| # Copyright 2019 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import argparse |
| import os |
| import json |
| |
| from cryptography.hazmat.backends import default_backend |
| from cryptography.hazmat.primitives.serialization import load_pem_private_key |
| |
| RELEASE_PKEY_PATH = 'RELEASE_PKEY_PATH' |
| RELEASE_PUBKEY_PATH = 'RELEASE_PUBKEY_PATH' |
| |
| |
| def main(): |
| parser = argparse.ArgumentParser() |
| parser.add_argument('--archive-file') |
| opts = parser.parse_args() |
| |
| # Validate args |
| if not opts.archive_file or not os.path.exists(opts.archive_file): |
| return |
| |
| # Check that private key/public key env vars are set. |
| pkey_path = os.environ.get(RELEASE_PKEY_PATH) |
| pubkey_path = os.environ.get(RELEASE_PUBKEY_PATH) |
| |
| if not pkey_path or not pubkey_path: |
| return |
| # Open the private key file |
| if pkey_path: |
| with open(pkey_path, 'rb') as f: |
| pkey_data = f.read() |
| private_key = load_pem_private_key(pkey_data, None, default_backend()) |
| |
| # Open and sign the archive. |
| with open(opts.archive_file, 'rb') as f: |
| archive_data = f.read() |
| |
| signature = private_key.sign(archive_data) |
| print(signature) |
| |
| |
| if __name__ == '__main__': |
| main() |