def test_valid_zipfile(self): imz = InMemoryZip() imz.append('DriverPackage\\firmware.bin', _get_valid_firmware()) imz.append('DriverPackage\\firmware.metainfo.xml', _get_valid_metainfo()) ufile = UploadedFile() ufile.parse('foo.zip', imz.read()) arc2 = ufile.get_repacked_cabinet() self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.bin')) self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.metainfo.xml'))
def test_valid_path_back(self): arc = GCab.Cabinet.new() _archive_add(arc, 'DriverPackage\\firmware.bin', _get_valid_firmware()) _archive_add(arc, 'DriverPackage\\firmware.metainfo.xml', _get_valid_metainfo()) ufile = UploadedFile() ufile.parse('foo.cab', _archive_to_contents(arc)) arc2 = ufile.get_repacked_cabinet() self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.bin')) self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.metainfo.xml'))
def test_extra_files(self): arc = GCab.Cabinet.new() _archive_add(arc, 'firmware.bin', _get_valid_firmware()) _archive_add(arc, 'firmware.metainfo.xml', _get_valid_metainfo()) _archive_add(arc, 'README.txt', 'fubar') ufile = UploadedFile() ufile.parse('foo.cab', _archive_to_contents(arc)) arc2 = ufile.get_repacked_cabinet() self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.bin')) self.assertTrue(_archive_get_files_from_glob(arc2, 'firmware.metainfo.xml')) self.assertFalse(_archive_get_files_from_glob(arc2, 'README.txt'))
def archive_finalize(self, arc, metadata): # get settings settings = _get_settings('info_readme') if settings['info_readme_enable'] != 'enabled': return None if not settings['info_readme_filename']: raise PluginError('No filename set') if not settings['info_readme_template']: raise PluginError('No template set') # does the readme file already exist? if _archive_get_files_from_glob(arc, settings['info_readme_filename']): print("archive already has %s" % settings['info_readme_filename']) return # read in the file and do substititons try: template = open(settings['info_readme_template'], 'rb').read() except IOError as e: raise PluginError(e) for key in metadata: template = template.replace(key, metadata[key]) # add it to the archive _archive_add(arc, settings['info_readme_filename'], template.encode('utf-8'))
def _sign_md(cfarchive, cf): # parse each metainfo file try: component = AppStreamGlib.App.new() component.parse_data(cf.get_bytes(), AppStreamGlib.AppParseFlags.NONE) except Exception as e: raise NotImplementedError('Invalid metadata in %s: %s' % (cf.get_name(), str(e))) # sign each firmware release = component.get_release_default() csum = release.get_checksum_by_target(AppStreamGlib.ChecksumTarget.CONTENT) if not csum: csum = AppStreamGlib.Checksum.new() csum.set_filename('firmware.bin') # get the filename including the correct dirname fn = os.path.join(_get_dirname_safe(cf.get_name()), csum.get_filename()) cfs = _archive_get_files_from_glob(cfarchive, fn) if not cfs: raise NotImplementedError('no %s firmware found in %s' % (fn, cf.get_name())) # sign the firmware.bin file ploader.archive_sign(cfarchive, cfs[0])
def archive_sign(self, arc, firmware_cff): # already signed detached_fn = _get_basename_safe(firmware_cff.get_name() + '.p7b') if _archive_get_files_from_glob(arc, detached_fn): return # create the detached signature blob = firmware_cff.get_bytes().get_data() blob_p7b = self._sign_blob(blob) if not blob_p7b: return # add it to the archive _archive_add(arc, detached_fn, blob_p7b.encode('utf-8'))
def archive_sign(self, arc, firmware_cff): # plugin not enabled settings = _get_settings('sign_sigul') if settings['sign_sigul_enable'] != 'enabled': return # already signed detached_fn = _get_basename_safe(firmware_cff.get_name() + '.asc') if _archive_get_files_from_glob(arc, detached_fn): return # create the detached signature blob_asc = _sigul_detached_sign_data(firmware_cff.get_bytes().get_data(), settings['sign_sigul_config_file'], settings['sign_sigul_firmware_key']) # add it to the archive _archive_add(arc, detached_fn, blob_asc.encode('utf-8'))
def _sign_fw(fw): # load the .cab file download_dir = app.config['DOWNLOAD_DIR'] fn = os.path.join(download_dir, fw.filename) try: data = open(fn, 'rb').read() except IOError as e: raise NotImplementedError('cannot read %s: %s' % (fn, str(e))) istream = Gio.MemoryInputStream.new_from_bytes(GLib.Bytes.new(data)) cfarchive = GCab.Cabinet.new() cfarchive.load(istream) cfarchive.extract(None) # look for each metainfo file cfs = _archive_get_files_from_glob(cfarchive, '*.metainfo.xml') if len(cfs) == 0: raise NotImplementedError('no .metadata.xml files in %s' % fn) # parse each MetaInfo file print('Signing: %s' % fn) for cf in cfs: _sign_md(cfarchive, cf) # save the new archive ostream = Gio.MemoryOutputStream.new_resizable() cfarchive.write_simple(ostream) cab_data = Gio.MemoryOutputStream.steal_as_bytes(ostream).get_data() # overwrite old file open(fn, 'wb').write(cab_data) # inform the plugin loader ploader.file_modified(fn) # update the database fw.checksum_signed = hashlib.sha1(cab_data).hexdigest() fw.signed_timestamp = datetime.datetime.utcnow() db.session.commit()
def archive_sign(self, arc, firmware_cff): # plugin not enabled settings = _get_settings('sign_gpg') if settings['sign_gpg_enable'] != 'enabled': return # already signed detached_fn = _get_basename_safe(firmware_cff.get_name() + '.asc') if _archive_get_files_from_glob(arc, detached_fn): return # create the detached signature if not settings['sign_gpg_keyring_dir']: raise PluginError('No keyring directory set') if not settings['sign_gpg_firmware_uid']: raise PluginError('No firmware signing UID set') affidavit = Affidavit(settings['sign_gpg_firmware_uid'], settings['sign_gpg_keyring_dir']) contents = firmware_cff.get_bytes().get_data() contents_asc = affidavit.create(contents) # add it to the archive _archive_add(arc, detached_fn, contents_asc.encode('utf-8'))