From c22cb56acddf5bc4147f60908d5ebd770a079070 Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Thu, 29 Aug 2024 11:09:34 +0000
Subject: automatic import of openEuler-rpm-config

---
 brp-ebs-sign | 238 -----------------------------------------------------------
 1 file changed, 238 deletions(-)
 delete mode 100755 brp-ebs-sign

(limited to 'brp-ebs-sign')

diff --git a/brp-ebs-sign b/brp-ebs-sign
deleted file mode 100755
index 885d7aa..0000000
--- a/brp-ebs-sign
+++ /dev/null
@@ -1,238 +0,0 @@
-#!/bin/bash
-
-INPUT_TYPE=$1
-INPUT_FILE=$2
-SIGN_FILE=$INPUT_FILE
-PROJECT_CONF="/lkp/scheduled/job.yaml"
-POST_ADDR=""
-POST_FILE_SHA256=""
-POST_KEY_NAME=""
-POST_KEY_TYPE=""
-POST_FILE_TYPE=""
-POST_SIGN_TYPE=""
-POST_JOB_ID=""
-POST_OS_ORIJECT=""
-CONFIG_RETEST_COUNT=5
-SIGN_RESULT=0
-FAILED_SIGN_PERMISSION_DENIED=2
-
-# Tool functions for JSON
-get_json_value(){
-	echo "$1" | \
-	awk -F "[{,:}]" '{for(i=1;i<NF;i++){if($i~"'$2'"){print $(i+1)}}}' | \
-	sed 's/\"//g'
-}
-
-get_post_json() {
-	printf '{'
-	printf '"file_sha256":"%s",' $POST_FILE_SHA256
-	printf '"key_name":"%s",' $POST_KEY_NAME
-	printf '"key_type":"%s",' $POST_KEY_TYPE
-	printf '"file_type":"%s",' $POST_FILE_TYPE
-	printf '"sign_type":"%s",' $POST_SIGN_TYPE
-	printf '"job_id":"%s",' $POST_JOB_ID
-	printf '"os_project":"%s"' $POST_OS_ORIJECT
-	printf '}'
-}
-
-# Prepare sign functions for each sign type
-module_sign_pre() {
-	if [[ "$INPUT_FILE" != *.ko ]]; then
-		echo "The module file must has the .ko extension"
-		return 1
-	fi
-
-	SIGN_FILE="$INPUT_FILE"
-	POST_KEY_NAME="openeuler-kernel-module-ee"
-	POST_KEY_TYPE="x509ee"
-	POST_FILE_TYPE="kernel-module"
-	POST_SIGN_TYPE="cms"
-}
-
-ima_digestlist_sign_pre() {
-	cp -f $INPUT_FILE $INPUT_FILE.ko
-	SIGN_FILE="$INPUT_FILE.ko"
-	POST_KEY_NAME="openeuler-ima-ee"
-	POST_KEY_TYPE="x509ee"
-	POST_FILE_TYPE="kernel-module"
-	POST_SIGN_TYPE="cms"
-}
-
-efi_sign_pre() {
-	SIGN_FILE="$INPUT_FILE"
-	POST_KEY_NAME="default-x509ee"
-	POST_KEY_TYPE="x509ee"
-	POST_FILE_TYPE="efi-image"
-	POST_SIGN_TYPE="authenticode"
-}
-
-kernel_sign_pre() {
-	SIGN_FILE="$INPUT_FILE"
-	POST_KEY_NAME="default-x509ee"
-	POST_KEY_TYPE="x509ee"
-	POST_FILE_TYPE="efi-image"
-	POST_SIGN_TYPE="authenticode"
-}
-
-# Post sign functions for each sign type
-module_sign_post() {
-	:
-}
-
-ima_digestlist_sign_post() {
-	rm -f $INPUT_FILE.ko
-}
-
-efi_sign_post() {
-	:
-}
-
-kernel_sign_post() {
-	:
-}
-
-# Global configuration
-sign_config() {
-	if [ -z "$INPUT_TYPE" ] || [ -z "$INPUT_FILE" ]; then
-		echo "Please input the sign type and file"
-		exit 1
-	fi
-
-	if [ ! -f "$INPUT_FILE" ]; then
-		echo "The input file is invalid"
-		exit 1
-	fi
-
-	POST_FILE_SHA256=$(sha256sum "$INPUT_FILE" | awk '{ print $1 }')
-	if [ $? -ne 0 ]; then
-		echo "Failed to calculate file hash"
-	fi
-
-	PUBLISHER_HOST=$(grep PUBLISHER_HOST $PROJECT_CONF | awk '{print $2}')
-	PUBLISHER_PORT=$(grep PUBLISHER_PORT $PROJECT_CONF | awk '{print $2}')
-	if [ -z "$PUBLISHER_HOST" ] || [ -z "$PUBLISHER_PORT" ]; then
-		echo "Please set PUBLISHER_HOST and PUBLISHER_PORT"
-		exit 1
-	fi
-
-	POST_ADDR="http://${PUBLISHER_HOST}:${PUBLISHER_PORT}/code-sign"
-
-	POST_JOB_ID="$(grep -rwn 'id\:' $PROJECT_CONF | awk '{print $2}')"
-	POST_OS_ORIJECT="$(grep -rwn 'os_project\:' $PROJECT_CONF | awk '{print $2}')"
-	if [ -z "$POST_JOB_ID" ] || [ -z "$POST_OS_ORIJECT" ]; then
-		echo "Failed to get POST_JOB_ID and POST_OS_ORIJECT"
-		exit 1
-	fi
-}
-
-sign_pre() {
-	sign_config
-
-	case $INPUT_TYPE in
-	--efi)
-		efi_sign_pre
-		;;
-	--module)
-		module_sign_pre
-		;;
-	--ima-digestlist)
-		ima_digestlist_sign_pre
-		;;
-	--kernel)
-		kernel_sign_pre
-		;;
-	*)
-		echo "Unsupported sign type: $INPUT_TYPE"
-		exit 1
-		;;
-	esac
-}
-
-sign() {
-	# 1. send the request to the sign service
-	# echo "curl "$POST_ADDR" \
-	# 	   -F "file=@$SIGN_FILE" \
-	# 	   -F "data=$(get_post_json);type=application/json""
-	req="$(curl "$POST_ADDR" \
-		    -F "file=@$SIGN_FILE" \
-		    -F "data=$(get_post_json);type=application/json")"
-	if [ $? -ne 0 ]; then
-		echo "Failed to post the sign service"
-		return 1
-	fi
-
-	req_err_msg=$(get_json_value "$req" "err_msg")
-	if [ -n "$req_err_msg" ]; then
-		echo "Failed, err_msg: [$req_err_msg]"
-		if [ "$req_err_msg" == "SIGN_PERMISSION_DENIED" ]; then
-			return $FAILED_SIGN_PERMISSION_DENIED
-		fi
-		return 1
-	fi
-
-	# 2. write the file content
-	encoded_file_content=$(get_json_value "$req" "encoded_file_content")
-	if [ $? -ne 0 ]; then
-		echo "Failed to get encoded file content"
-		return 1
-	fi
-
-	echo -ne "$encoded_file_content" | base64 -d > $INPUT_FILE.sig
-	if [ $? -ne 0 ]; then
-		echo "Failed to write the signed file"
-		return 1
-	fi
-
-	# for test
-	# cp -f $INPUT_FILE $INPUT_FILE.sig
-	# req="{file_sha256:41c68fca7b3870cc9ef13a828a74af933bd8e4ff345fcfa316}"
-
-	# 3. check the hash
-	sha256_cal=$(sha256sum $INPUT_FILE.sig | awk '{print $1}')
-	sha256_get=$(get_json_value "$req" "file_sha256" | tr '[:upper:]' '[:lower:]')
-	if [ "$sha256_cal" != "$sha256_get" ]; then
-		echo "Failed to verify the hash value"
-		return 1
-	fi
-}
-
-sign_post() {
-	case $INPUT_TYPE in
-	--efi)
-		efi_sign_post
-		;;
-	--module)
-		module_sign_post
-		;;
-	--ima-digestlist)
-		ima_digestlist_sign_post
-		;;
-	--kernel)
-		kernel_sign_post
-		;;
-	esac
-}
-
-# Main function
-sign_pre
-
-for ((i=1; i<=$CONFIG_RETEST_COUNT; i++)); do
-	sign
-	ret_sign=$?
-	if [ $ret_sign -eq 0 ]; then
-		echo "Succeed to sign file"
-		break;
-	elif [ $ret_sign -eq $FAILED_SIGN_PERMISSION_DENIED ]; then
-		echo "Failed to sign file, permission denied"
-		SIGN_RESULT=$FAILED_SIGN_PERMISSION_DENIED
-		break;
-	elif [ $i -ne $CONFIG_RETEST_COUNT ]; then
-		echo "Failed to sign file, try again"
-	elif [ $i -eq $CONFIG_RETEST_COUNT ]; then
-		echo "Failed to sign file"
-		SIGN_RESULT=1
-	fi
-done
-
-sign_post
-exit $SIGN_RESULT
-- 
cgit v1.2.3