mirror of
https://git.proxmox.com/git/pve-edk2-firmware
synced 2025-10-04 13:51:43 +00:00
53 lines
1.7 KiB
Python
53 lines
1.7 KiB
Python
#
|
|
# Copyright 2022 Canonical Ltd.
|
|
# Authors:
|
|
# - dann frazier <dann.frazier@canonical.com>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License version 3, as published
|
|
# by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY; without even the implied warranties of MERCHANTABILITY,
|
|
# SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along with
|
|
# this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
import os
|
|
import subprocess
|
|
import tempfile
|
|
|
|
|
|
class SignedBinary:
|
|
def __init__(self, binary_path, key_path, cert_path, password=None):
|
|
openssl_password_args = []
|
|
if password:
|
|
openssl_password_args = [
|
|
"-passin", f"pass:{password}"
|
|
]
|
|
with tempfile.NamedTemporaryFile() as keytmp:
|
|
subprocess.check_call(
|
|
[
|
|
"openssl", "rsa",
|
|
] + openssl_password_args + [
|
|
"-in", f"{key_path}",
|
|
"-out", f"{keytmp.name}",
|
|
]
|
|
)
|
|
with tempfile.NamedTemporaryFile(delete=False) as f:
|
|
self.path = f.name
|
|
|
|
subprocess.check_call(
|
|
[
|
|
"sbsign", "--key", f"{keytmp.name}",
|
|
"--cert", f"{cert_path}",
|
|
binary_path, "--output", f"{self.path}"
|
|
]
|
|
)
|
|
|
|
def __del__(self):
|
|
os.unlink(self.path)
|