1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#
# Copyright 2022 Canonical Ltd.
# Authors:
# - dann frazier <dann.frazier@canonical.com>
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 3, as published
# by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranties of MERCHANTABILITY,
# SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, see <http://www.gnu.org/licenses/>.
#
import os
import tempfile
from util import dbg_check_call
from util import delete_tempfile
class SignedBinary:
def __init__(self, binary_path, key_path, cert_path, password=None):
self.signed_bin = tempfile.NamedTemporaryFile(
prefix=os.path.basename(binary_path),
delete=delete_tempfile(),
)
self.path = self.signed_bin.name
openssl_password_args = []
if password:
openssl_password_args = [
"-passin", f"pass:{password}"
]
with tempfile.NamedTemporaryFile(
prefix=__class__.__name__,
delete=delete_tempfile(),
) as keytmp:
dbg_check_call(
[
"openssl", "rsa",
] + openssl_password_args + [
"-in", f"{key_path}",
"-out", f"{keytmp.name}",
]
)
dbg_check_call(
[
"sbsign", "--key", f"{keytmp.name}",
"--cert", f"{cert_path}",
binary_path, "--output", f"{self.signed_bin.name}"
]
)
|
