diff options
| -rwxr-xr-x | linaro-media-create | 18 | ||||
| -rw-r--r-- | linaro_image_tools/FetchImage.py | 11 | ||||
| -rw-r--r-- | linaro_image_tools/tests/test_utils.py | 2 |
3 files changed, 26 insertions, 5 deletions
diff --git a/linaro-media-create b/linaro-media-create index 344d0f2..18a26e3 100755 --- a/linaro-media-create +++ b/linaro-media-create @@ -57,7 +57,6 @@ ROOT_DISK = None # Registered as the first atexit handler as we want this to be the last # handler to execute. -@atexit.register def cleanup_tempdir(): """Remove TEMP_DIR with all its contents. @@ -113,14 +112,25 @@ if __name__ == '__main__': sig_file_list.append(args.binarysig) verified_files, gpg_sig_pass = verify_file_integrity(sig_file_list) + # Check the outputs from verify_file_integrity + # Abort if anything fails. if not gpg_sig_pass: - # Other users of verifiy_file_integrity find just a sha1sum pass - # useful, but here we are only interested in a complete pass or fail. - verified_files = [] + print >> sys.stderr, "GPG signature verification failed. Aborting." + sys.exit(1) + + if not os.path.basename(args.binary) in verified_files: + print >> sys.stderr, "OS Binary verification failed" + sys.exit(1) + + for hwpack in args.hwpacks: + if not os.path.basename(hwpack) in verified_files: + print >> sys.stderr, "Hwpack {0} verification failed".format(hwpack) + sys.exit(1) for verified_file in verified_files: print 'Hash verification of file %s OK.' % verified_file + atexit.register(cleanup_tempdir) media = Media(args.device) if media.is_block_device: if not board_config.supports_writing_to_mmc: diff --git a/linaro_image_tools/FetchImage.py b/linaro_image_tools/FetchImage.py index f480c10..eb0ccc1 100644 --- a/linaro_image_tools/FetchImage.py +++ b/linaro_image_tools/FetchImage.py @@ -122,6 +122,8 @@ class FileHandler(): args.append("--hwpack") args.append(hwpack_file) + print " ".join(args) + logging.info(" ".join(args)) return args @@ -431,6 +433,15 @@ class FileHandler(): 2. Find which sig file really matches the hardware pack we have downloaded. (this function calculates this list) 3. Download all the files listed in the sig file (done by another func) + + We go through this process because sometimes a directory will have + more than one hardware pack that will match the hardware pack name, + for example panda and panda-x11 will both match "panda". These checks + make sure we only try and validate the signatures of the files that + we should be downloading and not try and validatate a signature of a + file that there is no reason for us to download, which would result in + an an invalid warning about installing unsigned packages when running + linaro-media-create. """ downloads_list = [image_url, hwpack_url] diff --git a/linaro_image_tools/tests/test_utils.py b/linaro_image_tools/tests/test_utils.py index 26c8d18..5744b48 100644 --- a/linaro_image_tools/tests/test_utils.py +++ b/linaro_image_tools/tests/test_utils.py @@ -74,7 +74,7 @@ class TestVerifyFileIntegrity(TestCaseWithFixtures): self.MockCmdRunnerPopen())) hash_filename = "dummy-file.txt" signature_filename = hash_filename + ".asc" - verified_files = verify_file_integrity([signature_filename]) + verified_files, _ = verify_file_integrity([signature_filename]) self.assertEqual(self.filenames_in_shafile, verified_files) |