From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 74ADA200840CD for ; Tue, 28 Mar 2017 02:37:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1490693862; x=1522229862; h=from:to:cc:subject:date:message-id; bh=Rj/cEiVnpf9DsDzClIKuserPOoTpgexIsIpNWbRFWWI=; b=mI9RPS+hOghaZksAazdGTq/rqqGHcvxNwwYUbrqMDkLbawd8aNcFY+Sj jfr8/hAsrJwyspik54qM4WfQnLMRNQ==; Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Mar 2017 02:37:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,236,1486454400"; d="scan'208";a="839231662" Received: from shwdeopenpsi168.ccr.corp.intel.com ([10.239.158.121]) by FMSMGA003.fm.intel.com with ESMTP; 28 Mar 2017 02:37:41 -0700 From: Yonghong Zhu To: edk2-devel@lists.01.org Cc: Liming Gao Date: Tue, 28 Mar 2017 17:37:38 +0800 Message-Id: <1490693858-47496-1-git-send-email-yonghong.zhu@intel.com> X-Mailer: git-send-email 2.6.1.windows.1 Subject: [Patch] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2017 09:37:42 -0000 Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work on Linux. It needs to be changed with shell=True. Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu --- BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 4 ++-- .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py | 6 +++--- BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py index 6412587..ef79f80 100644 --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py @@ -201,11 +201,11 @@ if __name__ == '__main__': FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue) # # Sign the input file using the specified private key and capture signature from STDOUT # - Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Signature = Process.communicate(input=FullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) # @@ -270,11 +270,11 @@ if __name__ == '__main__': open(args.OutputFileName, 'wb').write(FullInputFileBuffer) # # Verify signature # - Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate(input=args.SignatureBuffer)[0] if Process.returncode <> 0: print 'ERROR: Verification failed' os.remove (args.OutputFileName) sys.exit(Process.returncode) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py index 2dd6c20..df2d989 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py @@ -96,11 +96,11 @@ if __name__ == '__main__': Item.close() # # Generate private key and save it to output file in a PEM file format # - Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate() if Process.returncode <> 0: print 'ERROR: RSA 2048 key generation failed' sys.exit(Process.returncode) @@ -118,11 +118,11 @@ if __name__ == '__main__': PublicKeyHash = '' for Item in args.PemFileName: # # Extract public key from private key into STDOUT # - Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) PublicKeyHexString = Process.communicate()[0].split('=')[1].strip() if Process.returncode <> 0: print 'ERROR: Unable to extract public key from private key' sys.exit(Process.returncode) PublicKey = '' @@ -130,11 +130,11 @@ if __name__ == '__main__': PublicKey = PublicKey + chr(int(PublicKeyHexString[Index:Index + 2], 16)) # # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT # - Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.stdin.write (PublicKey) PublicKeyHash = PublicKeyHash + Process.communicate()[0] if Process.returncode <> 0: print 'ERROR: Unable to extract SHA 256 hash of public key' sys.exit(Process.returncode) diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 952583c..4367194 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -146,11 +146,11 @@ if __name__ == '__main__': sys.exit(1) # # Extract public key from private key into STDOUT # - Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) PublicKeyHexString = Process.communicate()[0].split('=')[1].strip() PublicKey = '' while len(PublicKeyHexString) > 0: PublicKey = PublicKey + chr(int(PublicKeyHexString[0:2],16)) PublicKeyHexString=PublicKeyHexString[2:] @@ -172,11 +172,11 @@ if __name__ == '__main__': format = "%dsQ" % len(args.InputFileBuffer) FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue) # # Sign the input file using the specified private key and capture signature from STDOUT # - Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Signature = Process.communicate(input=FullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) # @@ -221,11 +221,11 @@ if __name__ == '__main__': open(args.OutputFileName, 'wb').write(Header.Signature) # # Verify signature # - Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate(input=FullInputFileBuffer) if Process.returncode <> 0: print 'ERROR: Verification failed' os.remove (args.OutputFileName) sys.exit(Process.returncode) -- 2.6.1.windows.1