def generatesigpack(output_dir,
hash_package,
accept_signattrs=False,
verbose=False,
debug=False,
quiet=False):
"""Returns the signature/certs package for the hash provided.
"""
retcode = 0
errstr = ''
sig_package = ''
# Objects to be cleaned at the end
to_sign_file = None
temp_config_file = None
copied_sig_file = None
try:
# Unzip the hash package
def get_hash_package_data(package):
to_sign_package = Package(
None,
SecimageRemoteClientSigner.get_class_ToSignPackageFiles(),
package=package)
to_sign_package.update_data()
return SecimageRemoteClientSigner.use_tosign_data(
to_sign_package.pf)
to_sign, signing_config = get_hash_package_data(hash_package)
# Extract the signing info
signing_config = json.loads(signing_config)
chipset = str(signing_config['chipset'])
sign_id = str(signing_config['sign_id'])
# Save to_sign to a temp file
to_sign_file_path = c_path.join(output_dir, 'hash_to_sign.bin')
store_data_to_file(to_sign_file_path, to_sign)
to_sign_file = to_sign_file_path
if retcode == 0:
# Create new config file to update the allow signing attribute &
# the file type
def update_cfg_cb(config):
remote_config = auto_gen_xml_config.complex_remote_signer_attributes(
)
remote_config.allow_signing_overrides = accept_signattrs
config.root.signing.signer_attributes.remote_signer_attributes = remote_config
sign_id_config = config.get_config_for_sign_id(sign_id)
sign_id_config.pil_split = False
sign_id_config.image_type = 'hash_to_sign'
temp_config_file = c_path.join(output_dir,
'signature_package_config.xml')
update_config(chipset, update_cfg_cb, temp_config_file)
# Launch secimage once to get the image info list
il = launch_secimage(config=temp_config_file,
output_dir=output_dir,
sign_id=sign_id,
imagefile=to_sign_file,
signer=SIGNER_LOCAL,
verify_input=True,
verbose=verbose,
debug=debug,
quiet=(False if verbose else True))
# Copy the zip to where its expected in the output directory
hash_package_exp = SecimageRemoteClientSigner.get_to_sign_package_path(
il[0])
if (hash_package != hash_package_exp):
c_path.create_dir(os.path.dirname(hash_package_exp))
ret, err = copy_file(hash_package, hash_package_exp)
copied_sig_file = hash_package_exp
if not ret:
raise RuntimeError(err)
# Launch secimage
il = launch_secimage(config=temp_config_file,
output_dir=output_dir,
sign_id=sign_id,
imagefile=to_sign_file,
signer=SIGNER_LOCAL,
sign=True,
verbose=verbose,
debug=debug,
quiet=quiet)
# Verify the signature package was generated
sig_package = SecimageRemoteClientSigner.get_signature_package_path(
il[0])
if not c_path.validate_file(sig_package):
retcode = 1
errstr = 'Failed to generate the signature package. ' + str(
il[0].status.sign.error)
except Exception as e:
retcode = 1
errstr = 'Exception occurred while running secimage. Exception - ' + str(
e)
finally:
if not debug:
if to_sign_file is not None:
try:
os.remove(to_sign_file)
except Exception:
pass
if temp_config_file is not None:
try:
os.remove(temp_config_file)
except Exception:
pass
if copied_sig_file is not None:
try:
os.remove(copied_sig_file)
except Exception:
pass
return retcode, errstr, sig_package
def generatehash(chipset,
output_dir,
sign_id=None,
imagefile=None,
metabuild=None,
send_signattrs=False,
verbose=False,
debug=False,
quiet=False):
"""Returns the hash for the image file that should be signed.
"""
retcode = 0
errstr = ''
hash_package = ''
try:
# Launch secimage once to get the image info list
il = launch_secimage(chipset=chipset,
output_dir=output_dir,
sign_id=sign_id,
imagefile=imagefile,
metabuild=metabuild,
signer=SIGNER_LOCAL,
verify_input=True,
verbose=verbose,
debug=debug,
quiet=(False if verbose else True))
# Check that the signature package isnt already present
signature_package = SecimageRemoteClientSigner.get_signature_package_path(
il[0])
if c_path.validate_file(signature_package):
retcode = 1
errstr = ('Signature package ' + signature_package +
' is present. '
'Please remove to generate hash.')
# Continue if no error
if retcode == 0:
# Check that the hash package isnt already present
hash_package = SecimageRemoteClientSigner.get_to_sign_package_path(
il[0])
if c_path.validate_file(hash_package):
retcode = 1
errstr = ('Hash package ' + hash_package +
' is already present. '
'Please remove to re-generate hash.')
# Continue if no error
if retcode == 0:
# Create new config file to update the send signing attribute
temp_config_file = None
if send_signattrs:
def update_cfg_cb(config):
remote_config = auto_gen_xml_config.complex_remote_client_signer_attributes(
)
remote_config.send_signing_overrides = send_signattrs
config.root.signing.signer_attributes.remote_client_signer_attributes = remote_config
temp_config_file = c_path.join(output_dir,
'hash_package_config.xml')
update_config(chipset, update_cfg_cb, temp_config_file)
chipset = None
try:
# Launch secimage to generate the hash package
il = launch_secimage(chipset=chipset,
output_dir=output_dir,
sign_id=sign_id,
imagefile=imagefile,
metabuild=metabuild,
signer=SIGNER_REMOTE,
sign=True,
verbose=verbose,
debug=debug,
quiet=quiet,
config=temp_config_file)
finally:
if not debug:
try:
os.remove(temp_config_file)
except Exception as e:
pass
# Verify the hash package was generated
hash_package = SecimageRemoteClientSigner.get_to_sign_package_path(
il[0])
if not c_path.validate_file(hash_package):
retcode = 1
errstr = 'Failed to generate the hash package. ' + str(
il[0].status.sign.error)
except Exception as e:
retcode = 1
errstr = 'Exception occurred while running secimage. Exception - ' + str(
e)
return retcode, errstr, hash_package
