From 2572afa40577a3c4091a257f0a3612aac845f5e4 Mon Sep 17 00:00:00 2001 From: Jörg Behrmann Date: Fri, 4 Oct 2024 16:38:07 +0200 Subject: ukify: Make it lint clean --- src/ukify/ruff.toml | 1 + src/ukify/ukify.py | 31 ++++++++++++++++++++----------- 2 files changed, 21 insertions(+), 11 deletions(-) (limited to 'src/ukify') diff --git a/src/ukify/ruff.toml b/src/ukify/ruff.toml index c6088637f1..6c0ec6ceb8 100644 --- a/src/ukify/ruff.toml +++ b/src/ukify/ruff.toml @@ -1,5 +1,6 @@ target-version = "py39" line-length = 109 +lint.select = ["E", "F", "I", "UP"] [format] quote-style = "single" diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 8cc4477169..75e0afc6a6 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -69,7 +69,8 @@ EFI_ARCH_MAP = { EFI_ARCHES: list[str] = sum(EFI_ARCH_MAP.values(), []) # Default configuration directories and file name. -# When the user does not specify one, the directories are searched in this order and the first file found is used. +# When the user does not specify one, the directories are searched in this order and the first file found is +# used. DEFAULT_CONFIG_DIRS = ['/etc/systemd', '/run/systemd', '/usr/local/lib/systemd', '/usr/lib/systemd'] DEFAULT_CONFIG_FILE = 'ukify.conf' @@ -898,7 +899,8 @@ def make_uki(opts): if pcrpkey is None: if opts.pcr_public_keys and len(opts.pcr_public_keys) == 1: pcrpkey = opts.pcr_public_keys[0] - # If we are getting a certificate when using an engine, we need to convert it to public key format + # If we are getting a certificate when using an engine, we need to convert it to public key + # format if opts.signing_engine is not None and Path(pcrpkey).exists(): from cryptography.hazmat.primitives import serialization from cryptography.x509 import load_pem_x509_certificate @@ -960,7 +962,8 @@ def make_uki(opts): # Don't add a sbat section to profile PE binaries. if opts.join_profiles or not opts.profile: if linux is not None: - # Merge the .sbat sections from stub, kernel and parameter, so that revocation can be done on either. + # Merge the .sbat sections from stub, kernel and parameter, so that revocation can be done on + # either. input_pes = [opts.stub, linux] if not opts.sbat: opts.sbat = [ @@ -1016,7 +1019,7 @@ uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/l if names[0] != '.profile': raise ValueError( - f'Expected .profile section as first valid section in PE profile binary {profile} but got {names[0]}' + f'Expected .profile section as first valid section in PE profile binary {profile} but got {names[0]}' # noqa: E501 ) if names.count('.profile') > 1: @@ -1185,7 +1188,7 @@ def generate_keys(opts): if not work: raise ValueError( - 'genkey: --secureboot-private-key=/--secureboot-certificate= or --pcr-private-key/--pcr-public-key must be specified' + 'genkey: --secureboot-private-key=/--secureboot-certificate= or --pcr-private-key/--pcr-public-key must be specified' # noqa: E501 ) @@ -1367,7 +1370,7 @@ class ConfigItem: elif self.type: conv = self.type else: - conv = lambda s: s + conv = lambda s: s # noqa: E731 # This is a bit ugly, but --initrd is the only option which is specified # with multiple args on the command line and a space-separated list in the @@ -1553,21 +1556,27 @@ CONFIG_ITEMS = [ ConfigItem( '--secureboot-certificate', dest='sb_cert', - help='required by --signtool=sbsign. sbsign needs a path to certificate file or engine-specific designation for SB signing', + help=( + 'required by --signtool=sbsign. sbsign needs a path to certificate file or engine-specific designation for SB signing' # noqa: E501 + ), config_key='UKI/SecureBootCertificate', ), ConfigItem( '--secureboot-certificate-dir', dest='sb_certdir', default='/etc/pki/pesign', - help='required by --signtool=pesign. Path to nss certificate database directory for PE signing. Default is /etc/pki/pesign', + help=( + 'required by --signtool=pesign. Path to nss certificate database directory for PE signing. Default is /etc/pki/pesign' # noqa: E501 + ), config_key='UKI/SecureBootCertificateDir', config_push=ConfigItem.config_set, ), ConfigItem( '--secureboot-certificate-name', dest='sb_cert_name', - help='required by --signtool=pesign. pesign needs a certificate nickname of nss certificate database entry to use for PE signing', + help=( + 'required by --signtool=pesign. pesign needs a certificate nickname of nss certificate database entry to use for PE signing' # noqa: E501 + ), config_key='UKI/SecureBootCertificateName', ), ConfigItem( @@ -1839,7 +1848,7 @@ def finalize_options(opts): # both param given, infer sbsign and in case it was given, ensure signtool=sbsign if opts.signtool and opts.signtool != 'sbsign': raise ValueError( - f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' + f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' # noqa: E501 ) opts.signtool = 'sbsign' elif bool(opts.sb_cert_name): @@ -1852,7 +1861,7 @@ def finalize_options(opts): if opts.sign_kernel and not opts.sb_key and not opts.sb_cert_name: raise ValueError( - '--sign-kernel requires either --secureboot-private-key= and --secureboot-certificate= (for sbsign) or --secureboot-certificate-name= (for pesign) to be specified' + '--sign-kernel requires either --secureboot-private-key= and --secureboot-certificate= (for sbsign) or --secureboot-certificate-name= (for pesign) to be specified' # noqa: E501 ) if opts.join_profiles and not opts.profile: -- cgit v1.2.3