TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 6ff2e3f10cab2a086ebb159bdab6ccc497aa50ab^! / . / scripts / sign.py
commit6ff2e3f10cab2a086ebb159bdab6ccc497aa50ab[log] [tgz]
authorMarkus S. Wamser <markus.wamser@mixed-mode.de>Fri Aug 02 14:48:46 2019 +0200
committerJérôme Forissier <jerome.forissier@linaro.org>Wed Aug 07 15:26:02 2019 +0200
treeb9af19351557bc828ec5a559c8ba0a35a7a28226
parentfcd00ceac7b4b754c40b506fdb0ff204451eb007 [diff] [blame]
build: fix TA signing offline signing script

The script now exits with a return value of 1 instead of 0 if the
key is not usable for signing.
A typo in regenerating the digest during stitching was fixed.
Command dispatching was simplified.

Fixes: 1cdd95a2a46d ("Support offline signing of TAs.")
Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

diff --git a/scripts/sign.py b/scripts/sign.py
index 608d59c..cdbd784 100755
--- a/scripts/sign.py
+++ b/scripts/sign.py

@@ -170,6 +170,7 @@
         if not key.has_private():
             logger.error('Provided key cannot be used for signing, ' +
                          'please use offline-signing mode.')
+            sys.exit(1)
         else:
             signer = PKCS1_v1_5.new(key)
             sig = signer.sign(h)
@@ -185,13 +186,14 @@
             with open(args.sigf, 'r') as sigfile:
                 sig = base64.b64decode(sigfile.read())
         except IOError:
-            if not os.path.exits(args.digf):
+            if not os.path.exists(args.digf):
                 generate_digest()
             logger.error('No signature file found. Please sign\n %s\n' +
                          'offline and place the signature at \n %s\n' +
                          'or pass a different location ' +
                          'using the --sig argument.\n',
                          args.digf, args.sigf)
+            sys.exit(1)
         else:
             verifier = PKCS1_v1_5.new(key)
             if verifier.verify(h, sig):
@@ -199,17 +201,16 @@
                 logger.info('Successfully applied signature.')
             else:
                 logger.error('Verification failed, ignoring given signature.')
+                sys.exit(1)
 
-    command_dict = {
+    # dispatch command
+    {
         'sign': sign_ta,
         'digest': generate_digest,
         'generate-digest': generate_digest,
         'stitch': stitch_ta,
         'stitch-ta': stitch_ta
-    }
-
-    fun = command_dict.get(args.command, 'sign_ta')
-    fun()
+    }.get(args.command, 'sign_ta')()
 
 
 if __name__ == "__main__":