recipe_modules/build/resources/sign.py - infra/recipes - Git at Google

 # Copyright 2019 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 import argparse
 import base64
 import os
 import json

 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.serialization import load_pem_private_key

 RELEASE_PKEY_PATH = '/etc/release_keys/release_key.pem'
 RELEASE_PUBKEY_PATH = '/etc/release_keys/release_key_pub.pem'


 def main():
   parser = argparse.ArgumentParser()
   parser.add_argument('--archive-file')
   opts = parser.parse_args()

   # Validate args
   if not opts.archive_file or not os.path.exists(opts.archive_file):
     return

   if (not os.path.exists(RELEASE_PKEY_PATH) or
       not os.path.exists(RELEASE_PUBKEY_PATH)):
     return

   # Open the private key file
   with open(RELEASE_PKEY_PATH, 'rb') as f:
     pkey_data = f.read()
   private_key = load_pem_private_key(pkey_data, None, default_backend())

   # Open and sign the archive.
   with open(opts.archive_file, 'rb') as f:
     archive_data = f.read()

   signature = private_key.sign(archive_data)
   print(base64.b64encode(signature))


 if __name__ == '__main__':
   main()
	# Copyright 2019 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	import argparse
	import base64
	import os
	import json

	from cryptography.hazmat.backends import default_backend
	from cryptography.hazmat.primitives.serialization import load_pem_private_key

	RELEASE_PKEY_PATH = '/etc/release_keys/release_key.pem'
	RELEASE_PUBKEY_PATH = '/etc/release_keys/release_key_pub.pem'


	def main():
	parser = argparse.ArgumentParser()
	parser.add_argument('--archive-file')
	opts = parser.parse_args()

	# Validate args
	if not opts.archive_file or not os.path.exists(opts.archive_file):
	return

	if (not os.path.exists(RELEASE_PKEY_PATH) or
	not os.path.exists(RELEASE_PUBKEY_PATH)):
	return

	# Open the private key file
	with open(RELEASE_PKEY_PATH, 'rb') as f:
	pkey_data = f.read()
	private_key = load_pem_private_key(pkey_data, None, default_backend())

	# Open and sign the archive.
	with open(opts.archive_file, 'rb') as f:
	archive_data = f.read()

	signature = private_key.sign(archive_data)
	print(base64.b64encode(signature))


	if __name__ == '__main__':
	main()