From patchwork Fri Jul 22 11:04:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ayoub Zaki X-Patchwork-Id: 1659485 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20210112 header.b=VYk9EvJk; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::33b; helo=mail-wm1-x33b.google.com; envelope-from=swupdate+bncbdbktzhrzujrbw4i5klamgqe4onigoi@googlegroups.com; receiver=) Received: from mail-wm1-x33b.google.com (mail-wm1-x33b.google.com [IPv6:2a00:1450:4864:20::33b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Lq66B63Sdz9sGH for ; Fri, 22 Jul 2022 21:05:05 +1000 (AEST) Received: by mail-wm1-x33b.google.com with SMTP id az39-20020a05600c602700b003a321d33238sf2380994wmb.1 for ; Fri, 22 Jul 2022 04:05:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1658487899; cv=pass; d=google.com; s=arc-20160816; b=vZhjnA2kwWi4s3JwfJwZy3ohYL8lhoIMOd8IVUbVJM3EfltxDJLTcGUYNzyZ+XRhdL GXTYBMa5po2lQLLqaIfsqM4SCwqkT+06uUiYw9ubYKnuWzeeoXJatYdaxGaovw+pYMG5 byKHbBZj2fogN3bMvaCwFVi5r4P1uM/zR8m70RBYi5mDgZa7rU4MzucjFk3YAg6yMzMa 8/DV6w+Cgs8+2vlFeflnsNVPh8RwD1JQYk5P+TEwdQhyoDBzGKjM4Q0/dUqETbQ39ABg it49M7pBtL5VQ+yJlD00puWu0gw9oVicmjUgBH98JhIHu2noBbkC4i81h4mwNIHaA1ss jZ9A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=7W48NhQclmBoHv3KR6e4Tw89xNw9L4+CcMzDC73FBDY=; b=dpzBVQkep69wBH2eExh2YVnHH3WwELrNPrUUwmwtbnDleNVOF7qfmjTMfU1Bps3SS6 CVm0Kcl4OqYpYiXpDsXmKxzwtR2kQAQjVWDQJ3K+nSJ8sDxyOxNS6D+DL70fD2r50vjH uie6LYIW5L1+P+S6c6zFehxI609oj8kkgIH8CD+rgCQx9ootu6BCTr7gQaOqtNv30UnJ OAV7XAiZ9ona3JSq93Qz8B4S34aBOZUUOQ8KcO0AvV6a2PXEs28hDcdDOdOnToJ/sXQn 94eB8HjjznAJRcnpN4rm7TL5Tis0xN2zmNopXmxWgKf4o/eZ2JRPKPTuoopKizFM4L3P SREA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@embexus.com header.s=rsa1 header.b=EX3dUrcq; dkim=neutral (no key) header.i=@embexus.com header.s=ed1; spf=neutral (google.com: 46.30.212.12 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) smtp.mailfrom=ayoub.zaki@embexus.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=7W48NhQclmBoHv3KR6e4Tw89xNw9L4+CcMzDC73FBDY=; b=VYk9EvJk2W10ApnnGoHXGSQzRIKofliF2fTTTxA7PvMAdhXDqeOygUbTrdrE/CeRpV m47+ECwb53DIqp7JbUkH+9yiEJjwl9YcOki9cbLQl0006faU3yTWa+aS+e1G2sJ/xdOa yJ93ADfwitjtcyF4VOck2pVCiSMnbJa4nhivZxTffvCm3Bkj+cloJxeczy2Z8teIVmLw nr/Ykt0gtLrQHHDAuK7rkVfrZExGwjGLXLUXRjkyOQKq7+3deuKmYUw2ilnUy1DbCxSA oIcgQookYlcmTqz5dtwaHfeFcGGhcTmpoxVqpdjBiKttBvfLAvfKfQaEWhzg7KmjLDz6 rxhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=7W48NhQclmBoHv3KR6e4Tw89xNw9L4+CcMzDC73FBDY=; b=A2UXaIaOrtwiyh/CgMPCuejCkAgCcusMdgcJk2XQWcgUmZhgSyndlamzk5e4Gbp7Ki 1ecuCKjZuzxH/q5upL5eJP53IZ6JVrPMpeYa74FefrR/3XchoRp9GeT3FOnZYJ6Brr5v 5R8LVTz+zdYGjUiBH6b9y+fWlvUNE2GXaacogXuSJdaMISFZWmPAdyPE90Lqwh8KP+Ur 436NScPmWcw3GgkxuQXW38LTMqQD8oaZN+o5V/+py3Kl15CqZhUbrwk18jA+yjAHSDHZ H+YdXk4dviY/LZxjiE9TCXFLgvxaBFlaQo35lp+CrT+ZdxIAV6I1hvcnYVISAurK/Dn/ VqBA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AJIora/MGqS8aYQhAXT8JpxzRn+EyQvwUtA6WHKGcH0eEpcsCU+FEL6k C6X6gXyQtIGIg8RdNeke0ks= X-Google-Smtp-Source: AGRyM1vkOnvZ3z2emW5tfl1xh2s5A0e1qTjugwipewo3JtoQJEf/zSX1Qb6yUwAa2fFuYF9ocZ3MCg== X-Received: by 2002:a05:600c:1e21:b0:3a3:27b9:8c00 with SMTP id ay33-20020a05600c1e2100b003a327b98c00mr12415374wmb.138.1658487899608; Fri, 22 Jul 2022 04:04:59 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a5d:6547:0:b0:21d:668b:3503 with SMTP id z7-20020a5d6547000000b0021d668b3503ls2560286wrv.2.-pod-prod-gmail; Fri, 22 Jul 2022 04:04:58 -0700 (PDT) X-Received: by 2002:a5d:4e08:0:b0:21d:a689:7dd1 with SMTP id p8-20020a5d4e08000000b0021da6897dd1mr2077557wrt.477.1658487898187; Fri, 22 Jul 2022 04:04:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658487898; cv=none; d=google.com; s=arc-20160816; b=I8FlOPIWp7kSJFa0kQrfzV/urI0nPehqakXyxb0DnOxgNWnm8z8N0hz+Njh/2ZxZo7 XwbNSrww80gTWknwWF11rApbeHcpA2El4SRIPxdoSQ/yI3aV0XZLB0Qs2vqcWP7LqU9t z9zWb2bGH7ih05qw5UUhrXPSJlbGTppCiyVYWpTqHwlE35Uq0Tj4C6DSs6Hho7zWoD5r ksH19R9jAfE+O5UoJ6mFrwFArE7oXnSreICqoUttD9WPRn76fdrqKzHyIVcr4laH+nx6 0IEQ0+m5sUEdlDWOMY9JquBbosVeh45iPfuwTaI8hQtalXqcHzvC0JkHc2TtVW3QHx8r yw+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:dkim-signature; bh=iZ5NjhLHnW+dnYO4zrWosZ1KQydx6lxcMoGKpmFw6/U=; b=U9iXEU0RxXgr8ktt6nNa9qxfT/lLHnbzCt7sKBEsB53A28N/I78X0sExyeX7b3dyL2 GtuR7fUOGzKvElCTRIWO4wV1/P+dscGqtWKYKVIqw0Y2hZ16I3jhhhGB6U6jl0oD/ixk CtwjI/UKaBLupmqvA+/kfSdAx6uaTik46sVm3W2iTb5BxXAEVcS9RIwNVxa3wEBJI/p3 bg2Y0/dgIpuDZEvZay3mETj8Bxgaej60OEb/d6iD4oLsjEeolwRCYpKmVY50Y9Pl+n8b T/NaYtTmxByjSIXbZ7LGn6QLGFGqoFqbzwfeL017BvXIabDtnTo2NI5IylGsZke7pIuV RQ6A== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@embexus.com header.s=rsa1 header.b=EX3dUrcq; dkim=neutral (no key) header.i=@embexus.com header.s=ed1; spf=neutral (google.com: 46.30.212.12 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) smtp.mailfrom=ayoub.zaki@embexus.com Received: from mailrelay3-3.pub.mailoutpod1-cph3.one.com (mailrelay3-3.pub.mailoutpod1-cph3.one.com. [46.30.212.12]) by gmr-mx.google.com with ESMTPS id p127-20020a1c2985000000b003a2e98573desi472736wmp.3.2022.07.22.04.04.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Jul 2022 04:04:58 -0700 (PDT) Received-SPF: neutral (google.com: 46.30.212.12 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) client-ip=46.30.212.12; X-HalOne-Cookie: 67acd7bffe15d0cd3639bc77091f6783de7b6ee8 X-HalOne-ID: 1ebf6989-09ae-11ed-be7f-d0431ea8bb03 Received: from xps13.fritz.box (dynamic-2a02-3102-8c10-00a0-00f0-5701-c248-6099.310.pool.telefonica.de [2a02:3102:8c10:a0:f0:5701:c248:6099]) by mailrelay3.pub.mailoutpod1-cph3.one.com (Halon) with ESMTPSA id 1ebf6989-09ae-11ed-be7f-d0431ea8bb03; Fri, 22 Jul 2022 11:04:57 +0000 (UTC) From: Ayoub Zaki To: swupdate@googlegroups.com Cc: Ayoub Zaki Subject: [swupdate] [swugenerator][PATCH] add option to encrypt sw-description Date: Fri, 22 Jul 2022 13:04:55 +0200 Message-Id: <20220722110455.22146-1-ayoub.zaki@embexus.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Original-Sender: ayoub.zaki@embexus.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@embexus.com header.s=rsa1 header.b=EX3dUrcq; dkim=neutral (no key) header.i=@embexus.com header.s=ed1; spf=neutral (google.com: 46.30.212.12 is neither permitted nor denied by best guess record for domain of ayoub.zaki@embexus.com) smtp.mailfrom=ayoub.zaki@embexus.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Signed-off-by: Ayoub Zaki --- swugenerator/generator.py | 11 ++++++++++- swugenerator/main.py | 10 ++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/swugenerator/generator.py b/swugenerator/generator.py index c6b55e8..aad1f3e 100644 --- a/swugenerator/generator.py +++ b/swugenerator/generator.py @@ -3,6 +3,7 @@ # SPDX-License-Identifier: GPLv3 import logging import os +import shutil import re import codecs import libconf @@ -15,7 +16,7 @@ from swugenerator.artifact import Artifact class SWUGenerator: - def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, no_compress=False): + def __init__(self, template, out, confvars, dirs, crypt, aeskey, firstiv, encrypt_swdesc=False, no_compress=False): self.swdescription = template self.artifacts = [] self.out = open(out, 'wb') @@ -29,6 +30,7 @@ class SWUGenerator: self.signtool = crypt self.aeskey = aeskey self.aesiv = firstiv + self.encryptswdesc = encrypt_swdesc self.nocompress = no_compress @staticmethod @@ -152,6 +154,13 @@ class SWUGenerator: self.signtool.prepare_cmd(sw_desc_in, sw_desc_out) self.signtool.sign() + # Encrypt sw-description if required + if self.aeskey and self.encryptswdesc: + iv = self.generate_iv() + sw_desc_out = os.path.join(self.temp.name, 'sw-description.enc') + sw.encrypt(sw_desc_out, self.aeskey, iv) + shutil.copyfile(sw_desc_out, sw.fullfilename) + for artifact in self.artifacts: self.cpiofile.addartifacttoswu(artifact.fullfilename) diff --git a/swugenerator/main.py b/swugenerator/main.py index 318e333..f6173ff 100644 --- a/swugenerator/main.py +++ b/swugenerator/main.py @@ -78,6 +78,15 @@ def main() -> None: help="sw-description template", ) + parser.add_argument( + "-t", + "--encrypt-swdesc", + action='store_const', + const=True, + default=False, + help="Encrypt sw-description", + ) + parser.add_argument( "-a", "--artifactory", @@ -172,6 +181,7 @@ def main() -> None: artidirs, sign_option, key, iv, + args.encrypt_swdesc, args.no_compress) swu.process() swu.close()