From a5f26fefca2edb7f3b2772966b79351b7edbcc3f Mon Sep 17 00:00:00 2001 From: Yonghong Zhu Date: Tue, 28 Mar 2017 15:04:13 +0800 Subject: [PATCH] BaseTools: Update Pkcs7 and RSA2048 tool with shell=True Pkcs7Sign, Rsa2048Sha256Sign and Rsa2048Sha256GenerateKeys doesn't work on Linux. It needs to be changed with shell=True. Cc: Liming Gao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu Reviewed-by: Liming Gao --- BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 4 ++-- .../Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py | 6 +++--- .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py index 6412587e4b..ef79f80edd 100644 --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py @@ -203,7 +203,7 @@ if __name__ == '__main__': # # Sign the input file using the specified private key and capture signature from STDOUT # - Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform DER -md sha256 -certfile "%s"' % (OpenSslCommand, args.SignerPrivateCertFileName, args.OtherPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Signature = Process.communicate(input=FullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) @@ -272,7 +272,7 @@ if __name__ == '__main__': # # Verify signature # - Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s smime -verify -inform DER -content %s -CAfile %s' % (OpenSslCommand, args.OutputFileName, args.TrustedPublicCertFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate(input=args.SignatureBuffer)[0] if Process.returncode <> 0: print 'ERROR: Verification failed' diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py index 2dd6c20168..df2d9896ca 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256GenerateKeys.py @@ -98,7 +98,7 @@ if __name__ == '__main__': # # Generate private key and save it to output file in a PEM file format # - Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s genrsa -out %s 2048' % (OpenSslCommand, Item.name), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate() if Process.returncode <> 0: print 'ERROR: RSA 2048 key generation failed' @@ -120,7 +120,7 @@ if __name__ == '__main__': # # Extract public key from private key into STDOUT # - Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s rsa -in %s -modulus -noout' % (OpenSslCommand, Item), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) PublicKeyHexString = Process.communicate()[0].split('=')[1].strip() if Process.returncode <> 0: print 'ERROR: Unable to extract public key from private key' @@ -132,7 +132,7 @@ if __name__ == '__main__': # # Generate SHA 256 hash of RSA 2048 bit public key into STDOUT # - Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s dgst -sha256 -binary' % (OpenSslCommand), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.stdin.write (PublicKey) PublicKeyHash = PublicKeyHash + Process.communicate()[0] if Process.returncode <> 0: diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 952583cf4b..4367194c23 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -148,7 +148,7 @@ if __name__ == '__main__': # # Extract public key from private key into STDOUT # - Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName), stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s rsa -in "%s" -modulus -noout' % (OpenSslCommand, args.PrivateKeyFileName), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) PublicKeyHexString = Process.communicate()[0].split('=')[1].strip() PublicKey = '' while len(PublicKeyHexString) > 0: @@ -174,7 +174,7 @@ if __name__ == '__main__': # # Sign the input file using the specified private key and capture signature from STDOUT # - Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand, args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Signature = Process.communicate(input=FullInputFileBuffer)[0] if Process.returncode <> 0: sys.exit(Process.returncode) @@ -223,7 +223,7 @@ if __name__ == '__main__': # # Verify signature # - Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + Process = subprocess.Popen('%s sha256 -prverify "%s" -signature %s' % (OpenSslCommand, args.PrivateKeyFileName, args.OutputFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) Process.communicate(input=FullInputFileBuffer) if Process.returncode <> 0: print 'ERROR: Verification failed'