diff mbox series

Fix breakage if encryption is not set

Message ID 20201130124125.95849-1-sbabic@denx.de
State Accepted
Headers show
Series Fix breakage if encryption is not set | expand

Commit Message

Stefano Babic Nov. 30, 2020, 12:41 p.m. UTC
Commit 44a454 introduces the encryption into the swupdate class, but it breaks
builds if encryption is not used at all. Fix this and rework function
to retrieve key from a file.

Replace os.system() with subprocess.run() - this should be done for other
occurrencies od os.system() that is declared obsolete.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 classes/swupdate-common.bbclass | 34 ++++++++++++++++-----------------
 classes/swupdate.bbclass        |  4 ++--
 2 files changed, 19 insertions(+), 19 deletions(-)
diff mbox series

Patch

diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass
index 17c7916..cbcdf3d 100644
--- a/classes/swupdate-common.bbclass
+++ b/classes/swupdate-common.bbclass
@@ -18,35 +18,35 @@  def swupdate_get_sha256(s, filename):
             m.update(data)
     return m.hexdigest()
 
-def swupdate_extract_keys(keyfile):
+def swupdate_extract_keys(keyfile_path):
     try:
-        keys = open(keyfile)
+        with open(keyfile_path, 'r') as f:
+            lines = f.readlines()
     except IOError:
         bb.fatal("Failed to open file with keys %s" % (keyfile))
-    lines = keys.read()
-    keys.close()
-    lines = lines.splitlines(True)
-    for line in lines:
-        line = line.replace('\n', '')
-        kv = line.split('=')
-        if kv[0] == 'salt':
-            salt = kv[1]
-        if kv[0] == 'key':
-            key = kv[1]
-        if kv[0] == 'iv' or kv[0] == 'iv ':
-            iv = kv[1]
+
+    data = {}
+    for _ in lines:
+        k,v = _.split('=',maxsplit=1)
+        data[k.rstrip()] = v
+
+    key = data['key']
+    iv = data['iv']
+    salt = data['salt']
+
     return key,iv,salt
 
 def swupdate_encrypt_file(f, out, key, ivt, salt):
+    import subprocess
+    encargs = ["openssl", "enc", "-aes-256-cbc", "-in", f, "-out", out]
+    encargs += ["-K", key, "-iv", ivt, "-S", salt]
     cmd = "openssl enc -aes-256-cbc -in '%s' -out '%s' -K '%s' -iv '%s' -S '%s'" % (
                 f,
                 out,
                 key,
                 ivt,
                 salt)
-    if os.system(cmd) != 0:
-        bb.fatal("Failed to encrypt %s" % (f))
-
+    subprocess.run(encargs, check=True)
 
 def swupdate_write_sha256(s, filename, hash):
     write_lines = []
diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index b94955c..6e5cb7a 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -101,9 +101,9 @@  python do_swuimage () {
         filename = os.path.basename(local)
         if (filename != 'sw-description') and (os.path.isfile(local)):
             encrypted = (d.getVarFlag("SWUPDATE_IMAGES_ENCRYPTED", filename, True) or "")
-            key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
             dst = os.path.join(s, "%s" % filename )
             if encrypted == '1':
+                key,iv,salt = swupdate_extract_keys(d.getVar('SWUPDATE_AES_FILE', True))
                 bb.note("Encryption requested for %s" %(filename))
                 swupdate_encrypt_file(local, dst, key, iv, salt)
             else:
@@ -148,7 +148,7 @@  python do_swuimage () {
                 if not image_found:
                     bb.fatal("swupdate cannot find image file: %s" % os.path.join(deploydir, imagebase + fstype))
         else:  # Allow also complete entries like "image.ext4.gz" in SWUPDATE_IMAGES
-            if not add_image_to_swu(deploydir, image, s):
+            if not add_image_to_swu(deploydir, image, s, encrypted):
                 bb.fatal("swupdate cannot find %s image file" % image)
 
     prepare_sw_description(d, s, list_for_cpio)