def test_valid_zipfile(self):
imz = InMemoryZip()
imz.append('DriverPackage\\firmware.bin', _get_valid_firmware())
imz.append('DriverPackage\\firmware.metainfo.xml', _get_valid_metainfo())
ufile = UploadedFile()
ufile.parse('foo.zip', imz.read())
arc2 = ufile.get_repacked_cabinet()
self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.bin'))
self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.metainfo.xml'))
def test_valid_path_back(self):
arc = GCab.Cabinet.new()
_archive_add(arc, 'DriverPackage\\firmware.bin', _get_valid_firmware())
_archive_add(arc, 'DriverPackage\\firmware.metainfo.xml', _get_valid_metainfo())
ufile = UploadedFile()
ufile.parse('foo.cab', _archive_to_contents(arc))
arc2 = ufile.get_repacked_cabinet()
self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.bin'))
self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.metainfo.xml'))
def test_extra_files(self):
arc = GCab.Cabinet.new()
_archive_add(arc, 'firmware.bin', _get_valid_firmware())
_archive_add(arc, 'firmware.metainfo.xml', _get_valid_metainfo())
_archive_add(arc, 'README.txt', 'fubar')
ufile = UploadedFile()
ufile.parse('foo.cab', _archive_to_contents(arc))
arc2 = ufile.get_repacked_cabinet()
self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.bin'))
self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.metainfo.xml'))
self.assertFalse(_archive_get_files_from_glob(arc2, 'README.txt'))
def archive_finalize(self, arc, metadata):
# get settings
settings = _get_settings('info_readme')
if settings['info_readme_enable'] != 'enabled':
return None
if not settings['info_readme_filename']:
raise PluginError('No filename set')
if not settings['info_readme_template']:
raise PluginError('No template set')
# does the readme file already exist?
if _archive_get_files_from_glob(arc, settings['info_readme_filename']):
print("archive already has %s" % settings['info_readme_filename'])
return
# read in the file and do substititons
try:
template = open(settings['info_readme_template'], 'rb').read()
except IOError as e:
raise PluginError(e)
for key in metadata:
template = template.replace(key, metadata[key])
# add it to the archive
_archive_add(arc, settings['info_readme_filename'],
template.encode('utf-8'))
def _sign_md(cfarchive, cf):
# parse each metainfo file
try:
component = AppStreamGlib.App.new()
component.parse_data(cf.get_bytes(), AppStreamGlib.AppParseFlags.NONE)
except Exception as e:
raise NotImplementedError('Invalid metadata in %s: %s' %
(cf.get_name(), str(e)))
# sign each firmware
release = component.get_release_default()
csum = release.get_checksum_by_target(AppStreamGlib.ChecksumTarget.CONTENT)
if not csum:
csum = AppStreamGlib.Checksum.new()
csum.set_filename('firmware.bin')
# get the filename including the correct dirname
fn = os.path.join(_get_dirname_safe(cf.get_name()), csum.get_filename())
cfs = _archive_get_files_from_glob(cfarchive, fn)
if not cfs:
raise NotImplementedError('no %s firmware found in %s' %
(fn, cf.get_name()))
# sign the firmware.bin file
ploader.archive_sign(cfarchive, cfs[0])
def archive_sign(self, arc, firmware_cff):
# already signed
detached_fn = _get_basename_safe(firmware_cff.get_name() + '.p7b')
if _archive_get_files_from_glob(arc, detached_fn):
return
# create the detached signature
blob = firmware_cff.get_bytes().get_data()
blob_p7b = self._sign_blob(blob)
if not blob_p7b:
return
# add it to the archive
_archive_add(arc, detached_fn, blob_p7b.encode('utf-8'))
def archive_sign(self, arc, firmware_cff):
# plugin not enabled
settings = _get_settings('sign_sigul')
if settings['sign_sigul_enable'] != 'enabled':
return
# already signed
detached_fn = _get_basename_safe(firmware_cff.get_name() + '.asc')
if _archive_get_files_from_glob(arc, detached_fn):
return
# create the detached signature
blob_asc = _sigul_detached_sign_data(firmware_cff.get_bytes().get_data(),
settings['sign_sigul_config_file'],
settings['sign_sigul_firmware_key'])
# add it to the archive
_archive_add(arc, detached_fn, blob_asc.encode('utf-8'))
def _sign_fw(fw):
# load the .cab file
download_dir = app.config['DOWNLOAD_DIR']
fn = os.path.join(download_dir, fw.filename)
try:
data = open(fn, 'rb').read()
except IOError as e:
raise NotImplementedError('cannot read %s: %s' % (fn, str(e)))
istream = Gio.MemoryInputStream.new_from_bytes(GLib.Bytes.new(data))
cfarchive = GCab.Cabinet.new()
cfarchive.load(istream)
cfarchive.extract(None)
# look for each metainfo file
cfs = _archive_get_files_from_glob(cfarchive, '*.metainfo.xml')
if len(cfs) == 0:
raise NotImplementedError('no .metadata.xml files in %s' % fn)
# parse each MetaInfo file
print('Signing: %s' % fn)
for cf in cfs:
_sign_md(cfarchive, cf)
# save the new archive
ostream = Gio.MemoryOutputStream.new_resizable()
cfarchive.write_simple(ostream)
cab_data = Gio.MemoryOutputStream.steal_as_bytes(ostream).get_data()
# overwrite old file
open(fn, 'wb').write(cab_data)
# inform the plugin loader
ploader.file_modified(fn)
# update the database
fw.checksum_signed = hashlib.sha1(cab_data).hexdigest()
fw.signed_timestamp = datetime.datetime.utcnow()
db.session.commit()
def archive_sign(self, arc, firmware_cff):
# plugin not enabled
settings = _get_settings('sign_gpg')
if settings['sign_gpg_enable'] != 'enabled':
return
# already signed
detached_fn = _get_basename_safe(firmware_cff.get_name() + '.asc')
if _archive_get_files_from_glob(arc, detached_fn):
return
# create the detached signature
if not settings['sign_gpg_keyring_dir']:
raise PluginError('No keyring directory set')
if not settings['sign_gpg_firmware_uid']:
raise PluginError('No firmware signing UID set')
affidavit = Affidavit(settings['sign_gpg_firmware_uid'],
settings['sign_gpg_keyring_dir'])
contents = firmware_cff.get_bytes().get_data()
contents_asc = affidavit.create(contents)
# add it to the archive
_archive_add(arc, detached_fn, contents_asc.encode('utf-8'))
