From 10fee88d42fe37d83f0a37b3dae69b674f8055f3 Mon Sep 17 00:00:00 2001
From: Neha Malcom Francis <n-francis@ti.com>
Date: Fri, 5 Jan 2024 17:09:17 +0530
Subject: tools: binman: ti_board_cfg: Check for linting problems

Use yamllint for checking whether YAML configuration files are adhering
to default yamllint rules.

Signed-off-by: Neha Malcom Francis <n-francis@ti.com>
Suggested-by: Nishanth Menon <nm@ti.com>
---
 tools/binman/etype/ti_board_config.py        |  5 +++++
 tools/binman/ftest.py                        |  6 ++++++
 tools/binman/test/323_ti_board_cfg_phony.dts | 14 ++++++++++++++
 tools/binman/test/yaml/config.yaml           |  4 ++--
 tools/binman/test/yaml/config_phony.yaml     | 18 ++++++++++++++++++
 tools/buildman/requirements.txt              |  1 +
 6 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 tools/binman/test/323_ti_board_cfg_phony.dts
 create mode 100644 tools/binman/test/yaml/config_phony.yaml

(limited to 'tools')

diff --git a/tools/binman/etype/ti_board_config.py b/tools/binman/etype/ti_board_config.py
index 94f894c2811..2c3bb8f7b56 100644
--- a/tools/binman/etype/ti_board_config.py
+++ b/tools/binman/etype/ti_board_config.py
@@ -9,6 +9,7 @@
 import os
 import struct
 import yaml
+import yamllint
 
 from collections import OrderedDict
 from jsonschema import validate
@@ -18,6 +19,7 @@ from binman.entry import Entry
 from binman.etype.section import Entry_section
 from dtoc import fdt_util
 from u_boot_pylib import tools
+from yamllint import config
 
 BOARDCFG = 0xB
 BOARDCFG_SEC = 0xD
@@ -244,6 +246,9 @@ class Entry_ti_board_config(Entry_section):
             with open(self._schema_file, 'r') as sch:
                 self.schema_yaml = yaml.safe_load(sch)
 
+            yaml_config = config.YamlLintConfig("extends: default")
+            for p in yamllint.linter.run(open(self._config_file, "r"), yaml_config):
+                self.Raise(f"Yamllint error: {p.line}: {p.rule}")
             try:
                 validate(self.file_yaml, self.schema_yaml)
             except Exception as e:
diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py
index 90482518f1e..8a44bc051b3 100644
--- a/tools/binman/ftest.py
+++ b/tools/binman/ftest.py
@@ -7030,6 +7030,12 @@ fdt         fdtmap                Extract the devicetree blob from the fdtmap
         data = self._DoReadFile('293_ti_board_cfg.dts')
         self.assertEqual(TI_BOARD_CONFIG_DATA, data)
 
+    def testTIBoardConfigLint(self):
+        """Test that an incorrectly linted config file would generate error"""
+        with self.assertRaises(ValueError) as e:
+            data = self._DoReadFile('323_ti_board_cfg_phony.dts')
+        self.assertIn("Yamllint error", str(e.exception))
+
     def testTIBoardConfigCombined(self):
         """Test that a schema validated combined board config file can be generated"""
         data = self._DoReadFile('294_ti_board_cfg_combined.dts')
diff --git a/tools/binman/test/323_ti_board_cfg_phony.dts b/tools/binman/test/323_ti_board_cfg_phony.dts
new file mode 100644
index 00000000000..441296de4fd
--- /dev/null
+++ b/tools/binman/test/323_ti_board_cfg_phony.dts
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0+
+/dts-v1/;
+
+/ {
+	#address-cells = <1>;
+	#size-cells = <1>;
+
+	binman {
+		ti-board-config {
+			config = "yaml/config_phony.yaml";
+			schema = "yaml/schema.yaml";
+		};
+	};
+};
diff --git a/tools/binman/test/yaml/config.yaml b/tools/binman/test/yaml/config.yaml
index 5f799a6e3a9..c2be32128bb 100644
--- a/tools/binman/test/yaml/config.yaml
+++ b/tools/binman/test/yaml/config.yaml
@@ -10,9 +10,9 @@ main-branch:
     b: 0
   arr: [0, 0, 0, 0]
   another-arr:
-    - #1
+    -  # 1
       c: 0
       d: 0
-    - #2
+    -  # 2
       c: 0
       d: 0
diff --git a/tools/binman/test/yaml/config_phony.yaml b/tools/binman/test/yaml/config_phony.yaml
new file mode 100644
index 00000000000..d76fcb3b821
--- /dev/null
+++ b/tools/binman/test/yaml/config_phony.yaml
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Test config
+#
+---
+
+main-branch :
+  obj :
+    a : 0x0
+    b: 0
+  arr: [0, 0, 0, 0]
+  another-arr:
+    -  # 1
+      c: 0
+      d: 0
+    -  # 2
+      c: 0
+      d: 0
diff --git a/tools/buildman/requirements.txt b/tools/buildman/requirements.txt
index a1efcb9d4b4..4a31e69e4cb 100644
--- a/tools/buildman/requirements.txt
+++ b/tools/buildman/requirements.txt
@@ -1,2 +1,3 @@
 jsonschema==4.17.3
 pyyaml==6.0
+yamllint==1.26.3
-- 
cgit v1.3.1


From bc01d9ff93f350a35c51ddb75f81c2a6f663b1c1 Mon Sep 17 00:00:00 2001
From: Hugo Cornelis <hugo.cornelis@essensium.com>
Date: Mon, 8 Jan 2024 15:24:30 +0100
Subject: image-host: refactor and protect for very long filenames

This patch adds a function fit_image_read_key_iv_data that checks the
return value of snprintf and allows to generate a sensible error
message when generating binary images using filenames that are too
long for the OS to handle.

This is especially relevant for automated builds such as Buildroot and
Yocto builds.

Signed-off-by: Hugo Cornelis <hugo.cornelis@essensium.com>
---
 tools/image-host.c | 42 ++++++++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 10 deletions(-)

(limited to 'tools')

diff --git a/tools/image-host.c b/tools/image-host.c
index 90bc9f905f3..b2a0f2e6d16 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -342,6 +342,28 @@ err:
 	return ret;
 }
 
+static int fit_image_read_key_iv_data(const char *keydir, const char *key_iv_name,
+				      unsigned char *key_iv_data, int expected_size)
+{
+	char filename[PATH_MAX];
+	int ret = -1;
+
+	ret = snprintf(filename, sizeof(filename), "%s/%s%s",
+		       keydir, key_iv_name, ".bin");
+	if (ret >= sizeof(filename)) {
+		printf("Can't format the key or IV filename when setting up the cipher: insufficient buffer space\n");
+		ret = -1;
+	}
+	if (ret < 0) {
+		printf("Can't format the key or IV filename when setting up the cipher: snprintf error\n");
+		ret = -1;
+	}
+
+	ret = fit_image_read_data(filename, key_iv_data, expected_size);
+
+	return ret;
+}
+
 static int get_random_data(void *data, int size)
 {
 	unsigned char *tmp = data;
@@ -378,7 +400,6 @@ static int fit_image_setup_cipher(struct image_cipher_info *info,
 				  int noffset)
 {
 	char *algo_name;
-	char filename[128];
 	int ret = -1;
 
 	if (fit_image_cipher_get_algo(fit, noffset, &algo_name)) {
@@ -415,17 +436,17 @@ static int fit_image_setup_cipher(struct image_cipher_info *info,
 		goto out;
 	}
 
-	/* Read the key in the file */
-	snprintf(filename, sizeof(filename), "%s/%s%s",
-		 info->keydir, info->keyname, ".bin");
 	info->key = malloc(info->cipher->key_len);
 	if (!info->key) {
 		fprintf(stderr, "Can't allocate memory for key\n");
 		ret = -1;
 		goto out;
 	}
-	ret = fit_image_read_data(filename, (unsigned char *)info->key,
-				  info->cipher->key_len);
+
+	/* Read the key in the file */
+	ret = fit_image_read_key_iv_data(info->keydir, info->keyname,
+					 (unsigned char *)info->key,
+					 info->cipher->key_len);
 	if (ret < 0)
 		goto out;
 
@@ -438,10 +459,11 @@ static int fit_image_setup_cipher(struct image_cipher_info *info,
 
 	if (info->ivname) {
 		/* Read the IV in the file */
-		snprintf(filename, sizeof(filename), "%s/%s%s",
-			 info->keydir, info->ivname, ".bin");
-		ret = fit_image_read_data(filename, (unsigned char *)info->iv,
-					  info->cipher->iv_len);
+		ret = fit_image_read_key_iv_data(info->keydir, info->ivname,
+						 (unsigned char *)info->iv,
+						 info->cipher->iv_len);
+		if (ret < 0)
+			goto out;
 	} else {
 		/* Generate an ramdom IV */
 		ret = get_random_data((void *)info->iv, info->cipher->iv_len);
-- 
cgit v1.3.1