* Move all scripts and documentation to Python3
Python 2 EOL is Jan 1, 2020. Migrate scripts to run under Python 3.
Under Windows, we're already running Python 3.7, by dumb luck. The
oddness is that the Windows standalone executable for Python 3 is called
"python" whereas under UNIX-like OSes it's called "python3" with
"python" always referring to the Python 2 executable. The ZIP needs to
be updated to include a Python3.exe (copy of Python.exe) so that we can
use the same command lines under Linux and Windows, and to preserve my
sanity.
Fixes#6376
* Add new Windows ZIP with python3.exe file
* Sort options in boards.txt generation for repeatability
The order of the board opts dict changes depending on the Python version
and machine, so sort the options before printing them to get a stable
ordering.
* Re-add Python2 compatibility tweaks
Most scripts can run as Python 2 or Python 3 with minimal changes, so
re-add (and fix, as necessary) compatibility tweaks to the scripts.
* Keep signing commands in platform.txt on release
The boards packager was deleting what was at the time it was written
unused lines in fht platform.txt file before deploying to Arduino.
One of these lines is now needed for signing to work, so don't delete
it.
Also, explicitly call "python signing.py" because it looks like Arduino
is sanitizing/removing executable bits on files when extracting from
boards manager installations.
Fixes#5483
* Create the build subdir, if needed, for autosign
If the temporary build/core directory isn't available, make it in order
that Updater.cpp will see the generated signing header and not the one
in the main core.
Using a pluggable architecture, allow updates delivered via the Update
class to be verified as signed by a certificate. By using plugins, avoid
pulling either axTLS or BearSSL into normal builds.
A signature is appended to a binary image, followed by the size of the
signature as a 32-bit int. The updater takes a verification function
and checks this signature using whatever method it chooses, and if it
fails the update is not applied.
A SHA256 hash class is presently implemented for the signing hash (since
MD5 is a busted algorithm).
A BearSSLPublicKey based verifier is implemented for RSA keys. The
application only needs the Public Key, while to sign you can use
OpenSSL and your private key (which should never leave your control
or be deployed on any endpoints).
An example using automatic signing is included.
Update the docs to show the signing steps and how to use it in the
automatic and manual modes.
Also remove one debugging line from the signing tool.
Saves ~600 bytes when in debug mode by moving strings to PMEM
Windows can't run the signing script, nor does it normally have OpenSSL
installed. When trying to build an automatically signed binary, warn
and don't run the python.
