fw_signer: Pacify Pylint.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

Author: minosgalanakis

tools/fw_signer/firmware_signer.py

@@ -9,42 +9,41 @@
 # that the user is authorised to sign the firmware.
 
 # Please configure gpg-agent with `max-cache-ttl 0` when deploying.
+# Run as MBEDTLS_FW_SIGN_SERVER_IP=X.X.X.X && python firmware_signer.py
 
-import flask
 import random
 import os
 import string
 import shlex
 import shutil
 import subprocess
 import pathlib
+from typing import Tuple
 
-from typing import Text , Tuple
-
-
+import flask
 ################  /* Configuration Parameters  #################
-app = flask.Flask(__name__)
+APP = flask.Flask(__name__)
 
 # Allow the host to set the IP for the server3
-server_ip = "0.0.0.0"        # Will launch the server but dl links won't work.
-server_port = "5000"         # Port to bind to.
-cleanup_on_startup = True    # Cleanup the temporary directory on launch.
+SERVER_IP = "0.0.0.0"        # Will launch the server but dl links won't work.
+SERVER_PORT = "5000"         # Port to bind to.
+CLEANUP_ON_STARTUP = True    # Cleanup the temporary directory on launch.
 
 ################  Configuration Parameters */  #################
 
 # ENV overrides
 if "MBEDTLS_FW_SIGN_SERVER_IP" in os.environ:
-    server_ip = os.environ["MBEDTLS_FW_SIGN_SERVER_IP"]
+    SERVER_IP = os.environ["MBEDTLS_FW_SIGN_SERVER_IP"]
 
 if "MBEDTLS_FW_SIGN_SERVER_PORT" in os.environ:
-    server_port = os.environ["MBEDTLS_FW_SIGN_SERVER_PORT"]
+    SERVER_PORT = os.environ["MBEDTLS_FW_SIGN_SERVER_PORT"]
 
-download_pfix = "http://{}:{}/".format(server_ip, server_port)
-sign_cmd = ("gpg --detach-sign --pinentry-mode loopback"
+DOWNLOAD_PFIX = "http://{}:{}/".format(SERVER_IP, SERVER_PORT)
+SIGN_CMD = ("gpg --detach-sign --pinentry-mode loopback"
             " --passphrase '{pasw}' --armor --batch {tarb}")
-verify_cmd = "gpg --verify {sig} {tarb}"
-sum_cmd = "sha256sum {tarb}"
-zip_cmd = "zip -r {name}.zip ."
+VERIFY_CMD = "gpg --verify {sig} {tarb}"
+SUM_CMD = "sha256sum {tarb}"
+ZIP_CMD = "zip -r {name}.zip ."
 
 
 def do_shell_exec(exec_string: str) -> Tuple[int, str, str]:
@@ -72,19 +71,22 @@ def randomise_path(name: str) -> str:
     return os.path.join("tmp", "{}_{}".format(name, pfix))
 
 
-@app.route('/')
+@APP.route('/')
 def main() -> flask.typing.ResponseReturnValue:
+    """Invoked on main landing page."""
     return flask.render_template("index.html")
 
 
-@app.route('/<path>/<filename>')
+@APP.route('/<path>/<filename>')
 def download(path: str, filename: str) -> flask.typing.ResponseReturnValue:
+    """Invoked on {SERVERIP:PORT}/tmp_workdir/filename api endpoint."""
     path = os.path.join("tmp", path)
     return flask.send_from_directory(path, filename, as_attachment=True)
 
-
-@app.route('/sign', methods=['POST'])
+# pylint: disable=too-many-locals, inconsistent-return-statements
+@APP.route('/sign', methods=['POST'])
 def sign() -> flask.typing.ResponseReturnValue:
+    """Invoked on {SERVERIP:PORT}/sign api endpoint."""
     if flask.request.method == 'POST':
 
         # Accept the file
@@ -100,8 +102,8 @@ def sign() -> flask.typing.ResponseReturnValue:
         sign_fname = artf_name + ".asc"
         tmp_workdir = randomise_path(artf_basename)
 
-        if cleanup_on_startup:
-            shutil.rmtree(tmp_workdir)
+        if CLEANUP_ON_STARTUP:
+            shutil.rmtree(tmp_workdir, ignore_errors=True)
         archive_name = artf_basename + ".zip"
 
         # Create a workdir
@@ -116,41 +118,41 @@ def sign() -> flask.typing.ResponseReturnValue:
         os.rename(f.filename, artf_name)
 
         # Calculate the sha256
-        ret_code, _stdout, _sterr = do_shell_exec(sum_cmd.format(tarb=artf_name))
+        ret_code, _stdout, _sterr = do_shell_exec(SUM_CMD.format(tarb=artf_name))
         if ret_code == 0:
-            with open(sha_fname, "w") as F:
-                F.write(_stdout)
+            with open(sha_fname, "w") as sha_file:
+                sha_file.write(_stdout)
             sha = shlex.split(_stdout)[0]
         else:
             raise Exception("Shasum failed!")
 
         # Sign the tarball
-        ret_code, _stdout, _sterr = do_shell_exec(sign_cmd.format(pasw=pwd, tarb=artf_name))
+        ret_code, _stdout, _sterr = do_shell_exec(SIGN_CMD.format(pasw=pwd, tarb=artf_name))
         # If password is incorrect or other error exit.
         if ret_code != 0:
             return flask.render_template("signed.html",
                                          artf_name="Not Authorised",
-                                         artf_url=download_pfix,
+                                         artf_url=DOWNLOAD_PFIX,
                                          sha="Not Authorised",
-                                         sha_url=download_pfix,
+                                         sha_url=DOWNLOAD_PFIX,
                                          sign_name="Not Authorised",
-                                         sign_url=download_pfix,
+                                         sign_url=DOWNLOAD_PFIX,
                                          zip_name="Not Authorised",
-                                         zip_url=download_pfix)
+                                         zip_url=DOWNLOAD_PFIX)
         # Zip everything
         cwd = os.getcwd()
         os.chdir(tmp_workdir)
         ret_code, _stdout, _sterr = do_shell_exec(
-            zip_cmd.format(name=artf_basename))
+            ZIP_CMD.format(name=artf_basename))
         if ret_code != 0:
             raise Exception("zip Failed")
         os.chdir(cwd)
 
         # Calculate the download urls
-        sha_url = download_pfix + "/".join(sha_fname.split("/")[1:])
-        artf_url = download_pfix + "/".join(artf_name.split("/")[1:])
-        sign_url = download_pfix + "/".join(sign_fname.split("/")[1:])
-        archive_url = download_pfix + "/".join(archive_name.split("/")[1:])
+        sha_url = DOWNLOAD_PFIX + "/".join(sha_fname.split("/")[1:])
+        artf_url = DOWNLOAD_PFIX + "/".join(artf_name.split("/")[1:])
+        sign_url = DOWNLOAD_PFIX + "/".join(sign_fname.split("/")[1:])
+        archive_url = DOWNLOAD_PFIX + "/".join(archive_name.split("/")[1:])
 
         # Return the results page
         return flask.render_template("signed.html",
@@ -163,8 +165,9 @@ def sign() -> flask.typing.ResponseReturnValue:
                                      zip_url=archive_url)
 
 
-@app.route('/verify', methods=['POST'])
+@APP.route('/verify', methods=['POST'])
 def verify() -> flask.typing.ResponseReturnValue:
+    """Invoked on {SERVERIP:PORT}/verify api endpoint."""
     if flask.request.method == 'POST':
         # Create a workdir
         tmp_workdir = randomise_path("verification")
@@ -186,7 +189,7 @@ def verify() -> flask.typing.ResponseReturnValue:
 
     # Verify the archive's signature
     ret_code, _stdout, _sterr = do_shell_exec(
-        verify_cmd.format(sig=sig_fname, tarb=artf_fname))
+        VERIFY_CMD.format(sig=sig_fname, tarb=artf_fname))
     verified = "Success" if ret_code == 0 else "Failed"
 
     # Return the result
@@ -195,4 +198,4 @@ def verify() -> flask.typing.ResponseReturnValue:
                                  result=_sterr)
 
 if __name__ == '__main__':
-    app.run(host=server_ip, debug=False)
+    APP.run(host=SERVER_IP, debug=False)

tools/fw_signer/static/style.css

@@ -12,4 +12,5 @@ h2 { text-align: center; }
                     color: white;}
 .custom-form { text-align: left;
              margin: auto;
-             color: white;}
+             color: white;}
+

tools/fw_signer/templates/index.html

@@ -1,5 +1,5 @@
 <html>
-<head>   
+<head>
     <title>MbedTLS Release Sign</title>
     <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
 </head>
@@ -17,7 +17,7 @@ <h2>Sign a release</h2>
             <input type="file" name="rel_file"></label>
         <br>
         <input type="text" id="pw" name="passw" placeholder="Type Password">
-        <input type = "submit" value="Upload">   
+        <input type = "submit" value="Upload">
     </form>
     <hr />
     <h2>Verify a release</h2>
@@ -27,15 +27,15 @@ <h2>Verify a release</h2>
         <li>Select the asc file with the signature</li>
         <li>press Upload.</li>
     </ul>
-    <form class="custom-form" action= "/verify" method = "post" enctype="multipart/form-data">  
-        <label class="custom-file-upload">Release  
+    <form class="custom-form" action= "/verify" method = "post" enctype="multipart/form-data">
+        <label class="custom-file-upload">release
             <input type="file" name="rel_file"></label>
         <br>
         <label class="custom-file-upload"> Sig/ture
             <input type="file" name="sig_file"></label>
-        <br>            
+        <br>
         <input type = "submit" value="Upload">
     </form>
-</body>   
+</body>
 </html>
 

tools/fw_signer/templates/signed.html

@@ -1,10 +1,10 @@
 
-<html> 
-   <head> 
+<html>
+   <head>
       <title>Sign</title>
       <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
    </head>
-   <body> 
+   <body>
       <h2>Sign Results</h2>
       <table align="center" border="2" cellpadding="1" cellspacing="1" style="width:500px">
          <tbody>
@@ -26,5 +26,5 @@ <h2>Sign Results</h2>
             </tr>
          </tbody>
       </table>
-   </body> 
+   </body>
 </html>

tools/fw_signer/templates/verification.html

@@ -1,8 +1,8 @@
-<html> 
-   <head> 
+<html>
+   <head>
       <title>success</title>
       <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
-   </head> 
+   </head>
    <body>
       <h2>Verification Results</h2>
     <table align="center" border="2" cellpadding="1" cellspacing="1" style="width:500px; color:white">