From patchwork Wed Apr 27 13:46:13 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: James Westby X-Patchwork-Id: 1198 Return-Path: Delivered-To: unknown Received: from imap.gmail.com (74.125.159.109) by localhost6.localdomain6 with IMAP4-SSL; 08 Jun 2011 14:50:05 -0000 Delivered-To: patches@linaro.org Received: by 10.224.2.73 with SMTP id 9cs109525qai; Wed, 27 Apr 2011 06:46:14 -0700 (PDT) Received: by 10.227.140.159 with SMTP id i31mr2176077wbu.166.1303911974210; Wed, 27 Apr 2011 06:46:14 -0700 (PDT) Received: from adelie.canonical.com (adelie.canonical.com [91.189.90.139]) by mx.google.com with ESMTP id bc3si2209520wbb.138.2011.04.27.06.46.13; Wed, 27 Apr 2011 06:46:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of bounces@canonical.com designates 91.189.90.139 as permitted sender) client-ip=91.189.90.139; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of bounces@canonical.com designates 91.189.90.139 as permitted sender) smtp.mail=bounces@canonical.com Received: from loganberry.canonical.com ([91.189.90.37]) by adelie.canonical.com with esmtp (Exim 4.71 #1 (Debian)) id 1QF54H-0002sv-Ed for ; Wed, 27 Apr 2011 13:46:13 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 6978D2E8003 for ; Wed, 27 Apr 2011 13:46:13 +0000 (UTC) MIME-Version: 1.0 X-Launchpad-Project: linaro-image-tools X-Launchpad-Branch: ~linaro-maintainers/linaro-image-tools/trunk X-Launchpad-Message-Rationale: Subscriber X-Launchpad-Branch-Revision-Number: 329 X-Launchpad-Notification-Type: branch-revision To: Linaro Patch Tracker From: noreply@launchpad.net Subject: [Branch ~linaro-maintainers/linaro-image-tools/trunk] Rev 329: Optionally check signatures on hwpacks and images. Message-Id: <20110427134613.876.63108.launchpad@loganberry.canonical.com> Date: Wed, 27 Apr 2011 13:46:13 -0000 Reply-To: noreply@launchpad.net Sender: bounces@canonical.com Errors-To: bounces@canonical.com Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="12915"; Instance="initZopeless config overlay" X-Launchpad-Hash: 393406925d0dffb41253cb171561fa86ccc64f45 Merge authors: Mattias Backman (mabac) Related merge proposals: https://code.launchpad.net/~mabac/linaro-image-tools/bug-638384-hwpacks-signature/+merge/58648 proposed by: Mattias Backman (mabac) review: Approve - Loïc Minier (lool) ------------------------------------------------------------ revno: 329 [merge] committer: James Westby branch nick: trunk timestamp: Wed 2011-04-27 09:43:59 -0400 message: Optionally check signatures on hwpacks and images. modified: linaro-media-create linaro_image_tools/media_create/__init__.py --- lp:linaro-image-tools https://code.launchpad.net/~linaro-maintainers/linaro-image-tools/trunk You are subscribed to branch lp:linaro-image-tools. To unsubscribe from this branch go to https://code.launchpad.net/~linaro-maintainers/linaro-image-tools/trunk/+edit-subscription === modified file 'linaro-media-create' --- linaro-media-create 2011-04-04 13:17:56 +0000 +++ linaro-media-create 2011-04-27 11:49:00 +0000 @@ -77,7 +77,7 @@ def ensure_required_commands(args): """Ensure we have the commands that we know are going to be used.""" required_commands = [ - 'mkfs.vfat', 'sfdisk', 'mkimage', 'parted'] + 'mkfs.vfat', 'sfdisk', 'mkimage', 'parted', 'gpg', 'sha1sum'] if not is_arm_host(): required_commands.append('qemu-arm-static') required_commands.append('qemu-img') @@ -104,6 +104,18 @@ ensure_required_commands(args) + sig_file_list = args.hwpacksigs[:] + if args.binarysig is not None: + sig_file_list.append(args.binarysig) + for sig_file in sig_file_list: + hash_file = sig_file[0:-len('.asc')] + if cmd_runner.run(['gpg', '--verify', sig_file]).wait() != 0: + print "Could not verify hash file signature %s." % sig_file + sys.exit(1) + if cmd_runner.run(['sha1sum', '-c', hash_file]).wait() != 0: + print "Could not verify hash in file %s." % hash_file + sys.exit(1) + media = Media(args.device) if media.is_block_device: if not confirm_device_selection_and_ensure_it_is_ready(args.device): === modified file 'linaro_image_tools/media_create/__init__.py' --- linaro_image_tools/media_create/__init__.py 2011-04-18 09:00:33 +0000 +++ linaro_image_tools/media_create/__init__.py 2011-04-27 13:43:59 +0000 @@ -88,6 +88,11 @@ help=('A hardware pack that should be installed in the rootfs; this ' 'parameter can be defined multiple times.')) parser.add_argument( + '--hwpack-sig', action='append', dest='hwpacksigs', required=False, + default=[], + help=('Signature file for verifying a hwpack; this ' + 'parameter can be defined multiple times.')) + parser.add_argument( '--hwpack-force-yes', action='store_true', help='Pass --force-yes to linaro-hwpack-install') parser.add_argument( @@ -99,6 +104,9 @@ help=('The tarball containing the rootfs used to create the bootable ' 'system.')) parser.add_argument( + '--binary-sig', dest='binarysig', required=False, + help=('Signature file used for verifying the binary tarball.')) + parser.add_argument( '--no-rootfs', dest='should_format_rootfs', action='store_false', help='Do not deploy the root filesystem.') parser.add_argument(