releasetools: Clean up additional modules for Python 3 compatibility.
It also addresses a few linter warnings (mostly regarding indentation).
Bug: 131631303
Test: TreeHugger
Test: `python -m unittest test_ota_from_target_files`
Test: `python3 -m unittest test_ota_from_target_files`
Test: `python build/make/tools/releasetools/check_ota_package_signature.py
build/make/target/product/security/testkey.x509.pem
test-keys-signed-ota.zip`
Test: `python3 build/make/tools/releasetools/check_ota_package_signature.py
build/make/target/product/security/testkey.x509.pem
test-keys-signed-ota.zip`
Change-Id: I11a745dfec052081ab0282bb028dc27debf71f57
diff --git a/tools/releasetools/check_ota_package_signature.py b/tools/releasetools/check_ota_package_signature.py
index 7d3424b..0d990f1 100755
--- a/tools/releasetools/check_ota_package_signature.py
+++ b/tools/releasetools/check_ota_package_signature.py
@@ -38,8 +38,7 @@
"""Check if the cert uses SHA-256 hashing algorithm."""
cmd = ['openssl', 'x509', '-text', '-noout', '-in', cert]
- p1 = common.Run(cmd, stdout=subprocess.PIPE)
- cert_dump, _ = p1.communicate()
+ cert_dump = common.RunAndCheckOutput(cmd, stdout=subprocess.PIPE)
algorithm = re.search(r'Signature Algorithm: ([a-zA-Z0-9]+)', cert_dump)
assert algorithm, "Failed to identify the signature algorithm."
@@ -69,13 +68,13 @@
print('Certificate: %s' % (cert,))
# Read in the package.
- with open(package) as package_file:
+ with open(package, 'rb') as package_file:
package_bytes = package_file.read()
length = len(package_bytes)
assert length >= 6, "Not big enough to contain footer."
- footer = [ord(x) for x in package_bytes[-6:]]
+ footer = bytearray(package_bytes[-6:])
assert footer[2] == 0xff and footer[3] == 0xff, "Footer is wrong."
signature_start_from_end = (footer[1] << 8) + footer[0]
@@ -111,31 +110,25 @@
# Parse the signature and get the hash.
cmd = ['openssl', 'asn1parse', '-inform', 'DER', '-in', sig_file]
- p1 = common.Run(cmd, stdout=subprocess.PIPE)
- sig, _ = p1.communicate()
- assert p1.returncode == 0, "Failed to parse the signature."
+ sig = common.RunAndCheckOutput(cmd, stdout=subprocess.PIPE)
- digest_line = sig.strip().split('\n')[-1]
+ digest_line = sig.rstrip().split('\n')[-1]
digest_string = digest_line.split(':')[3]
digest_file = common.MakeTempFile(prefix='digest-')
with open(digest_file, 'wb') as f:
- f.write(digest_string.decode('hex'))
+ f.write(bytearray.fromhex(digest_string))
# Verify the digest by outputing the decrypted result in ASN.1 structure.
decrypted_file = common.MakeTempFile(prefix='decrypted-')
cmd = ['openssl', 'rsautl', '-verify', '-certin', '-inkey', cert,
'-in', digest_file, '-out', decrypted_file]
- p1 = common.Run(cmd, stdout=subprocess.PIPE)
- p1.communicate()
- assert p1.returncode == 0, "Failed to run openssl rsautl -verify."
+ common.RunAndCheckOutput(cmd, stdout=subprocess.PIPE)
# Parse the output ASN.1 structure.
cmd = ['openssl', 'asn1parse', '-inform', 'DER', '-in', decrypted_file]
- p1 = common.Run(cmd, stdout=subprocess.PIPE)
- decrypted_output, _ = p1.communicate()
- assert p1.returncode == 0, "Failed to parse the output."
+ decrypted_output = common.RunAndCheckOutput(cmd, stdout=subprocess.PIPE)
- digest_line = decrypted_output.strip().split('\n')[-1]
+ digest_line = decrypted_output.rstrip().split('\n')[-1]
digest_string = digest_line.split(':')[3].lower()
# Verify that the two digest strings match.
@@ -156,7 +149,7 @@
# Dump pubkey from the certificate.
pubkey = common.MakeTempFile(prefix="key-", suffix=".pem")
- with open(pubkey, 'wb') as pubkey_fp:
+ with open(pubkey, 'w') as pubkey_fp:
pubkey_fp.write(common.ExtractPublicKey(cert))
package_dir = common.MakeTempDir(prefix='package-')
@@ -166,11 +159,7 @@
cmd = ['delta_generator',
'--in_file=' + payload_file,
'--public_key=' + pubkey]
- proc = common.Run(cmd)
- stdoutdata, _ = proc.communicate()
- assert proc.returncode == 0, \
- 'Failed to verify payload with delta_generator: {}\n{}'.format(
- package, stdoutdata)
+ common.RunAndCheckOutput(cmd)
common.ZipClose(package_zip)
# Verified successfully upon reaching here.