| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 |
- # Copyright (C) 2015-2022 Stefano Babic
- #
- # SPDX-License-Identifier: GPLv3
- DEPENDS += "python3-magic-native zstd-native"
- def swupdate_encrypt_file(f, out, key, ivt):
- import subprocess
- encargs = ["openssl", "enc", "-aes-256-cbc", "-in", f, "-out", out]
- encargs += ["-K", key, "-iv", ivt, "-nosalt"]
- subprocess.run(encargs, check=True)
- def swupdate_extract_keys(keyfile_path):
- try:
- with open(keyfile_path, 'r') as f:
- lines = f.readlines()
- except IOError:
- bb.fatal("Failed to open file with keys %s" % (keyfile_path))
- data = {}
- for _ in lines:
- k,v = _.split('=',maxsplit=1)
- data[k.rstrip()] = v
- key = data['key'].rstrip('\n')
- iv = data['iv'].rstrip('\n')
- return key,iv
- def swupdate_get_sha256(d, s, filename):
- import hashlib
- m = hashlib.sha256()
- with open(os.path.join(s, filename), 'rb') as f:
- while True:
- data = f.read(1024)
- if not data:
- break
- m.update(data)
- return m.hexdigest()
- def swupdate_get_IV(d, s, filename):
- # By default preserve original behavior: use IV from SWUPDATE_AES_FILE.
- key,iv = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
- return iv
- def swupdate_get_unique_IV(d, s, filename):
- # New behavior: use unique random IV for each filename.
- from secrets import token_hex
- iv = d.getVarFlag("SWUPDATE_IV", filename, True)
- if not iv:
- iv = token_hex(16)
- d.setVarFlag("SWUPDATE_IV", filename, iv)
- return iv
- def swupdate_get_size(d, s, filename):
- import os
- fname = os.path.join(s, filename)
- fsize = os.path.getsize(fname)
- return str(fsize)
- def swupdate_sign_file(d, s, filename):
- import subprocess
- import magic
- import base64
- fname = os.path.join(s, filename)
- mime = magic.Magic(mime=True)
- ftype = mime.from_file(fname)
- if ftype == 'application/zstd':
- zcmd = 'zstdcat'
- elif ftype == 'application/gzip':
- zcmd = 'zcat'
- else:
- zcmd = 'cat'
- privkey = d.getVar('SWUPDATE_SIGN_PRIVATE_KEY')
- dump = subprocess.run([ zcmd, fname ], check=True, capture_output=True)
- signature = subprocess.run([ "openssl", "dgst", "-keyform", "PEM", "-sha256", "-sign", privkey ] + \
- get_pwd_file_args(d, 'SWUPDATE_SIGN_PASSWORD_FILE'), check=True, capture_output=True, input=dump.stdout)
- hash = base64.b64encode(signature.stdout).decode()
- # SWUpdate accepts attribute with a maximum size of 255. If the hash
- # exceeds this value, returns sha256 of the generated hash
- #
- if len(hash) > 255:
- m = hashlib.sha256()
- m.update(hash)
- hash = m.hexdigest()
- return hash
- def swupdate_get_pkgvar(d, s, parms):
- import re
- import oe.packagedata
- def get_package_name(group):
- package = None
- pkgvar = group.split('@')
- package = pkgvar[0]
- if len(pkgvar) > 1:
- varname = pkgvar[1]
- else:
- varname = 'PV'
- return (package, varname)
- if parms is None:
- return "undefined"
- group = parms
- (package, key) = get_package_name(group)
- bb.debug(2, "Package %s defined %s" %(package, key))
- pkg_info = os.path.join(d.getVar('PKGDATA_DIR'), 'runtime-reverse', package)
- pkgdata = oe.packagedata.read_pkgdatafile(pkg_info)
- if not key in pkgdata.keys():
- bb.warn("\"%s\" not set for package %s - using \"1.0\"" % (key, package))
- version = "1.0"
- else:
- version = pkgdata[key].split('+')[0]
- return version
|
