Part of lp.archivepublisher.signing View In Hierarchy
Known subclasses: lp.archivepublisher.signing.UefiUpload
Signing custom upload.
The filename must be of the form:
<PACKAGE>_<VERSION>_<ARCH>.tar.gz
where:
* PACKAGE: source package of the contents;
* VERSION: encoded version;
* ARCH: targeted architecture tag (e.g. 'amd64').
The contents are extracted in the archive in the following path:
<ARCHIVE>/dists/<SUITE>/main/signed/<PACKAGE>-<ARCH>/<VERSION>
A 'current' symbolic link points to the most recent version. The
tarfile must contain at least one file matching the wildcard *.efi, and
any such files are signed using the archive's UEFI signing key.
Signing keys may be installed in the "signingroot" directory specified in
publisher configuration. In this directory, the private key is
"uefi.key" and the certificate is "uefi.crt".
| Static Method | parsePath | Parse tarfile_path, returning its useful components. |
| Method | setComponents | Set instance variables based on decomposing the filename. |
| Method | getSeriesPath | Find the key path for a given series. |
| Method | setTargetDirectory | Set self.targetdir based on parameters. |
| Method | publishPublicKey | Record this key as having been used in this upload. |
| Method | copyPublishedPublicKeys | Copy out published keys into the custom upload. |
| Method | setSigningOptions | Find and extract raw-signing options from the tarball. |
| Class Method | getSeriesKey | Get a unique key for instances of this custom upload type. |
| Method | callLog | Undocumented |
| Method | findSigningHandlers | Find all the signable files in an extracted tarball. |
| Method | getKeys | Validate and return the uefi key and cert for encryption. |
| Method | generateKeyCommonName | Undocumented |
| Method | generateKeyCrtPair | Generate new Key/Crt key pairs. |
| Method | generateUefiKeys | Generate new UEFI Keys for this archive. |
| Method | signUefi | Attempt to sign an image. |
| Method | generateOpensslConfig | Undocumented |
| Method | generatePemX509Pair | Generate new pem/x509 key pairs. |
| Method | generateKmodKeys | Generate new Kernel Signing Keys for this archive. |
| Method | signKmod | Attempt to sign a kernel module. |
| Method | generateOpalKeys | Generate new Opal Signing Keys for this archive. |
| Method | signOpal | Attempt to sign a kernel image for Opal. |
| Method | generateSiplKeys | Generate new Sipl Signing Keys for this archive. |
| Method | signSipl | Attempt to sign a kernel image for Sipl. |
| Method | generateFitKeys | Generate new FIT Keys for this archive. |
| Method | signFit | Attempt to sign an image. |
| Method | convertToTarball | Convert unpacked output to signing tarball. |
| Method | extract | Copy the custom upload to a temporary directory, and sign it. |
| Method | installFiles | After installation hash and sign the installed result. |
| Method | shouldInstall | Returns True if the given filename should be installed. |
| Method | shouldSign | Returns True if the given filename should be signed. |
Inherited from CustomUpload:
| Class Method | publish | See ICustomUploadHandler. |
| Method | __init__ | Undocumented |
| Method | process | Process the upload and install it into the archive. |
| Method | checkForConflicts | Check for conflicts with existing publications in the archive. |
| Method | verifyBeforeExtracting | Verify the tarball before extracting it. |
| Method | ensurePath | Ensure the parent directory exists. |
| Method | sign | Sign a file. |
| Method | fixCurrentSymlink | Update the 'current' symlink and prune old entries. |
| Method | cleanup | Clean up the temporary directory |
| Method | _buildInstallPaths | Build and return paths used to install files. |
| Raises | ValueError | If tarfile_path is incorrectly formed. |
Will iterate the series list backwards until either one exists, or we reach the key at the filesystem root.
This should also set self.version and self.arch (if applicable) as a side-effect.
The key should differ for any uploads that may be published simultaneously, but should be identical for (e.g.) different versions of the same type of upload on the same architecture in the same series. Returns None on failure to parse tarfile_path.
No actual extraction is required.