[Cryptech-Commits] [releng/alpha] branch python3 updated: Still more fun building packages with Python 3

git at cryptech.is git at cryptech.is
Mon Jul 13 04:36:30 UTC 2020

Previous message (by thread): [Cryptech-Commits] [sw/stm32] branch python3 updated: Whack all Python shebangs to Python 3
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] branch python3 updated: Yet another wired-in python version
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch python3
in repository releng/alpha.

The following commit(s) were added to refs/heads/python3 by this push:
     new 4d6f6ce  Still more fun building packages with Python 3
4d6f6ce is described below

commit 4d6f6ceebcb0422bfcf3443e7f4eb7a9eb1e4338
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon Jul 13 00:36:11 2020 -0400

    Still more fun building packages with Python 3
---
 .gitignore                        |  7 +++++--
 Makefile                          |  1 +
 scripts/build-firmware-package.py | 29 ++++++++++++++---------------
 source/sw/libhal                  |  2 +-
 source/sw/pkcs11                  |  2 +-
 source/sw/stm32                   |  2 +-
 6 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/.gitignore b/.gitignore
index c09a26f..2c60a18 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,15 @@
-.pbuilder-sell-by-date
 build
+build.log
 cryptech-alpha*.dsc
-cryptech-alpha*.tar.xz
 cryptech-alpha*_source.build
+cryptech-alpha*_source.buildinfo
 cryptech-alpha*_source.changes
+cryptech-alpha*.tar.xz
+.pbuilder-sell-by-date
 screenlog.*
 source/cryptech-alpha-firmware.tar.gz
 source/cryptech_version.py*
 source/debian/changelog
 source/debian/control
+source/debian/files
 tap
diff --git a/Makefile b/Makefile
index 9afede5..fcbd30c 100644
--- a/Makefile
+++ b/Makefile
@@ -85,6 +85,7 @@ shadow:
 	./scripts/build-shadow-tree.py
 
 ${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
+	rm -f $@
 	fakeroot ./scripts/build-firmware-package.py $@ $^
 
 bitstream: ${BITSTREAM}
diff --git a/scripts/build-firmware-package.py b/scripts/build-firmware-package.py
index 4f078f4..6ce49ab 100755
--- a/scripts/build-firmware-package.py
+++ b/scripts/build-firmware-package.py
@@ -6,6 +6,7 @@ import argparse
 import hashlib
 import tarfile
 import json
+import sys
 import os
 
 parser = argparse.ArgumentParser()
@@ -14,8 +15,8 @@ parser.add_argument("firmware", nargs = "+",                    help = "firmware
 args = parser.parse_args()
 
 tar     = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz")
-head    = subprocess.check_output(("git", "rev-parse", "HEAD")).strip().decode()
-time    = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip().decode()
+head    = subprocess.check_output(("git", "rev-parse", "HEAD")).decode().strip()
+time    = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).decode().strip()
 commits = dict((path, hash) for hash, path, branch in
                (line.decode().split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()))
 sha256  = {}
@@ -25,20 +26,18 @@ for fn in args.firmware:
         sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest()
     tar.add(fn, os.path.basename(fn))
 
-with tempfile.NamedTemporaryFile() as f:
+manifest = json.dumps(dict(head = head, time = time, commits = commits, sha256  = sha256), indent = 2, sort_keys = True)
+
+if os.path.isdir(os.getenv("GNUPGHOME", "")):
+    gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
+                           stdin = subprocess.PIPE, stdout = subprocess.PIPE, universal_newlines = True)
+    manifest = gpg.communicate(manifest)[0]
+    if gpg.returncode:
+        sys.exit("gpg failed")
+
+with tempfile.NamedTemporaryFile("w+") as f:
     os.fchmod(f.fileno(), 0o644)
-    use_gpg = os.path.isdir(os.getenv("GNUPGHOME", ""))
-    if use_gpg:
-        gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"),
-                               stdin = subprocess.PIPE, stdout = f)
-        jf = gpg.stdin
-    else:
-        jf = f
-    jf.write(json.dumps(dict(head = head, time = time, commits = commits, sha256  = sha256), indent = 2).encode())
-    if use_gpg:
-        gpg.stdin.close()
-        if gpg.wait():
-            raise subprocess.CalledProcessError(gpg.returncode, "gpg")
+    f.write(manifest)
     f.seek(0)
     tar.add(f.name, "MANIFEST")
 
diff --git a/source/sw/libhal b/source/sw/libhal
index aab1cf4..f120a26 160000
--- a/source/sw/libhal
+++ b/source/sw/libhal
@@ -1 +1 @@
-Subproject commit aab1cf4d694b4d4fefa77f02b4c42d7683a2f43f
+Subproject commit f120a263ec422739d201843a5979bfabdf410708
diff --git a/source/sw/pkcs11 b/source/sw/pkcs11
index 5936bef..bf8e254 160000
--- a/source/sw/pkcs11
+++ b/source/sw/pkcs11
@@ -1 +1 @@
-Subproject commit 5936befa654ce79b2f9ee7cd4f3beb6489bac227
+Subproject commit bf8e254c435c972a7ab28700eab48a2b6ae79c57
diff --git a/source/sw/stm32 b/source/sw/stm32
index 52f72e1..b7e1cf4 160000
--- a/source/sw/stm32
+++ b/source/sw/stm32
@@ -1 +1 @@
-Subproject commit 52f72e1e5dc5d3b646b54363f811ee2fd7958c19
+Subproject commit b7e1cf46f7c88740732dea1d9885193567af2e78

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

Previous message (by thread): [Cryptech-Commits] [sw/stm32] branch python3 updated: Whack all Python shebangs to Python 3
Next message (by thread): [Cryptech-Commits] [sw/pkcs11] branch python3 updated: Yet another wired-in python version
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list