From 4b193363f5df33de41f89b8ed266f41793d89be3 Mon Sep 17 00:00:00 2001
From: Adam Michalski <a.michalski2@partner.samsung.com>
Date: Tue, 18 Jun 2024 15:40:00 +0200
Subject: [PATCH] Support for other signing methods of ISU packages

As per DA requirement, there is a need to support the new option of
ISU package maker for signing the checksum file in the rpk package.
In addition to the existing '--key <private_key>' method, DA wants to
add the new one: '--sign-cmd <signing command>' option for signing the
checksum file. As soon as this option is added to the isu_pkgs_maker
command line arguments, the following command will be invoked:

    $ ./<signing command> checksum.sha256 checkcsum.sha256.sign

If signing succeeds, the checksum.sha256.sign file is eventually stored
in the rpk package.

Additionally, the PUBKEY variable has been defined in the isu-generator.

Change-Id: Ia8a9078a726705a90b89be8bb7eb085c8af23790
---
 src/pkg_maker/isu_pkgs_maker.py     | 18 ++++++++++++++----
 src/pkg_maker/isu_pkgs_maker_py2.py | 17 +++++++++++++----
 src/systemd_generator/isu-generator |  2 +-
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/src/pkg_maker/isu_pkgs_maker.py b/src/pkg_maker/isu_pkgs_maker.py
index 174f139..89a92a5 100755
--- a/src/pkg_maker/isu_pkgs_maker.py
+++ b/src/pkg_maker/isu_pkgs_maker.py
@@ -394,7 +394,7 @@ class FileMapper:
 
 
 class ISUPkgsMakerCtx:
-    def __init__(self, images_dir: Path, use_images: bool, tmp_dir: Path, profile_name: str, out_dir: Path, key: Union[Path, None], file_mapper: FileMapper):
+    def __init__(self, images_dir: Path, use_images: bool, tmp_dir: Path, profile_name: str, out_dir: Path, key: Union[Path, None], file_mapper: FileMapper, sign_cmd: str):
         self.images_dir = images_dir
         self.use_images = use_images
         self.tmp_dir = tmp_dir
@@ -402,6 +402,7 @@ class ISUPkgsMakerCtx:
         self.out_dir = out_dir
         self.key = key
         self.file_mapper = file_mapper
+        self.sign_cmd = sign_cmd
 
 
 class ISUSinglePkgMakerCtx(ISUPkgsMakerCtx):
@@ -660,6 +661,12 @@ class ISUSinglePkgMaker:
                         hash = self._hash_of_file(sha256, f_path)
                         file.write(f"{hash}  {f_path.relative_to(self._ctx.pkg_dir)}\n")
 
+        sign_cmd = self._ctx.sign_cmd
+        logger.info("Signing {} file with external command".format(self.CHECKSUM_FILE))
+        signed_sum_path = str(sum_path) + '.sign'
+        if subprocess.call([sign_cmd, sum_path, signed_sum_path]) != 0:
+            logger.warning("Subprocess call to signing command failed!")
+
     def _zip_pkg(self) -> Path:
         out_name = self._ctx.out_dir / self._ctx.cfg.name
         out_name_zip = out_name.with_suffix('.zip')
@@ -737,8 +744,8 @@ class ISUSinglePkgMaker:
 
 
 class ISUPkgsMaker:
-    def __init__(self, images_dir: Path, use_images: bool, tmp_dir: Path, profile_name: str, out_dir: Path, key: Union[Path, None], file_mapper: FileMapper):
-        self._ctx = ISUPkgsMakerCtx(images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper)
+    def __init__(self, images_dir: Path, use_images: bool, tmp_dir: Path, profile_name: str, out_dir: Path, key: Union[Path, None], file_mapper: FileMapper, sign_cmd: str):
+        self._ctx = ISUPkgsMakerCtx(images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper, sign_cmd)
 
     def __enter__(self):
         return self
@@ -875,6 +882,8 @@ def main() -> int:
                         help="File with image<->path mapping")
     parser.add_argument('--key', '-k', type=str, required=False,
                         help="Signing key")
+    parser.add_argument('--sign-cmd', type=str, required=False,
+                        help="Signing command")
     parser.add_argument('--profile-name', type=str, required=False,
                         default=os.getenv('PROFILE_NAME'),
                         help="Profile name")
@@ -918,7 +927,8 @@ def main() -> int:
                               args.profile_name,
                               Path(os.path.realpath(args.out)),
                               Path(args.key) if args.key else None,
-                              map) as isu_pkgs_maker:
+                              map,
+                              args.sign_cmd) as isu_pkgs_maker:
                 isu_pkgs_maker.run(rpk_info, args.exit_on_any_error)
     except NoISUConfigDirException:
         return os.EX_OK
diff --git a/src/pkg_maker/isu_pkgs_maker_py2.py b/src/pkg_maker/isu_pkgs_maker_py2.py
index 6324576..21bd392 100755
--- a/src/pkg_maker/isu_pkgs_maker_py2.py
+++ b/src/pkg_maker/isu_pkgs_maker_py2.py
@@ -408,7 +408,7 @@ class FileMapper:
 
 
 class ISUPkgsMakerCtx(object):
-    def __init__(self, images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper):
+    def __init__(self, images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper, sign_cmd):
         self.images_dir = images_dir
         self.use_images = use_images
         self.tmp_dir = tmp_dir
@@ -416,6 +416,7 @@ class ISUPkgsMakerCtx(object):
         self.out_dir = out_dir
         self.key = key
         self.file_mapper = file_mapper
+        self.sign_cmd = sign_cmd
 
 
 class ISUSinglePkgMakerCtx(ISUPkgsMakerCtx):
@@ -682,6 +683,11 @@ class ISUSinglePkgMaker:
                         hash = self._hash_of_file(sha256, f_path)
                         line = u"{}  {}\n".format(hash ,os.path.relpath(f_path, start=str(self._ctx.pkg_dir)))
                         file.write(line)
+        sign_cmd = self._ctx.sign_cmd
+        logger.info("Signing {} file with external command".format(self.CHECKSUM_FILE))
+        signed_sum_path = sum_path + '.sign'
+        if subprocess.call([sign_cmd, sum_path, signed_sum_path]) != 0:
+            logger.warning("Subprocess call to signing command failed!")
 
     def _zip_pkg(self):
         out_name = os.path.join(self._ctx.out_dir, self._ctx.cfg.name)
@@ -758,8 +764,8 @@ class ISUSinglePkgMaker:
 
 
 class ISUPkgsMaker:
-    def __init__(self, images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper):
-        self._ctx = ISUPkgsMakerCtx(images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper)
+    def __init__(self, images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper, sign_cmd):
+        self._ctx = ISUPkgsMakerCtx(images_dir, use_images, tmp_dir, profile_name, out_dir, key, file_mapper, sign_cmd)
 
     def __enter__(self):
         return self
@@ -896,6 +902,8 @@ def main():
                         help="File with image<->path mapping")
     parser.add_argument('--key', '-k', type=str, required=False,
                         help="Signing key")
+    parser.add_argument('--sign-cmd', type=str, required=False,
+                        help="Signing command")
     parser.add_argument('--profile-name', type=str, required=False,
                         default=os.getenv('PROFILE_NAME'),
                         help="Profile name")
@@ -939,7 +947,8 @@ def main():
                           args.profile_name,
                           os.path.realpath(args.out),
                           args.key,
-                          map) as isu_pkgs_maker:
+                          map,
+                          args.sign_cmd) as isu_pkgs_maker:
             isu_pkgs_maker.run(rpk_info, args.exit_on_any_error)
     except NoISUConfigDirException:
         return os.EX_OK
diff --git a/src/systemd_generator/isu-generator b/src/systemd_generator/isu-generator
index e5648e3..8d69fc2 100755
--- a/src/systemd_generator/isu-generator
+++ b/src/systemd_generator/isu-generator
@@ -8,7 +8,7 @@ RUNDIR="/run/isu"
 ISUCFG="isu.cfg"
 
 # Public key will be checked only if below variable is set
-#PUBKEY="/path/to/publickey.pem"
+PUBKEY="/etc/isu_public_key.pem"
 
 MY_NAME=$(basename "$0")
 
-- 
2.7.4