branch lp:linaro-image-tools.
To unsubscribe from this branch go to https://code.launchpad.net/~linaro-maintainers/linaro-image-tools/trunk/+edit-subscription

Patch

=== modified file 'linaro-media-create'
--- linaro-media-create	2011-04-04 13:17:56 +0000
+++ linaro-media-create	2011-04-27 11:49:00 +0000
@@ -77,7 +77,7 @@ 
 def ensure_required_commands(args):
     """Ensure we have the commands that we know are going to be used."""
     required_commands = [
-        'mkfs.vfat', 'sfdisk', 'mkimage', 'parted']
+        'mkfs.vfat', 'sfdisk', 'mkimage', 'parted', 'gpg', 'sha1sum']
     if not is_arm_host():
         required_commands.append('qemu-arm-static')
         required_commands.append('qemu-img')
@@ -104,6 +104,18 @@ 
 
     ensure_required_commands(args)
 
+    sig_file_list = args.hwpacksigs[:]
+    if args.binarysig is not None:
+        sig_file_list.append(args.binarysig)
+    for sig_file in sig_file_list:
+        hash_file = sig_file[0:-len('.asc')]
+        if cmd_runner.run(['gpg', '--verify', sig_file]).wait() != 0:
+            print "Could not verify hash file signature %s." % sig_file
+            sys.exit(1)
+        if cmd_runner.run(['sha1sum', '-c', hash_file]).wait() != 0:
+            print "Could not verify hash in file %s." % hash_file
+            sys.exit(1)
+
     media = Media(args.device)
     if media.is_block_device:
         if not confirm_device_selection_and_ensure_it_is_ready(args.device):

=== modified file 'linaro_image_tools/media_create/__init__.py'
--- linaro_image_tools/media_create/__init__.py	2011-04-18 09:00:33 +0000
+++ linaro_image_tools/media_create/__init__.py	2011-04-27 13:43:59 +0000
@@ -88,6 +88,11 @@ 
         help=('A hardware pack that should be installed in the rootfs; this '
               'parameter can be defined multiple times.'))
     parser.add_argument(
+        '--hwpack-sig', action='append', dest='hwpacksigs', required=False,
+        default=[],
+        help=('Signature file for verifying a hwpack; this '
+              'parameter can be defined multiple times.'))
+    parser.add_argument(
         '--hwpack-force-yes', action='store_true',
         help='Pass --force-yes to linaro-hwpack-install')
     parser.add_argument(
@@ -99,6 +104,9 @@ 
         help=('The tarball containing the rootfs used to create the bootable '
               'system.'))
     parser.add_argument(
+        '--binary-sig', dest='binarysig', required=False,
+        help=('Signature file used for verifying the binary tarball.'))
+    parser.add_argument(
         '--no-rootfs', dest='should_format_rootfs', action='store_false',
         help='Do not deploy the root filesystem.')
     parser.add_argument(