def generatesigpack(output_dir, hash_package, accept_signattrs=False, verbose=False, debug=False, quiet=False): """Returns the signature/certs package for the hash provided. """ retcode = 0 errstr = '' sig_package = '' # Objects to be cleaned at the end to_sign_file = None temp_config_file = None copied_sig_file = None try: # Unzip the hash package def get_hash_package_data(package): to_sign_package = Package( None, SecimageRemoteClientSigner.get_class_ToSignPackageFiles(), package=package) to_sign_package.update_data() return SecimageRemoteClientSigner.use_tosign_data( to_sign_package.pf) to_sign, signing_config = get_hash_package_data(hash_package) # Extract the signing info signing_config = json.loads(signing_config) chipset = str(signing_config['chipset']) sign_id = str(signing_config['sign_id']) # Save to_sign to a temp file to_sign_file_path = c_path.join(output_dir, 'hash_to_sign.bin') store_data_to_file(to_sign_file_path, to_sign) to_sign_file = to_sign_file_path if retcode == 0: # Create new config file to update the allow signing attribute & # the file type def update_cfg_cb(config): remote_config = auto_gen_xml_config.complex_remote_signer_attributes( ) remote_config.allow_signing_overrides = accept_signattrs config.root.signing.signer_attributes.remote_signer_attributes = remote_config sign_id_config = config.get_config_for_sign_id(sign_id) sign_id_config.pil_split = False sign_id_config.image_type = 'hash_to_sign' temp_config_file = c_path.join(output_dir, 'signature_package_config.xml') update_config(chipset, update_cfg_cb, temp_config_file) # Launch secimage once to get the image info list il = launch_secimage(config=temp_config_file, output_dir=output_dir, sign_id=sign_id, imagefile=to_sign_file, signer=SIGNER_LOCAL, verify_input=True, verbose=verbose, debug=debug, quiet=(False if verbose else True)) # Copy the zip to where its expected in the output directory hash_package_exp = SecimageRemoteClientSigner.get_to_sign_package_path( il[0]) if (hash_package != hash_package_exp): c_path.create_dir(os.path.dirname(hash_package_exp)) ret, err = copy_file(hash_package, hash_package_exp) copied_sig_file = hash_package_exp if not ret: raise RuntimeError(err) # Launch secimage il = launch_secimage(config=temp_config_file, output_dir=output_dir, sign_id=sign_id, imagefile=to_sign_file, signer=SIGNER_LOCAL, sign=True, verbose=verbose, debug=debug, quiet=quiet) # Verify the signature package was generated sig_package = SecimageRemoteClientSigner.get_signature_package_path( il[0]) if not c_path.validate_file(sig_package): retcode = 1 errstr = 'Failed to generate the signature package. ' + str( il[0].status.sign.error) except Exception as e: retcode = 1 errstr = 'Exception occurred while running secimage. Exception - ' + str( e) finally: if not debug: if to_sign_file is not None: try: os.remove(to_sign_file) except Exception: pass if temp_config_file is not None: try: os.remove(temp_config_file) except Exception: pass if copied_sig_file is not None: try: os.remove(copied_sig_file) except Exception: pass return retcode, errstr, sig_package
def generatehash(chipset, output_dir, sign_id=None, imagefile=None, metabuild=None, send_signattrs=False, verbose=False, debug=False, quiet=False): """Returns the hash for the image file that should be signed. """ retcode = 0 errstr = '' hash_package = '' try: # Launch secimage once to get the image info list il = launch_secimage(chipset=chipset, output_dir=output_dir, sign_id=sign_id, imagefile=imagefile, metabuild=metabuild, signer=SIGNER_LOCAL, verify_input=True, verbose=verbose, debug=debug, quiet=(False if verbose else True)) # Check that the signature package isnt already present signature_package = SecimageRemoteClientSigner.get_signature_package_path( il[0]) if c_path.validate_file(signature_package): retcode = 1 errstr = ('Signature package ' + signature_package + ' is present. ' 'Please remove to generate hash.') # Continue if no error if retcode == 0: # Check that the hash package isnt already present hash_package = SecimageRemoteClientSigner.get_to_sign_package_path( il[0]) if c_path.validate_file(hash_package): retcode = 1 errstr = ('Hash package ' + hash_package + ' is already present. ' 'Please remove to re-generate hash.') # Continue if no error if retcode == 0: # Create new config file to update the send signing attribute temp_config_file = None if send_signattrs: def update_cfg_cb(config): remote_config = auto_gen_xml_config.complex_remote_client_signer_attributes( ) remote_config.send_signing_overrides = send_signattrs config.root.signing.signer_attributes.remote_client_signer_attributes = remote_config temp_config_file = c_path.join(output_dir, 'hash_package_config.xml') update_config(chipset, update_cfg_cb, temp_config_file) chipset = None try: # Launch secimage to generate the hash package il = launch_secimage(chipset=chipset, output_dir=output_dir, sign_id=sign_id, imagefile=imagefile, metabuild=metabuild, signer=SIGNER_REMOTE, sign=True, verbose=verbose, debug=debug, quiet=quiet, config=temp_config_file) finally: if not debug: try: os.remove(temp_config_file) except Exception as e: pass # Verify the hash package was generated hash_package = SecimageRemoteClientSigner.get_to_sign_package_path( il[0]) if not c_path.validate_file(hash_package): retcode = 1 errstr = 'Failed to generate the hash package. ' + str( il[0].status.sign.error) except Exception as e: retcode = 1 errstr = 'Exception occurred while running secimage. Exception - ' + str( e) return retcode, errstr, hash_package