Linaro Image Tools

Merge lp:~mabac/linaro-image-tools/bug-638384-hwpackforceyes-unneeded into lp:linaro-image-tools/11.11

  1. bug-638384-hwpackforceyes-unneeded
  2. Merge into trunk
Proposed by Mattias Backman
Status: Merged
Merged at revision: 335
Proposed branch: lp:~mabac/linaro-image-tools/bug-638384-hwpackforceyes-unneeded
Merge into: lp:linaro-image-tools/11.11
Diff against target: 91 lines (+16/-11)
3 files modified
linaro-media-create (+9/-7)
linaro_image_tools/media_create/chroot_utils.py (+5/-2)
linaro_image_tools/media_create/tests/test_media_create.py (+2/-2)
To merge this branch: bzr merge lp:~mabac/linaro-image-tools/bug-638384-hwpackforceyes-unneeded
Reviewer Review Type Date Requested Status
Guilherme Salgado (community) Approve
Review via email: mp+59371@code.launchpad.net

Description of the change

Hi,

This branch makes --hwpack-force-yes implied if signatures for hwpacks are passed and verification is ok.

It will only bypass the package signature checking for those hwpacks which have ok signatures passed.

The behaviour for binary-sig is not changed yet.

Thanks,

Mattias

To post a comment you must log in.
lp:~mabac/linaro-image-tools/bug-638384-hwpackforceyes-unneeded updated
335. By Mattias Backman

Use os.path.basename() instead of split().

Revision history for this message
Guilherme Salgado (salgado) wrote :

The existing code seems to cause the script to abort when the sha1sum check of any hwpack fails, but after this change I think such a failure wouldn't cause the script to abort. Is this intentional?

Revision history for this message
Mattias Backman (mabac) wrote :

On Fri, Apr 29, 2011 at 7:51 PM, Guilherme Salgado
<email address hidden> wrote:
> The existing code seems to cause the script to abort when the sha1sum check of any hwpack fails, but after this change I think such a failure wouldn't cause the script to abort.  Is this intentional?

I think that cmd_runner makes the script abort when the return code of
sha1sums is > 0. So I think that I can remove the check from the call
to gpg also since it aborts anyway. I couldn't decide whether to do
that or leave it in to make it clear that the intention is to abort
when the verification fails. But then I should do something similar
for sha1sums to be consistent, I guess.

Revision history for this message
Guilherme Salgado (salgado) wrote :

You're right, Mattias. I'd forgotten about that. I think we should do the same for the gpg check indeed, as that code will never be executed because cmd_runner.run() will raise an exception in wait() when the return code of the subprocess is non-zero, which means the print and sys.exit() calls can never be executed.

review: Approve
lp:~mabac/linaro-image-tools/bug-638384-hwpackforceyes-unneeded updated
336. By Mattias Backman

Remove message and exit that can never be reached.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'linaro-media-create'
2--- linaro-media-create 2011-04-29 10:53:52 +0000
3+++ linaro-media-create 2011-05-02 07:51:29 +0000
4@@ -22,6 +22,7 @@
5 import os
6 import sys
7 import tempfile
8+import subprocess
9
10 from linaro_image_tools import cmd_runner
11
12@@ -104,16 +105,17 @@
13 ensure_required_commands(args)
14
15 sig_file_list = args.hwpacksigs[:]
16+ verified_files = []
17 if args.binarysig is not None:
18 sig_file_list.append(args.binarysig)
19 for sig_file in sig_file_list:
20 hash_file = sig_file[0:-len('.asc')]
21- if cmd_runner.run(['gpg', '--verify', sig_file]).wait() != 0:
22- print "Could not verify hash file signature %s." % sig_file
23- sys.exit(1)
24- if cmd_runner.run(['sha1sum', '-c', hash_file]).wait() != 0:
25- print "Could not verify hash in file %s." % hash_file
26- sys.exit(1)
27+ cmd_runner.run(['gpg', '--verify', sig_file]).wait() != 0:
28+ sha1sums_out, _ = cmd_runner.run(['sha1sum', '-c', hash_file],
29+ stdout=subprocess.PIPE).communicate()
30+ verified_files.extend(sha1sums_out.replace(': OK', '').splitlines())
31+ for verified_file in verified_files:
32+ print 'Hash verification of file %s OK.' % verified_file
33
34 media = Media(args.device)
35 if media.is_block_device:
36@@ -134,7 +136,7 @@
37 if lmc_dir == '':
38 lmc_dir = None
39 install_hwpacks(
40- ROOTFS_DIR, TMP_DIR, lmc_dir, args.hwpack_force_yes, *hwpacks)
41+ ROOTFS_DIR, TMP_DIR, lmc_dir, args.hwpack_force_yes, verified_files, *hwpacks)
42
43 if args.rootfs == 'btrfs':
44 install_packages(ROOTFS_DIR, TMP_DIR, "btrfs-tools")
45
46=== modified file 'linaro_image_tools/media_create/chroot_utils.py'
47--- linaro_image_tools/media_create/chroot_utils.py 2011-04-04 21:20:09 +0000
48+++ linaro_image_tools/media_create/chroot_utils.py 2011-05-02 07:51:29 +0000
49@@ -43,7 +43,7 @@
50 os.path.join(chroot_dir, 'usr', 'bin'))
51
52 def install_hwpacks(
53- chroot_dir, tmp_dir, tools_dir, hwpack_force_yes, *hwpack_files):
54+ chroot_dir, tmp_dir, tools_dir, hwpack_force_yes, verified_files, *hwpack_files):
55 """Install the given hwpacks onto the given chroot."""
56 prepare_chroot(chroot_dir, tmp_dir)
57
58@@ -58,7 +58,10 @@
59 try:
60 mount_chroot_proc(chroot_dir)
61 for hwpack_file in hwpack_files:
62- install_hwpack(chroot_dir, hwpack_file, hwpack_force_yes)
63+ hwpack_verified = False
64+ if os.path.basename(hwpack_file) in verified_files:
65+ hwpack_verified = True
66+ install_hwpack(chroot_dir, hwpack_file, hwpack_force_yes or hwpack_verified)
67 finally:
68 run_local_atexit_funcs()
69
70
71=== modified file 'linaro_image_tools/media_create/tests/test_media_create.py'
72--- linaro_image_tools/media_create/tests/test_media_create.py 2011-04-29 11:03:10 +0000
73+++ linaro_image_tools/media_create/tests/test_media_create.py 2011-05-02 07:51:29 +0000
74@@ -1392,7 +1392,7 @@
75 prefer_dir = preferred_tools_dir()
76
77 install_hwpacks(
78- chroot_dir, tmp_dir, prefer_dir, force_yes, 'hwpack1.tgz',
79+ chroot_dir, tmp_dir, prefer_dir, force_yes, [], 'hwpack1.tgz',
80 'hwpack2.tgz')
81 linaro_hwpack_install = find_command(
82 'linaro-hwpack-install', prefer_dir=prefer_dir)
83@@ -1506,7 +1506,7 @@
84 exception_caught = False
85 try:
86 install_hwpacks(
87- 'chroot', '/tmp/dir', preferred_tools_dir(), force_yes,
88+ 'chroot', '/tmp/dir', preferred_tools_dir(), force_yes, [],
89 'hwp.tgz', 'hwp2.tgz')
90 except:
91 exception_caught = True

Subscribers

People subscribed via source and target branches