Commit 9995157c authored by Stefano Babic's avatar Stefano Babic
Browse files

Fix breakage if encryption is not set



Commit introduces the encryption into the swupdate class, but it breaks
builds if encryption is not used at all. Fix this and rework function
to retrieve key from a file.

Replace os.system() with subprocess.run() - this should be done for other
occurrencies od os.system() that is declared obsolete.
Signed-off-by: Stefano Babic's avatarStefano Babic <sbabic@denx.de>
parent 4bf4a4a3
......@@ -18,35 +18,35 @@ def swupdate_get_sha256(s, filename):
m.update(data)
return m.hexdigest()
def swupdate_extract_keys(keyfile):
def swupdate_extract_keys(keyfile_path):
try:
keys = open(keyfile)
with open(keyfile_path, 'r') as f:
lines = f.readlines()
except IOError:
bb.fatal("Failed to open file with keys %s" % (keyfile))
lines = keys.read()
keys.close()
lines = lines.splitlines(True)
for line in lines:
line = line.replace('\n', '')
kv = line.split('=')
if kv[0] == 'salt':
salt = kv[1]
if kv[0] == 'key':
key = kv[1]
if kv[0] == 'iv' or kv[0] == 'iv ':
iv = kv[1]
data = {}
for _ in lines:
k,v = _.split('=',maxsplit=1)
data[k.rstrip()] = v
key = data['key']
iv = data['iv']
salt = data['salt']
return key,iv,salt
def swupdate_encrypt_file(f, out, key, ivt, salt):
import subprocess
encargs = ["openssl", "enc", "-aes-256-cbc", "-in", f, "-out", out]
encargs += ["-K", key, "-iv", ivt, "-S", salt]
cmd = "openssl enc -aes-256-cbc -in '%s' -out '%s' -K '%s' -iv '%s' -S '%s'" % (
f,
out,
key,
ivt,
salt)
if os.system(cmd) != 0:
bb.fatal("Failed to encrypt %s" % (f))
subprocess.run(encargs, check=True)
def swupdate_write_sha256(s, filename, hash):
write_lines = []
......
......@@ -99,12 +99,16 @@ python do_swuimage () {
for url in fetch.urls:
local = fetch.localpath(url)
filename = os.path.basename(local)
aes_file = d.getVar('SWUPDATE_AES_FILE', True)
if aes_file:
key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
if (filename != 'sw-description') and (os.path.isfile(local)):
encrypted = (d.getVarFlag("SWUPDATE_IMAGES_ENCRYPTED", filename, True) or "")
key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
dst = os.path.join(s, "%s" % filename )
if encrypted == '1':
bb.note("Encryption requested for %s" %(filename))
if not key or not iv or not salt:
bb.fatal("Encryption required, but no key found")
swupdate_encrypt_file(local, dst, key, iv, salt)
else:
shutil.copyfile(local, dst)
......@@ -148,7 +152,7 @@ python do_swuimage () {
if not image_found:
bb.fatal("swupdate cannot find image file: %s" % os.path.join(deploydir, imagebase + fstype))
else: # Allow also complete entries like "image.ext4.gz" in SWUPDATE_IMAGES
if not add_image_to_swu(deploydir, image, s):
if not add_image_to_swu(deploydir, image, s, encrypted):
bb.fatal("swupdate cannot find %s image file" % image)
prepare_sw_description(d, s, list_for_cpio)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment