diff mbox series

[meta-swupdate,v2,4/4] Add os.system for CUSTOM signing

Message ID 1637655618-29439-1-git-send-email-jyothik41rao@gmail.com
State Rejected
Headers show
Series None | expand

Commit Message

Jyothi K Nov. 23, 2021, 8:20 a.m. UTC 
Signed-off-by: Jyothi <jyothik41rao@gmail.com>
---
 classes/swupdate-common.bbclass | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Stefano Babic Nov. 23, 2021, 9 a.m. UTC | #1 
Hi Jyothi,

On 23.11.21 09:20, Jyothi wrote:
> Signed-off-by: Jyothi <jyothik41rao@gmail.com>
> ---
>   classes/swupdate-common.bbclass | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass
> index bbb68b3..2e2cc34 100644
> --- a/classes/swupdate-common.bbclass
> +++ b/classes/swupdate-common.bbclass
> @@ -284,7 +284,14 @@ def prepare_sw_description(d):
>               signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out", sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] + get_pwd_file_args() + ["-outform", "DER", "-nosmimecap", "-binary"]
>           else:
>               bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
> -        subprocess.run(signcmd, check=True)
> +
> +        if(signing == "CUSTOM"):
> +            ret=os.system(signcmd)
> +            if ret != 0:
> +                bb.fatal("Failed to sign with %s" % (signcmd))
> +        else:
> +            subprocess.run(signcmd, check=True)
> +
>   

It is completely missed why this step back is required. Which are the 
issues, which CUSTOM tool are you using that cause the issue you are 
facing ?

Best regards,
Stefano Babic

>   
>   def swupdate_add_src_uri(d, list_for_cpio):
>
Jyothi K Nov. 23, 2021, 9:10 a.m. UTC | #2 
Hi Stefano,

Am using our custom PKI script to sign the file. Am passing 

SWUPDATE_SIGN_TOOL = "${BSPDIR}/path_to_the_script ${S}/sw-file"

Since we have subprocess command now instead of os.system. I have to do lot 
of changes in script to make it compatible for subprocess command

something like ['${BSPDIR}/path_to_the_script', '${S}/sw-file']. This means 
I have to use two variables one for the tool and one for the file. Then 
modify the bbclass file to read both variables and pass to subprocess 
command. So I thought using os.system would be better.

Thanks,
Jyothi

On Tuesday, November 23, 2021 at 2:30:43 PM UTC+5:30 Stefano Babic wrote:

> Hi Jyothi,
>
> On 23.11.21 09:20, Jyothi wrote:
> > Signed-off-by: Jyothi <jyothi...@gmail.com>
> > ---
> > classes/swupdate-common.bbclass | 9 ++++++++-
> > 1 file changed, 8 insertions(+), 1 deletion(-)
> > 
> > diff --git a/classes/swupdate-common.bbclass 
> b/classes/swupdate-common.bbclass
> > index bbb68b3..2e2cc34 100644
> > --- a/classes/swupdate-common.bbclass
> > +++ b/classes/swupdate-common.bbclass
> > @@ -284,7 +284,14 @@ def prepare_sw_description(d):
> > signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out", 
> sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] + get_pwd_file_args() 
> + ["-outform", "DER", "-nosmimecap", "-binary"]
> > else:
> > bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
> > - subprocess.run(signcmd, check=True)
> > +
> > + if(signing == "CUSTOM"):
> > + ret=os.system(signcmd)
> > + if ret != 0:
> > + bb.fatal("Failed to sign with %s" % (signcmd))
> > + else:
> > + subprocess.run(signcmd, check=True)
> > +
> > 
>
> It is completely missed why this step back is required. Which are the 
> issues, which CUSTOM tool are you using that cause the issue you are 
> facing ?
>
> Best regards,
> Stefano Babic
>
> > 
> > def swupdate_add_src_uri(d, list_for_cpio):
> > 
>
>
> -- 
> =====================================================================
> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: +49-8142-66989-53 <+49%208142%206698953> Fax: +49-8142-66989-80 
> <+49%208142%206698980> Email: sba...@denx.de
> =====================================================================
>
Stefano Babic Nov. 23, 2021, 9:26 a.m. UTC | #3 
Hi Jyothi,

On 23.11.21 10:10, Jyothi K wrote:
> Hi Stefano,
> 
> Am using our custom PKI script to sign the file. Am passing
> 
> SWUPDATE_SIGN_TOOL = "${BSPDIR}/path_to_the_script ${S}/sw-file"
> 
> Since we have subprocess command now instead of os.system. I have to do 
> lot of changes in script to make it compatible for subprocess command
> 

mmhhh...this seems the wrong way to do this. You should let the script 
as it is, and the class should provide the same API but using the 
subprocess.

You can split the variable SWUPDATE_SIGN_TOOL in token, and then you 
have the same setup as with openssl. You can then assembly the signcmd 
as array as done for openssl by iterating all words found in 
SWUPDATE_SIGN_TOOL.

In this way, it will work with subprocess independently from the number 
of parameters, and you can later add a new parameter to your script 
without changing again the class.

> something like ['${BSPDIR}/path_to_the_script', '${S}/sw-file']. This 
> means I have to use two variables one for the tool

No, this does not scale. You have to parse SWUPDATE_SIGN_TOOL and create 
signcmd.

> and one for the file. 
> Then modify the bbclass file to read both variables and pass to 
> subprocess command. So I thought using os.system would be better.
> 

Best regards,
Stefano Babic

> Thanks,
> Jyothi
> 
> On Tuesday, November 23, 2021 at 2:30:43 PM UTC+5:30 Stefano Babic wrote:
> 
>     Hi Jyothi,
> 
>     On 23.11.21 09:20, Jyothi wrote:
>      > Signed-off-by: Jyothi <jyothi...@gmail.com>
>      > ---
>      > classes/swupdate-common.bbclass | 9 ++++++++-
>      > 1 file changed, 8 insertions(+), 1 deletion(-)
>      >
>      > diff --git a/classes/swupdate-common.bbclass
>     b/classes/swupdate-common.bbclass
>      > index bbb68b3..2e2cc34 100644
>      > --- a/classes/swupdate-common.bbclass
>      > +++ b/classes/swupdate-common.bbclass
>      > @@ -284,7 +284,14 @@ def prepare_sw_description(d):
>      > signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out",
>     sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] +
>     get_pwd_file_args() + ["-outform", "DER", "-nosmimecap", "-binary"]
>      > else:
>      > bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
>      > - subprocess.run(signcmd, check=True)
>      > +
>      > + if(signing == "CUSTOM"):
>      > + ret=os.system(signcmd)
>      > + if ret != 0:
>      > + bb.fatal("Failed to sign with %s" % (signcmd))
>      > + else:
>      > + subprocess.run(signcmd, check=True)
>      > +
>      >
> 
>     It is completely missed why this step back is required. Which are the
>     issues, which CUSTOM tool are you using that cause the issue you are
>     facing ?
> 
>     Best regards,
>     Stefano Babic
> 
>      >
>      > def swupdate_add_src_uri(d, list_for_cpio):
>      >
> 
> 
>     -- 
>     =====================================================================
>     DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
>     HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>     Phone: +49-8142-66989-53 <tel:+49%208142%206698953> Fax:
>     +49-8142-66989-80 <tel:+49%208142%206698980> Email: sba...@denx.de
>     =====================================================================
> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to swupdate+unsubscribe@googlegroups.com 
> <mailto:swupdate+unsubscribe@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com 
> <https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Jyothi K Nov. 23, 2021, 11:10 a.m. UTC | #4 
Hi Stefano,

I modified the swupdate-common.bbclass like this as you suggested

==============================================================================
diff --git a/classes/swupdate-common.bbclass 
b/classes/swupdate-common.bbclass
index bbb68b3..7d06c96 100644
--- a/classes/swupdate-common.bbclass
+++ b/classes/swupdate-common.bbclass
@@ -260,7 +260,11 @@ def prepare_sw_description(d):
         sw_desc =  os.path.join(s, 'sw-description.plain' if encrypt else 
'sw-description')
 
         if signing == "CUSTOM":
-            signcmd = d.getVar('SWUPDATE_SIGN_TOOL', True)
+            signcmd = []
+            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
+            signtool = sign_tool.split()
+            for i in range(len(signtool)):
+                signcmd.append(signtool[i])
             if not signcmd:
                 bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
         elif signing == "RSA":
=============================================================================
If this is fine. Let me know I shall create a patch 

Thanks,
Jyothi

On Tuesday, November 23, 2021 at 2:56:40 PM UTC+5:30 Stefano Babic wrote:

> Hi Jyothi,
>
> On 23.11.21 10:10, Jyothi K wrote:
> > Hi Stefano,
> > 
> > Am using our custom PKI script to sign the file. Am passing
> > 
> > SWUPDATE_SIGN_TOOL = "${BSPDIR}/path_to_the_script ${S}/sw-file"
> > 
> > Since we have subprocess command now instead of os.system. I have to do 
> > lot of changes in script to make it compatible for subprocess command
> > 
>
> mmhhh...this seems the wrong way to do this. You should let the script 
> as it is, and the class should provide the same API but using the 
> subprocess.
>
> You can split the variable SWUPDATE_SIGN_TOOL in token, and then you 
> have the same setup as with openssl. You can then assembly the signcmd 
> as array as done for openssl by iterating all words found in 
> SWUPDATE_SIGN_TOOL.
>
> In this way, it will work with subprocess independently from the number 
> of parameters, and you can later add a new parameter to your script 
> without changing again the class.
>
> > something like ['${BSPDIR}/path_to_the_script', '${S}/sw-file']. This 
> > means I have to use two variables one for the tool
>
> No, this does not scale. You have to parse SWUPDATE_SIGN_TOOL and create 
> signcmd.
>
> > and one for the file. 
> > Then modify the bbclass file to read both variables and pass to 
> > subprocess command. So I thought using os.system would be better.
> > 
>
> Best regards,
> Stefano Babic
>
> > Thanks,
> > Jyothi
> > 
> > On Tuesday, November 23, 2021 at 2:30:43 PM UTC+5:30 Stefano Babic wrote:
> > 
> > Hi Jyothi,
> > 
> > On 23.11.21 09:20, Jyothi wrote:
> > > Signed-off-by: Jyothi <jyothi...@gmail.com>
> > > ---
> > > classes/swupdate-common.bbclass | 9 ++++++++-
> > > 1 file changed, 8 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/classes/swupdate-common.bbclass
> > b/classes/swupdate-common.bbclass
> > > index bbb68b3..2e2cc34 100644
> > > --- a/classes/swupdate-common.bbclass
> > > +++ b/classes/swupdate-common.bbclass
> > > @@ -284,7 +284,14 @@ def prepare_sw_description(d):
> > > signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out",
> > sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] +
> > get_pwd_file_args() + ["-outform", "DER", "-nosmimecap", "-binary"]
> > > else:
> > > bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
> > > - subprocess.run(signcmd, check=True)
> > > +
> > > + if(signing == "CUSTOM"):
> > > + ret=os.system(signcmd)
> > > + if ret != 0:
> > > + bb.fatal("Failed to sign with %s" % (signcmd))
> > > + else:
> > > + subprocess.run(signcmd, check=True)
> > > +
> > >
> > 
> > It is completely missed why this step back is required. Which are the
> > issues, which CUSTOM tool are you using that cause the issue you are
> > facing ?
> > 
> > Best regards,
> > Stefano Babic
> > 
> > >
> > > def swupdate_add_src_uri(d, list_for_cpio):
> > >
> > 
> > 
> > -- 
> > =====================================================================
> > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> > Phone: +49-8142-66989-53 <+49%208142%206698953> 
> <tel:+49%208142%206698953> Fax:
> > +49-8142-66989-80 <+49%208142%206698980> <tel:+49%208142%206698980> 
> Email: sba...@denx.de
> > =====================================================================
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "swupdate" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to swupdate+u...@googlegroups.com 
> > <mailto:swupdate+u...@googlegroups.com>.
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com 
> > <
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com?utm_medium=email&utm_source=footer
> >.
>
>
> -- 
> =====================================================================
> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: +49-8142-66989-53 <+49%208142%206698953> Fax: +49-8142-66989-80 
> <+49%208142%206698980> Email: sba...@denx.de
> =====================================================================
>
Stefano Babic Nov. 23, 2021, 11:33 a.m. UTC | #5 
Hi Jyothi,

On 23.11.21 12:10, Jyothi K wrote:
> Hi Stefano,
> 
> I modified the swupdate-common.bbclass like this as you suggested
> 
> ==============================================================================
> diff --git a/classes/swupdate-common.bbclass 
> b/classes/swupdate-common.bbclass
> index bbb68b3..7d06c96 100644
> --- a/classes/swupdate-common.bbclass
> +++ b/classes/swupdate-common.bbclass
> @@ -260,7 +260,11 @@ def prepare_sw_description(d):
>           sw_desc =  os.path.join(s, 'sw-description.plain' if encrypt 
> else 'sw-description')
>           if signing == "CUSTOM":
> -            signcmd = d.getVar('SWUPDATE_SIGN_TOOL', True)
> +            signcmd = []
> +            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
> +            signtool = sign_tool.split()
> +            for i in range(len(signtool)):
> +                signcmd.append(signtool[i])
>               if not signcmd:
>                   bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
>           elif signing == "RSA":
> =============================================================================
> If this is fine. Let me know I shall create a patch
> 

Please do it - Please add an own subject and check if the patch can 
directly applied with git-am.

I have not checked your last patch for this, and subject still contains 
PATCH indication, see:

commit ca3cd752747694e884280020d0c3f39c2079395e
Author: Jyothi <jyothik41rao@gmail.com>
Date:   Mon Nov 22 16:01:21 2021 +0530

     meta-swupdate][PATCH v2 4/4] Fix build issue w.r.t sign_tool


Best regards,
Stefano Babic


> Thanks,
> Jyothi
> 
> On Tuesday, November 23, 2021 at 2:56:40 PM UTC+5:30 Stefano Babic wrote:
> 
>     Hi Jyothi,
> 
>     On 23.11.21 10:10, Jyothi K wrote:
>      > Hi Stefano,
>      >
>      > Am using our custom PKI script to sign the file. Am passing
>      >
>      > SWUPDATE_SIGN_TOOL = "${BSPDIR}/path_to_the_script ${S}/sw-file"
>      >
>      > Since we have subprocess command now instead of os.system. I have
>     to do
>      > lot of changes in script to make it compatible for subprocess
>     command
>      >
> 
>     mmhhh...this seems the wrong way to do this. You should let the script
>     as it is, and the class should provide the same API but using the
>     subprocess.
> 
>     You can split the variable SWUPDATE_SIGN_TOOL in token, and then you
>     have the same setup as with openssl. You can then assembly the signcmd
>     as array as done for openssl by iterating all words found in
>     SWUPDATE_SIGN_TOOL.
> 
>     In this way, it will work with subprocess independently from the number
>     of parameters, and you can later add a new parameter to your script
>     without changing again the class.
> 
>      > something like ['${BSPDIR}/path_to_the_script', '${S}/sw-file'].
>     This
>      > means I have to use two variables one for the tool
> 
>     No, this does not scale. You have to parse SWUPDATE_SIGN_TOOL and
>     create
>     signcmd.
> 
>      > and one for the file.
>      > Then modify the bbclass file to read both variables and pass to
>      > subprocess command. So I thought using os.system would be better.
>      >
> 
>     Best regards,
>     Stefano Babic
> 
>      > Thanks,
>      > Jyothi
>      >
>      > On Tuesday, November 23, 2021 at 2:30:43 PM UTC+5:30 Stefano
>     Babic wrote:
>      >
>      > Hi Jyothi,
>      >
>      > On 23.11.21 09:20, Jyothi wrote:
>      > > Signed-off-by: Jyothi <jyothi...@gmail.com>
>      > > ---
>      > > classes/swupdate-common.bbclass | 9 ++++++++-
>      > > 1 file changed, 8 insertions(+), 1 deletion(-)
>      > >
>      > > diff --git a/classes/swupdate-common.bbclass
>      > b/classes/swupdate-common.bbclass
>      > > index bbb68b3..2e2cc34 100644
>      > > --- a/classes/swupdate-common.bbclass
>      > > +++ b/classes/swupdate-common.bbclass
>      > > @@ -284,7 +284,14 @@ def prepare_sw_description(d):
>      > > signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out",
>      > sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] +
>      > get_pwd_file_args() + ["-outform", "DER", "-nosmimecap", "-binary"]
>      > > else:
>      > > bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
>      > > - subprocess.run(signcmd, check=True)
>      > > +
>      > > + if(signing == "CUSTOM"):
>      > > + ret=os.system(signcmd)
>      > > + if ret != 0:
>      > > + bb.fatal("Failed to sign with %s" % (signcmd))
>      > > + else:
>      > > + subprocess.run(signcmd, check=True)
>      > > +
>      > >
>      >
>      > It is completely missed why this step back is required. Which are
>     the
>      > issues, which CUSTOM tool are you using that cause the issue you are
>      > facing ?
>      >
>      > Best regards,
>      > Stefano Babic
>      >
>      > >
>      > > def swupdate_add_src_uri(d, list_for_cpio):
>      > >
>      >
>      >
>      > --
>      >
>     =====================================================================
>      > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
>      > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell,
>     Germany
>      > Phone: +49-8142-66989-53 <tel:+49%208142%206698953>
>     <tel:+49%208142%206698953> Fax:
>      > +49-8142-66989-80 <tel:+49%208142%206698980>
>     <tel:+49%208142%206698980> Email: sba...@denx.de
>      >
>     =====================================================================
>      >
>      > --
>      > You received this message because you are subscribed to the Google
>      > Groups "swupdate" group.
>      > To unsubscribe from this group and stop receiving emails from it,
>     send
>      > an email to swupdate+u...@googlegroups.com
>      > <mailto:swupdate+u...@googlegroups.com>.
>      > To view this discussion on the web visit
>      >
>     https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com
>     <https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com>
> 
>      >
>     <https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com?utm_medium=email&utm_source=footer
>     <https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com?utm_medium=email&utm_source=footer>>.
> 
> 
> 
>     -- 
>     =====================================================================
>     DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
>     HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
>     Phone: +49-8142-66989-53 <tel:+49%208142%206698953> Fax:
>     +49-8142-66989-80 <tel:+49%208142%206698980> Email: sba...@denx.de
>     =====================================================================
> 
> -- 
> You received this message because you are subscribed to the Google 
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to swupdate+unsubscribe@googlegroups.com 
> <mailto:swupdate+unsubscribe@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/swupdate/959110c5-d131-4092-a45a-e2ad58bbe241n%40googlegroups.com 
> <https://groups.google.com/d/msgid/swupdate/959110c5-d131-4092-a45a-e2ad58bbe241n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Jyothi K Nov. 23, 2021, noon UTC | #6 
Hi Stefano,

I just created patch for this

[meta-swupdate,v3,4/4] Improve signcmd for CUSTOM signing in 
swupdate-common class

Thanks,
Jyothi

On Tuesday, November 23, 2021 at 5:03:42 PM UTC+5:30 Stefano Babic wrote:

> Hi Jyothi,
>
> On 23.11.21 12:10, Jyothi K wrote:
> > Hi Stefano,
> > 
> > I modified the swupdate-common.bbclass like this as you suggested
> > 
> > 
> ==============================================================================
> > diff --git a/classes/swupdate-common.bbclass 
> > b/classes/swupdate-common.bbclass
> > index bbb68b3..7d06c96 100644
> > --- a/classes/swupdate-common.bbclass
> > +++ b/classes/swupdate-common.bbclass
> > @@ -260,7 +260,11 @@ def prepare_sw_description(d):
> >          sw_desc =  os.path.join(s, 'sw-description.plain' if encrypt 
> > else 'sw-description')
> >          if signing == "CUSTOM":
> > -            signcmd = d.getVar('SWUPDATE_SIGN_TOOL', True)
> > +            signcmd = []
> > +            sign_tool = d.getVar('SWUPDATE_SIGN_TOOL', True)
> > +            signtool = sign_tool.split()
> > +            for i in range(len(signtool)):
> > +                signcmd.append(signtool[i])
> >              if not signcmd:
> >                  bb.fatal("Custom SWUPDATE_SIGN_TOOL is not given")
> >          elif signing == "RSA":
> > 
> =============================================================================
> > If this is fine. Let me know I shall create a patch
> > 
>
> Please do it - Please add an own subject and check if the patch can 
> directly applied with git-am.
>
> I have not checked your last patch for this, and subject still contains 
> PATCH indication, see:
>
> commit ca3cd752747694e884280020d0c3f39c2079395e
> Author: Jyothi <jyothi...@gmail.com>
> Date: Mon Nov 22 16:01:21 2021 +0530
>
> meta-swupdate][PATCH v2 4/4] Fix build issue w.r.t sign_tool
>
>
> Best regards,
> Stefano Babic
>
>
> > Thanks,
> > Jyothi
> > 
> > On Tuesday, November 23, 2021 at 2:56:40 PM UTC+5:30 Stefano Babic wrote:
> > 
> > Hi Jyothi,
> > 
> > On 23.11.21 10:10, Jyothi K wrote:
> > > Hi Stefano,
> > >
> > > Am using our custom PKI script to sign the file. Am passing
> > >
> > > SWUPDATE_SIGN_TOOL = "${BSPDIR}/path_to_the_script ${S}/sw-file"
> > >
> > > Since we have subprocess command now instead of os.system. I have
> > to do
> > > lot of changes in script to make it compatible for subprocess
> > command
> > >
> > 
> > mmhhh...this seems the wrong way to do this. You should let the script
> > as it is, and the class should provide the same API but using the
> > subprocess.
> > 
> > You can split the variable SWUPDATE_SIGN_TOOL in token, and then you
> > have the same setup as with openssl. You can then assembly the signcmd
> > as array as done for openssl by iterating all words found in
> > SWUPDATE_SIGN_TOOL.
> > 
> > In this way, it will work with subprocess independently from the number
> > of parameters, and you can later add a new parameter to your script
> > without changing again the class.
> > 
> > > something like ['${BSPDIR}/path_to_the_script', '${S}/sw-file'].
> > This
> > > means I have to use two variables one for the tool
> > 
> > No, this does not scale. You have to parse SWUPDATE_SIGN_TOOL and
> > create
> > signcmd.
> > 
> > > and one for the file.
> > > Then modify the bbclass file to read both variables and pass to
> > > subprocess command. So I thought using os.system would be better.
> > >
> > 
> > Best regards,
> > Stefano Babic
> > 
> > > Thanks,
> > > Jyothi
> > >
> > > On Tuesday, November 23, 2021 at 2:30:43 PM UTC+5:30 Stefano
> > Babic wrote:
> > >
> > > Hi Jyothi,
> > >
> > > On 23.11.21 09:20, Jyothi wrote:
> > > > Signed-off-by: Jyothi <jyothi...@gmail.com>
> > > > ---
> > > > classes/swupdate-common.bbclass | 9 ++++++++-
> > > > 1 file changed, 8 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/classes/swupdate-common.bbclass
> > > b/classes/swupdate-common.bbclass
> > > > index bbb68b3..2e2cc34 100644
> > > > --- a/classes/swupdate-common.bbclass
> > > > +++ b/classes/swupdate-common.bbclass
> > > > @@ -284,7 +284,14 @@ def prepare_sw_description(d):
> > > > signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out",
> > > sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] +
> > > get_pwd_file_args() + ["-outform", "DER", "-nosmimecap", "-binary"]
> > > > else:
> > > > bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
> > > > - subprocess.run(signcmd, check=True)
> > > > +
> > > > + if(signing == "CUSTOM"):
> > > > + ret=os.system(signcmd)
> > > > + if ret != 0:
> > > > + bb.fatal("Failed to sign with %s" % (signcmd))
> > > > + else:
> > > > + subprocess.run(signcmd, check=True)
> > > > +
> > > >
> > >
> > > It is completely missed why this step back is required. Which are
> > the
> > > issues, which CUSTOM tool are you using that cause the issue you are
> > > facing ?
> > >
> > > Best regards,
> > > Stefano Babic
> > >
> > > >
> > > > def swupdate_add_src_uri(d, list_for_cpio):
> > > >
> > >
> > >
> > > --
> > >
> > =====================================================================
> > > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> > > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell,
> > Germany
> > > Phone: +49-8142-66989-53 <+49%208142%206698953> 
> <tel:+49%208142%206698953>
> > <tel:+49%208142%206698953> Fax:
> > > +49-8142-66989-80 <+49%208142%206698980> <tel:+49%208142%206698980>
> > <tel:+49%208142%206698980> Email: sba...@denx.de
> > >
> > =====================================================================
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> > > Groups "swupdate" group.
> > > To unsubscribe from this group and stop receiving emails from it,
> > send
> > > an email to swupdate+u...@googlegroups.com
> > > <mailto:swupdate+u...@googlegroups.com>.
> > > To view this discussion on the web visit
> > >
> > 
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com
> > <
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com
> >
> > 
> > >
> > <
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com?utm_medium=email&utm_source=footer
> > <
> https://groups.google.com/d/msgid/swupdate/dda3aeaa-016b-48bc-b65a-9989e1aa1055n%40googlegroups.com?utm_medium=email&utm_source=footer
> >>.
> > 
> > 
> > 
> > -- 
> > =====================================================================
> > DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> > HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> > Phone: +49-8142-66989-53 <+49%208142%206698953> 
> <tel:+49%208142%206698953> Fax:
> > +49-8142-66989-80 <+49%208142%206698980> <tel:+49%208142%206698980> 
> Email: sba...@denx.de
> > =====================================================================
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "swupdate" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to swupdate+u...@googlegroups.com 
> > <mailto:swupdate+u...@googlegroups.com>.
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/swupdate/959110c5-d131-4092-a45a-e2ad58bbe241n%40googlegroups.com 
> > <
> https://groups.google.com/d/msgid/swupdate/959110c5-d131-4092-a45a-e2ad58bbe241n%40googlegroups.com?utm_medium=email&utm_source=footer
> >.
>
>
> -- 
> =====================================================================
> DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: +49-8142-66989-53 <+49%208142%206698953> Fax: +49-8142-66989-80 
> <+49%208142%206698980> Email: sba...@denx.de
> =====================================================================
>
diff mbox series

Patch

diff --git a/classes/swupdate-common.bbclass b/classes/swupdate-common.bbclass
index bbb68b3..2e2cc34 100644
--- a/classes/swupdate-common.bbclass
+++ b/classes/swupdate-common.bbclass
@@ -284,7 +284,14 @@  def prepare_sw_description(d):
             signcmd = ["openssl", "cms", "-sign", "-in", sw_desc, "-out", sw_desc_sig, "-signer", cms_cert, "-inkey", cms_key] + get_pwd_file_args() + ["-outform", "DER", "-nosmimecap", "-binary"]
         else:
             bb.fatal("Unrecognized SWUPDATE_SIGNING mechanism.")
-        subprocess.run(signcmd, check=True)
+
+        if(signing == "CUSTOM"):
+            ret=os.system(signcmd)
+            if ret != 0:
+                bb.fatal("Failed to sign with %s" % (signcmd))
+        else:
+            subprocess.run(signcmd, check=True)
+
 
 
 def swupdate_add_src_uri(d, list_for_cpio):