launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #27232
[Merge] ~ilasc/launchpad:sign-android-kernel into launchpad:master
Ioana Lasc has proposed merging ~ilasc/launchpad:sign-android-kernel into launchpad:master.
Commit message:
Sign Android kernel boot images
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~ilasc/launchpad/+git/launchpad/+merge/404759
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~ilasc/launchpad:sign-android-kernel into launchpad:master.
diff --git a/lib/lp/archivepublisher/signing.py b/lib/lp/archivepublisher/signing.py
index 588a66f..9c05737 100644
--- a/lib/lp/archivepublisher/signing.py
+++ b/lib/lp/archivepublisher/signing.py
@@ -299,6 +299,8 @@ class SigningUpload(CustomUpload):
key_type = SigningKeyType.FIT
elif filename.endswith(".cv2-kernel"):
key_type = SigningKeyType.CV2_KERNEL
+ elif filename.endswith(".android-kernel"):
+ key_type = SigningKeyType.ANDROID_KERNEL
else:
continue
@@ -398,7 +400,8 @@ class SigningUpload(CustomUpload):
raise SigningServiceError(
"Could not sign message with key %s: %s" % (signing_key, e))
- if key_type in (SigningKeyType.UEFI, SigningKeyType.FIT):
+ if key_type in (SigningKeyType.UEFI, SigningKeyType.FIT,
+ SigningKeyType.ANDROID_KERNEL):
file_suffix = ".signed"
public_key_suffix = ".crt"
else:
diff --git a/lib/lp/archivepublisher/tests/test_copy_signingkeys.py b/lib/lp/archivepublisher/tests/test_copy_signingkeys.py
index f993c19..d4d943f 100644
--- a/lib/lp/archivepublisher/tests/test_copy_signingkeys.py
+++ b/lib/lp/archivepublisher/tests/test_copy_signingkeys.py
@@ -141,6 +141,8 @@ class TestCopySigningKeysScript(TestCaseWithFactory):
archives[0].reference,
"INFO No CV2 Kernel signing key for %s / None" %
archives[0].reference,
+ "INFO No Android Kernel signing key for %s / None" %
+ archives[0].reference,
]
self.assertEqual(
expected_log, script.logger.content.as_text().splitlines())
@@ -249,6 +251,8 @@ class TestCopySigningKeysScript(TestCaseWithFactory):
archives[0].reference, distro_serieses[0].name),
"INFO No CV2 Kernel signing key for %s / %s" % (
archives[0].reference, distro_serieses[0].name),
+ "INFO No Android Kernel signing key for %s / %s" % (
+ archives[0].reference, distro_serieses[0].name),
]
self.assertEqual(
expected_log, script.logger.content.as_text().splitlines())
diff --git a/lib/lp/archivepublisher/tests/test_signing.py b/lib/lp/archivepublisher/tests/test_signing.py
index 18a5bec..1f97913 100644
--- a/lib/lp/archivepublisher/tests/test_signing.py
+++ b/lib/lp/archivepublisher/tests/test_signing.py
@@ -1632,7 +1632,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.tarfile.add_file("1.0/empty.sipl", b"d")
self.tarfile.add_file("1.0/empty.fit", b"e")
self.tarfile.add_file("1.0/empty.cv2-kernel", b"f")
-
+ self.tarfile.add_file("1.0/empty.android-kernel", b"g")
self.process_emulate()
self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([
@@ -1655,6 +1655,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
'1.0/control/fit.crt',
'1.0/empty.cv2-kernel', '1.0/empty.cv2-kernel.sig',
'1.0/control/cv2-kernel.pub',
+ '1.0/empty.android-kernel', '1.0/empty.android-kernel.signed',
+ '1.0/control/android-kernel.crt',
], tarball.getnames())
self.assertEqual(0, self.signing_service_client.generate.call_count)
keys = self.signing_keys
@@ -1677,7 +1679,11 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
call(
SigningKeyType.CV2_KERNEL,
keys[SigningKeyType.CV2_KERNEL].fingerprint,
- 'empty.cv2-kernel', b'f', SigningMode.DETACHED)],
+ 'empty.cv2-kernel', b'f', SigningMode.DETACHED),
+ call(
+ SigningKeyType.ANDROID_KERNEL,
+ keys[SigningKeyType.ANDROID_KERNEL].fingerprint,
+ 'empty.android-kernel', b'g', SigningMode.DETACHED)],
self.signing_service_client.sign.call_args_list)
def test_options_signed_only(self):
@@ -1692,6 +1698,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.tarfile.add_file("1.0/empty.sipl", b"d")
self.tarfile.add_file("1.0/empty.fit", b"e")
self.tarfile.add_file("1.0/empty.cv2-kernel", b"f")
+ self.tarfile.add_file("1.0/empty.android-kernel", b"g")
self.process_emulate()
@@ -1703,6 +1710,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
"1.0/empty.sipl.sig", "1.0/control/sipl.x509",
"1.0/empty.fit.signed", "1.0/control/fit.crt",
"1.0/empty.cv2-kernel.sig", "1.0/control/cv2-kernel.pub",
+ "1.0/empty.android-kernel.signed", "1.0/control/android-kernel.crt",
]))
self.assertEqual(0, self.signing_service_client.generate.call_count)
keys = self.signing_keys
@@ -1725,7 +1733,11 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
call(
SigningKeyType.CV2_KERNEL,
keys[SigningKeyType.CV2_KERNEL].fingerprint,
- 'empty.cv2-kernel', b'f', SigningMode.DETACHED)],
+ 'empty.cv2-kernel', b'f', SigningMode.DETACHED),
+ call(
+ SigningKeyType.ANDROID_KERNEL,
+ keys[SigningKeyType.ANDROID_KERNEL].fingerprint,
+ 'empty.android-kernel', b'g', SigningMode.DETACHED)],
self.signing_service_client.sign.call_args_list)
def test_options_tarball_signed_only(self):
@@ -1741,6 +1753,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.tarfile.add_file("1.0/empty.sipl", b"d")
self.tarfile.add_file("1.0/empty.fit", b"e")
self.tarfile.add_file("1.0/empty.cv2-kernel", b"f")
+ self.tarfile.add_file("1.0/empty.android-kernel", b"g")
self.process_emulate()
self.assertThat(self.getSignedPath("test", "amd64"), SignedMatches([
"1.0/SHA256SUMS",
@@ -1757,6 +1770,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
'1.0/empty.sipl.sig', '1.0/control/sipl.x509',
'1.0/empty.fit.signed', '1.0/control/fit.crt',
'1.0/empty.cv2-kernel.sig', '1.0/control/cv2-kernel.pub',
+ '1.0/empty.android-kernel.signed', '1.0/control/android-kernel.crt',
], tarball.getnames())
self.assertEqual(0, self.signing_service_client.generate.call_count)
keys = self.signing_keys
@@ -1779,7 +1793,11 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
call(
SigningKeyType.CV2_KERNEL,
keys[SigningKeyType.CV2_KERNEL].fingerprint,
- 'empty.cv2-kernel', b'f', SigningMode.DETACHED)],
+ 'empty.cv2-kernel', b'f', SigningMode.DETACHED),
+ call(
+ SigningKeyType.ANDROID_KERNEL,
+ keys[SigningKeyType.ANDROID_KERNEL].fingerprint,
+ 'empty.android-kernel', b'g', SigningMode.DETACHED)],
self.signing_service_client.sign.call_args_list)
def test_archive_copy(self):
@@ -1799,6 +1817,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.tarfile.add_file("1.0/empty.sipl", b"d")
self.tarfile.add_file("1.0/empty.fit", b"e")
self.tarfile.add_file("1.0/empty.cv2-kernel", b"f")
+ self.tarfile.add_file("1.0/empty.android-kernel", b"g")
self.tarfile.close()
self.buffer.close()
@@ -1810,7 +1829,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
self.assertThat(signed_path, SignedMatches(
["1.0/SHA256SUMS", "1.0/empty.efi", "1.0/empty.ko",
"1.0/empty.opal", "1.0/empty.sipl", "1.0/empty.fit",
- "1.0/empty.cv2-kernel"]))
+ "1.0/empty.cv2-kernel", "1.0/empty.android-kernel"]))
self.assertEqual(0, self.signing_service_client.generate.call_count)
self.assertEqual(0, self.signing_service_client.sign.call_count)
@@ -1829,7 +1848,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
filenames = [
"1.0/empty.efi", "1.0/empty.ko", "1.0/empty.opal",
- "1.0/empty.sipl", "1.0/empty.fit", "1.0/empty.cv2-kernel"]
+ "1.0/empty.sipl", "1.0/empty.fit", "1.0/empty.cv2-kernel",
+ "1.0/empty.android-kernel"]
# Write data on the archive
self.openArchive("test", "1.0", "amd64")
@@ -1880,7 +1900,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
filenames = [
"1.0/empty.efi", "1.0/empty.ko", "1.0/empty.opal",
- "1.0/empty.sipl", "1.0/empty.fit", "1.0/empty.cv2-kernel"]
+ "1.0/empty.sipl", "1.0/empty.fit", "1.0/empty.cv2-kernel",
+ "1.0/empty.android-kernel"]
self.openArchive("test", "1.0", "amd64")
for filename in filenames:
@@ -1899,20 +1920,22 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
expected_signed_filenames = [
"1.0/empty.efi.signed", "1.0/empty.ko.sig",
"1.0/empty.opal.sig", "1.0/empty.sipl.sig",
- "1.0/empty.fit.signed", "1.0/empty.cv2-kernel.sig"]
+ "1.0/empty.fit.signed", "1.0/empty.cv2-kernel.sig",
+ "1.0/empty.android-kernel.signed"]
expected_public_keys_filenames = [
"1.0/control/uefi.crt", "1.0/control/kmod.x509",
"1.0/control/opal.x509", "1.0/control/sipl.x509",
- "1.0/control/fit.crt", "1.0/control/cv2-kernel.pub"]
+ "1.0/control/fit.crt", "1.0/control/cv2-kernel.pub",
+ "1.0/control/android-kernel.crt"]
signed_path = self.getSignedPath("test", "amd64")
self.assertThat(signed_path, SignedMatches(
["1.0/SHA256SUMS"] + filenames + expected_public_keys_filenames +
expected_signed_filenames))
- self.assertEqual(6, self.signing_service_client.generate.call_count)
- self.assertEqual(6, self.signing_service_client.sign.call_count)
+ self.assertEqual(7, self.signing_service_client.generate.call_count)
+ self.assertEqual(7, self.signing_service_client.sign.call_count)
fingerprints = {
key_type: data['fingerprint'] for key_type, data in
@@ -1937,6 +1960,11 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
SigningKeyType.CV2_KERNEL,
fingerprints[SigningKeyType.CV2_KERNEL],
'empty.cv2-kernel', b'data - 1.0/empty.cv2-kernel',
+ SigningMode.DETACHED),
+ call(
+ SigningKeyType.ANDROID_KERNEL,
+ fingerprints[SigningKeyType.ANDROID_KERNEL],
+ 'empty.android-kernel', b'data - 1.0/empty.android-kernel',
SigningMode.DETACHED)],
self.signing_service_client.sign.call_args_list)
@@ -1945,7 +1973,8 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
signed_path, expected_signed_filenames)
key_types = (
SigningKeyType.UEFI, SigningKeyType.KMOD, SigningKeyType.OPAL,
- SigningKeyType.SIPL, SigningKeyType.FIT, SigningKeyType.CV2_KERNEL)
+ SigningKeyType.SIPL, SigningKeyType.FIT, SigningKeyType.CV2_KERNEL,
+ SigningKeyType.ANDROID_KERNEL)
modes = {
SigningKeyType.UEFI: SigningMode.ATTACHED,
SigningKeyType.KMOD: SigningMode.DETACHED,
@@ -1953,6 +1982,7 @@ class TestSigningUploadWithSigningService(TestSigningHelpers):
SigningKeyType.SIPL: SigningMode.DETACHED,
SigningKeyType.FIT: SigningMode.ATTACHED,
SigningKeyType.CV2_KERNEL: SigningMode.DETACHED,
+ SigningKeyType.ANDROID_KERNEL: SigningMode.DETACHED,
}
expected_signed_contents = [
("signed with key_type=%s mode=%s" % (
diff --git a/lib/lp/services/signing/enums.py b/lib/lp/services/signing/enums.py
index bba843f..dc02135 100644
--- a/lib/lp/services/signing/enums.py
+++ b/lib/lp/services/signing/enums.py
@@ -68,6 +68,12 @@ class SigningKeyType(DBEnumeratedType):
An Ambarella CV2 kernel signing key.
""")
+ ANDROID_KERNEL = DBItem(8, """
+ Android Kernel
+
+ An Android kernel signing key.
+ """)
+
class OpenPGPKeyAlgorithm(EnumeratedType):