Merge pull request #4 from Sudhishna/master

sig related changes
Juniper · Mar 17, 2020 · 11b6c2f · 11b6c2f
2 parents 5c7e3a4 + 47ae88e
commit 11b6c2f
Show file tree

Hide file tree

Showing 5 changed files with 149 additions and 27 deletions.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -1 +1,3 @@
+include jet/jet-certs.pem
 include jet/manifest.certs
+include jet/manifest.xcerts
diff --git a/jet/crypto.py b/jet/crypto.py
@@ -65,7 +65,7 @@ def generate_sha1(filename):
     return hash.hexdigest()
 
 
-def sign(input, output, key, cert):
+def sign(input, output, key, cert, sha_bits, certs):
     """sign file
 
     :param input: path to input file
@@ -76,12 +76,16 @@ def sign(input, output, key, cert):
     :type key: str
     :param cert: path to public key/cert
     :type cert: str
+    :param sha_bits: sha1 or sha256
+    :type sha_bits: str
+    :param certs: certs or xcerts
+    :type certs: str
     """
     # get subject from certificate
     _subject = subprocess.check_output("openssl x509 -in %s -noout -subject" % cert, shell=True)
     subject = _subject.decode("utf8").split(" ", 1)[1].strip()
     # create signature
-    signature = subprocess.check_output("openssl dgst -sha1 -sign %s %s" % (key, input), shell=True)
+    signature = subprocess.check_output("openssl dgst -%s -sign %s %s" % (sha_bits, key, input), shell=True)
     # create base64 from signature
     signature64 = base64.b64encode(signature).decode("utf8")
     # format signature file
@@ -94,10 +98,10 @@ def sign(input, output, key, cert):
     with open(output, "w+") as f:
         f.write(signature_file)
     # create certificate chain
-    with open("%s/manifest.certs" % os.path.dirname(__file__), "r") as f:
+    with open("%s/jet-certs.pem" % (os.path.dirname(__file__)), "r") as f:
         cert_chain = f.read()
     with open(cert, "r") as f:
         cert_file = f.read()
-    with open("%s/manifest.certs" % os.path.dirname(output), "w+") as f:
+    with open("%s/manifest.%s" % (os.path.dirname(output), certs), "w+") as f:
         f.write(cert_file)
         f.write(cert_chain)
diff --git a/jet/jet-certs.pem b/jet/jet-certs.pem
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAwygAwIBAgIBATAKBggqhkjOPQQDAjCBljELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1bmlwZXIg
+TmV0d29ya3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExFzAVBgNVBAMTDkV4dFBhY2th
+Z2VFY0NBMR0wGwYJKoZIhvcNAQkBFg5jYUBqdW5pcGVyLm5ldDAeFw0xNTEwMTMy
+MjQwNTVaFw0zNzEyMzEwMDAwMDBaMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
+Q0ExEjAQBgNVBAcTCVN1bm55dmFsZTEZMBcGA1UEChMQSnVuaXBlciBOZXR3b3Jr
+czETMBEGA1UECxMKSnVuaXBlciBDQTEVMBMGA1UEAxMMSnVub3NTREtFY0NBMR0w
+GwYJKoZIhvcNAQkBFg5jYUBqdW5pcGVyLm5ldDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABGFJe33YTjWYI1dpIlXKNboJOA7Z8fw1Zg46PnYLes69yZwMS/H9lLoM
+EMHc4e8sXksZfdKd9FLzblT8uBNU2U6jggFJMIIBRTAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQU94i/hKz91sWfooQUCf9cGTKkCtww
+gcQGA1UdIwSBvDCBuYAURbtctDGSzp1a1ZtJk6YmCvIrl/mhgZ2kgZowgZcxCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRkwFwYD
+VQQKExBKdW5pcGVyIE5ldHdvcmtzMRMwEQYDVQQLEwpKdW5pcGVyIENBMRgwFgYD
+VQQDEw9FbmdpbmVlcmluZ0VjQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGp1bmlwZXIu
+bmV0ggEDMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jYS5qdW5pcGVyLm5ldC9j
+cmw/Y2E9RXh0UGFja2FnZUVjQ0EwCgYIKoZIzj0EAwIDSAAwRQIgc7xOtn+oaHiS
+Yfui4wzCVufQwNBU9EJtFIk2TariMFQCIQDa40Rn9g7feZMT+qUztyz3+WQFkZyb
+W9029dygZWoVPg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAzmgAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1bmlwZXIg
+TmV0d29ya3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExGDAWBgNVBAMTD0VuZ2luZWVy
+aW5nRWNDQTEdMBsGCSqGSIb3DQEJARYOY2FAanVuaXBlci5uZXQwHhcNMTUxMDEz
+MjIxOTI3WhcNMzcxMjMxMDAwMDAwWjCBljELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
+AkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1bmlwZXIgTmV0d29y
+a3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExFzAVBgNVBAMTDkV4dFBhY2thZ2VFY0NB
+MR0wGwYJKoZIhvcNAQkBFg5jYUBqdW5pcGVyLm5ldDBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABNjx60mPqC1CifQgwGkVmMp8wK6Z60EsSGpnyYDoqG6RBAPrOh/0
+j6NCDa8oGX3MiW+6rLrMRE0tcfPNf9NdiSijggFzMIIBbzAMBgNVHRMEBTADAQH/
+MB0GA1UdDgQWBBRFu1y0MZLOnVrVm0mTpiYK8iuX+TCBxAYDVR0jBIG8MIG5gBQ3
+nU9lgOwyZc+IYDHHuTKnkFGiEKGBnaSBmjCBlzELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1bmlwZXIgTmV0
+d29ya3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExGDAWBgNVBAMTD0p1bmlwZXJSb290
+RWNDQTEdMBsGCSqGSIb3DQEJARYOY2FAanVuaXBlci5uZXSCAQEwPAYJYIZIAYb4
+QgEEBC8WLWh0dHA6Ly9jcmwuanVuaXBlci5uZXQvY3JsP2NhPUVuZ2luZWVyaW5n
+RWNDQTA7BglghkgBhvhCAQMELhYsaHR0cDovL2NybC5qdW5pcGVyLm5ldC9jcmw/
+Y2E9RXh0UGFja2FnZUVjQ0EwCgYIKoZIzj0EAwIDSQAwRgIhAIRW3Vyjjyl/GkPo
+/2lU0PcWL4sNkvpMxK0EapcAArkvAiEAgGvn6iZGI2mlcfhh60cUQE2QOe8ncWT0
+NUftT38H5ds=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDnTCCA0OgAwIBAgIBATAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1bmlwZXIg
+TmV0d29ya3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExGDAWBgNVBAMTD0p1bmlwZXJS
+b290RWNDQTEdMBsGCSqGSIb3DQEJARYOY2FAanVuaXBlci5uZXQwHhcNMTMwMzIy
+MjMyOTAwWhcNMzcxMDMxMDAwMDAwWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
+AkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1bmlwZXIgTmV0d29y
+a3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExGDAWBgNVBAMTD0VuZ2luZWVyaW5nRWND
+QTEdMBsGCSqGSIb3DQEJARYOY2FAanVuaXBlci5uZXQwWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAATkN5M3q42zunBSyAjT5F0J6VXmFHtnuZ5kmfpI4FLzbNrCR8vY
+BuV5Wtz7N0FQXQZxvNCq61Yu7iBjCovILjxlo4IBfDCCAXgwDAYDVR0TBAUwAwEB
+/zAdBgNVHQ4EFgQUN51PZYDsMmXPiGAxx7kyp5BRohAwgcwGA1UdIwSBxDCBwYAU
+CZi46Kw4f8kgLttxLKt7027XhtmhgZ2kgZowgZcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRkwFwYDVQQKExBKdW5pcGVyIE5l
+dHdvcmtzMRMwEQYDVQQLEwpKdW5pcGVyIENBMRgwFgYDVQQDEw9KdW5pcGVyUm9v
+dEVjQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGp1bmlwZXIubmV0ggkAlEabEJ40lBcw
+PAYJYIZIAYb4QgEEBC8WLWh0dHA6Ly9jcmwuanVuaXBlci5uZXQvY3JsP2NhPUp1
+bmlwZXJSb290RWNDQTA8BglghkgBhvhCAQMELxYtaHR0cDovL2NybC5qdW5pcGVy
+Lm5ldC9jcmw/Y2E9RW5naW5lZXJpbmdFY0NBMAoGCCqGSM49BAMCA0gAMEUCIEeV
+p0bxmvKPDcm/PvqdEWr6g7RUN7j4BJrfnoehZJe+AiEAnxrytpqoQhlMCdOEDp40
+8dxAwkNCmbewgKzKhGgRVqQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAw2gAwIBAgIJAJRGmxCeNJQXMAoGCCqGSM49BAMCMIGXMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTEZMBcGA1UEChMQ
+SnVuaXBlciBOZXR3b3JrczETMBEGA1UECxMKSnVuaXBlciBDQTEYMBYGA1UEAxMP
+SnVuaXBlclJvb3RFY0NBMR0wGwYJKoZIhvcNAQkBFg5jYUBqdW5pcGVyLm5ldDAe
+Fw0xMzAzMjIyMzI4MzVaFw00NjExMTAyMzI4MzVaMIGXMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTEZMBcGA1UEChMQSnVuaXBl
+ciBOZXR3b3JrczETMBEGA1UECxMKSnVuaXBlciBDQTEYMBYGA1UEAxMPSnVuaXBl
+clJvb3RFY0NBMR0wGwYJKoZIhvcNAQkBFg5jYUBqdW5pcGVyLm5ldDBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABLLO2jUCDvFohvzVzCghOTz9qj7FmYD/9Tg6DmtI
+NJP9lXV1Kb1yIdPFIQKZPxKTDbsnGA/tl/qj6X/+iANVzimjggE+MIIBOjA8Bglg
+hkgBhvhCAQMELxYtaHR0cDovL2NybC5qdW5pcGVyLm5ldC9jcmw/Y2E9SnVuaXBl
+clJvb3RFY0NBMB0GA1UdDgQWBBQJmLjorDh/ySAu23Esq3vTbteG2TCBzAYDVR0j
+BIHEMIHBgBQJmLjorDh/ySAu23Esq3vTbteG2aGBnaSBmjCBlzELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxGTAXBgNVBAoTEEp1
+bmlwZXIgTmV0d29ya3MxEzARBgNVBAsTCkp1bmlwZXIgQ0ExGDAWBgNVBAMTD0p1
+bmlwZXJSb290RWNDQTEdMBsGCSqGSIb3DQEJARYOY2FAanVuaXBlci5uZXSCCQCU
+RpsQnjSUFzAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQC9k4rzVeuT
+Bv41Q/BCz7FgE+wVVp/HJ938AzWCPaXvFgIhAOYjrc9IE/SEJojsBUbVCFFgK+U8
+YXW/l1Pxnq1povf5
+-----END CERTIFICATE-----
diff --git a/jet/main.py b/jet/main.py
@@ -76,12 +76,22 @@ def main():
     os.makedirs(contents)
     contents_pkg = '%s/pkg' % contents
     os.makedirs(contents_pkg)
+    if project["sig"] is not None and project["sig"] == "xsig":
+        sig = project["sig"]
+        certs = "xcerts"
+        sha_bits = "sha256"
+    else:
+        sig = "sig"
+        certs = "certs"
+        sha_bits = "sha1"
+
     content_manifest = """pkg/manifest uid=0 gid=0 mode=444
-pkg/manifest.sha1 uid=0 gid=0 mode=444
-pkg/manifest.sig uid=0 gid=0 mode=444
-pkg/manifest.certs uid=0 gid=0 mode=444
-/set package_id=%s role=%s
-""" % (project["package_id"], project["role"])
+pkg/manifest.%s uid=0 gid=0 mode=444
+pkg/manifest.%s uid=0 gid=0 mode=444
+pkg/manifest.%s uid=0 gid=0 mode=444
+""" % (sha_bits, sig, certs)
+    if project["sig"] is None:
+        content_manifest +=  "/set package_id=%s role=%s\n"  % (project["package_id"], project["role"])
     contents_symlink =""
     mount_dir = "/packages/mnt/%s" % project["basename"]
     for f in project["files"]:
@@ -96,10 +106,19 @@ def main():
         # copy file
         shutil.copy(os.path.join(args.source, f['source']), destination)
         # add file to manifest
-        sha1 = crypto.generate_sha1(destination)
-        content_manifest += "%s sha1=%s uid=%s gid=%s mode=%s\n" % \
-            (f["destination"][1:] if f["destination"][0] == "/" else f["destination"],
-             sha1, f["uid"], f["gid"], f["mode"])
+        if project["sig"] is not None and project["sig"] == "xsig":
+            sha = crypto.generate_sha256(destination)
+        else:
+            sha = crypto.generate_sha1(destination)
+        if project["scripts"] is not None and sha_bits == "sha1":
+            content_manifest += "%s %s=%s uid=%s gid=%s mode=%s program_id=%s\n" % \
+                (f["destination"][1:] if f["destination"][0] == "/" else f["destination"],
+                sha_bits, sha, f["uid"], f["gid"], f["mode"], f["program_id"])
+        else:
+            content_manifest += "%s %s=%s uid=%s gid=%s mode=%s\n" % \
+                (f["destination"][1:] if f["destination"][0] == "/" else f["destination"],
+                sha_bits, sha, f["uid"], f["gid"], f["mode"])
+
         if f["symlink"]:
             contents_symlink += "%s%s %s\n" % (mount_dir, f["destination"], f["destination"])
     if project["scripts"] is not None:
@@ -113,17 +132,20 @@ def main():
     with open(content_manifest_file, "w") as f:
         f.write(content_manifest)
 
-    content_manifest_sha_file = '%s/manifest.sha1' % contents_pkg
+    content_manifest_sha_file = '%s/manifest.%s' % (contents_pkg, sha_bits)
     with open(content_manifest_sha_file, "w") as f:
-        f.write("%s\n" % crypto.generate_sha1(content_manifest_file))
+        if project["sig"] is not None and project["sig"] == "xsig":
+            f.write("%s\n" % crypto.generate_sha256(content_manifest_file))
+        else:
+            f.write("%s\n" % crypto.generate_sha1(content_manifest_file))
 
     contents_symlink_file = '%s.symlinks' % contents
     log.info("create symlink file %s", contents_symlink_file)
     with open(contents_symlink_file, "w") as f:
         f.write(contents_symlink)
 
     log.info("sign manifest file %s" % content_manifest_file)
-    crypto.sign(content_manifest_file, "%s.sig" % content_manifest_file, args.key, args.cert)
+    crypto.sign(content_manifest_file, "%s.%s" % (content_manifest_file, sig), args.key, args.cert, sha_bits, certs)
 
     for f in os.listdir(contents_pkg):
         os.chmod(os.path.join(contents_pkg, f), 0o444)
@@ -135,24 +157,29 @@ def main():
     log.info("create package.xml")
     utils.create_package_xml(project, version, package, args.build)
 
-    package_manifest = "/set package_id=31 role=Provider_Daemon\n"
+    if project["sig"] is not None and project["sig"] == "xsig":
+        package_manifest = ""
+    else:
+        package_manifest = "/set package_id=31 role=Provider_Daemon\n"
     package_manifest_files = ["contents/contents.iso", "contents/contents.symlinks", "package.xml"]
     if project["scripts"] is not None:
-	package_manifest_files.append("scripts/%s" % project["scripts"])
+	    package_manifest_files.append("scripts/%s" % project["scripts"])
 
     for f in package_manifest_files:
-	if f == 'scripts/%s' % project['scripts']:
-            package_manifest += "%s sha1=%s program_id=1\n" % (f, crypto.generate_sha1(os.path.join(args.build, f)))
-	else:
-            package_manifest += "%s sha1=%s\n" % (f, crypto.generate_sha1(os.path.join(args.build, f)))
+        if f == 'scripts/%s' % project['scripts'] and sha_bits == "sha1":
+            package_manifest += "%s %s=%s program_id=1\n" % (f, sha_bits, crypto.generate_sha1(os.path.join(args.build, f)))
+        elif sha_bits == "sha256":
+            package_manifest += "%s %s=%s\n" % (f, sha_bits, crypto.generate_sha256(os.path.join(args.build, f)))
+        else:
+            package_manifest += "%s %s=%s\n" % (f, sha_bits, crypto.generate_sha1(os.path.join(args.build, f)))
 
     package_manifest_file = os.path.join(args.build, "manifest")
     log.info("create manifest file %s", package_manifest_file)
     with open(package_manifest_file, "w") as f:
         f.write(package_manifest)
 
     log.info("sign manifest file %s" % package_manifest_file)
-    crypto.sign(package_manifest_file, "%s.sig" % package_manifest_file, args.key, args.cert)
+    crypto.sign(package_manifest_file, "%s.%s" % (package_manifest_file, sig), args.key, args.cert, sha_bits, certs)
 
     log.info("create %s.tgz" % package)
     utils.create_tgz(package, args.build)

diff --git a/jet/utils.py b/jet/utils.py
@@ -102,7 +102,7 @@ def load_project(project_file, version):
     :rtype: dict
     """
     with open(project_file , 'r') as f:
-        project_yaml = yaml.load(f)
+        project_yaml = yaml.load(f, Loader=yaml.FullLoader)
 
     def required(d, k):
         if k in d:
@@ -115,6 +115,7 @@ def required(d, k):
         "basename": required(project_yaml, "basename"),
         "scripts": project_yaml.get("scripts", None),
         "actions": project_yaml.get("actions", None),
+        "sig": project_yaml.get("sig", None),
         "files": [],
         "comment": project_yaml.get("comment", "JET app %s" % project_yaml["basename"]),
         "arch": required(project_yaml, "arch"),
@@ -197,9 +198,11 @@ def package_xml_file(filename):
     etree.SubElement(package_xml, "spin").text = project["time"]
 
     if project['actions'] is not None:
-	act_list = re.split("[, ]", project['actions'])
-	for act in act_list:
-	    etree.SubElement(package_xml, "%s-action"%act).text = "scripts/%s" % project["scripts"]
+        act_list = re.split("[, ]", project['actions'])
+        for act in act_list:
+            print("%s-action"%act)
+            print("scripts/%s" % project["scripts"])
+            etree.SubElement(package_xml, "%s-action"%act).text = "scripts/%s" % project["scripts"]
 
     etree.SubElement(package_xml, "sb-location").text = "JetEZ"