contrib: improve optimize-pngs.py
- Check that image contents match pre- and post- crushing. - Also remove use of external tool to compute sha256 in favor of hashlib. - contrib: remove all use of shell=True in strip_pngs.py Using `shell=True` can be a security hazard. See e.g. https://docs.python.org/2/library/subprocess.html#subprocess.check_output
This commit is contained in:
parent
42f6a0c2b9
commit
905711f0a1
1 changed files with 33 additions and 9 deletions
|
@ -3,12 +3,28 @@
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import subprocess
|
import subprocess
|
||||||
|
import hashlib
|
||||||
|
from PIL import Image
|
||||||
|
|
||||||
|
def file_hash(filename):
|
||||||
|
'''Return hash of raw file contents'''
|
||||||
|
with open(filename, 'rb') as f:
|
||||||
|
return hashlib.sha256(f.read()).hexdigest()
|
||||||
|
|
||||||
|
def content_hash(filename):
|
||||||
|
'''Return hash of RGBA contents of image'''
|
||||||
|
i = Image.open(filename)
|
||||||
|
i = i.convert('RGBA')
|
||||||
|
data = i.tostring()
|
||||||
|
return hashlib.sha256(data).hexdigest()
|
||||||
|
|
||||||
#optimize png, remove various color profiles, remove ancillary chunks (alla) and text chunks (text)
|
#optimize png, remove various color profiles, remove ancillary chunks (alla) and text chunks (text)
|
||||||
#pngcrush -brute -ow -rem gAMA -rem cHRM -rem iCCP -rem sRGB -rem alla -rem text
|
#pngcrush -brute -ow -rem gAMA -rem cHRM -rem iCCP -rem sRGB -rem alla -rem text
|
||||||
|
|
||||||
|
pngcrush = 'pngcrush'
|
||||||
|
git = 'git'
|
||||||
folders = ["src/qt/res/movies", "src/qt/res/icons", "src/qt/res/images"]
|
folders = ["src/qt/res/movies", "src/qt/res/icons", "src/qt/res/images"]
|
||||||
basePath = subprocess.check_output("git rev-parse --show-toplevel", shell=True).rstrip('\n')
|
basePath = subprocess.check_output([git, 'rev-parse', '--show-toplevel']).rstrip('\n')
|
||||||
totalSaveBytes = 0
|
totalSaveBytes = 0
|
||||||
|
|
||||||
outputArray = []
|
outputArray = []
|
||||||
|
@ -19,30 +35,38 @@ for folder in folders:
|
||||||
if extension.lower() == '.png':
|
if extension.lower() == '.png':
|
||||||
print("optimizing "+file+"..."),
|
print("optimizing "+file+"..."),
|
||||||
file_path = os.path.join(absFolder, file)
|
file_path = os.path.join(absFolder, file)
|
||||||
fileMetaMap = {'file' : file, 'osize': os.path.getsize(file_path), 'sha256Old' : subprocess.check_output("openssl dgst -sha256 "+file_path, shell=True).rstrip('\n')};
|
fileMetaMap = {'file' : file, 'osize': os.path.getsize(file_path), 'sha256Old' : file_hash(file_path)};
|
||||||
|
fileMetaMap['contentHashPre'] = content_hash(file_path)
|
||||||
|
|
||||||
pngCrushOutput = ""
|
pngCrushOutput = ""
|
||||||
try:
|
try:
|
||||||
pngCrushOutput = subprocess.check_output("pngcrush -brute -ow -rem gAMA -rem cHRM -rem iCCP -rem sRGB -rem alla -rem text "+file_path+" >/dev/null 2>&1", shell=True).rstrip('\n')
|
pngCrushOutput = subprocess.check_output(
|
||||||
|
[pngcrush, "-brute", "-ow", "-rem", "gAMA", "-rem", "cHRM", "-rem", "iCCP", "-rem", "sRGB", "-rem", "alla", "-rem", "text", file_path],
|
||||||
|
stderr=subprocess.STDOUT).rstrip('\n')
|
||||||
except:
|
except:
|
||||||
print "pngcrush is not installed, aborting..."
|
print "pngcrush is not installed, aborting..."
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
#verify
|
#verify
|
||||||
if "Not a PNG file" in subprocess.check_output("pngcrush -n -v "+file_path+" >/dev/null 2>&1", shell=True):
|
if "Not a PNG file" in subprocess.check_output([pngcrush, "-n", "-v", file_path], stderr=subprocess.STDOUT):
|
||||||
print "PNG file "+file+" is corrupted after crushing, check out pngcursh version"
|
print "PNG file "+file+" is corrupted after crushing, check out pngcursh version"
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
fileMetaMap['sha256New'] = file_hash(file_path)
|
||||||
|
fileMetaMap['contentHashPost'] = content_hash(file_path)
|
||||||
|
|
||||||
|
if fileMetaMap['contentHashPre'] != fileMetaMap['contentHashPost']:
|
||||||
|
print "Image contents of PNG file "+file+" before and after crushing don't match"
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
fileMetaMap['sha256New'] = subprocess.check_output("openssl dgst -sha256 "+file_path, shell=True).rstrip('\n')
|
|
||||||
fileMetaMap['psize'] = os.path.getsize(file_path)
|
fileMetaMap['psize'] = os.path.getsize(file_path)
|
||||||
outputArray.append(fileMetaMap)
|
outputArray.append(fileMetaMap)
|
||||||
print("done\n"),
|
print("done\n"),
|
||||||
|
|
||||||
print "summary:\n+++++++++++++++++"
|
print "summary:\n+++++++++++++++++"
|
||||||
for fileDict in outputArray:
|
for fileDict in outputArray:
|
||||||
oldHash = fileDict['sha256Old'].split("= ")[1]
|
oldHash = fileDict['sha256Old']
|
||||||
newHash = fileDict['sha256New'].split("= ")[1]
|
newHash = fileDict['sha256New']
|
||||||
totalSaveBytes += fileDict['osize'] - fileDict['psize']
|
totalSaveBytes += fileDict['osize'] - fileDict['psize']
|
||||||
print fileDict['file']+"\n size diff from: "+str(fileDict['osize'])+" to: "+str(fileDict['psize'])+"\n old sha256: "+oldHash+"\n new sha256: "+newHash+"\n"
|
print fileDict['file']+"\n size diff from: "+str(fileDict['osize'])+" to: "+str(fileDict['psize'])+"\n old sha256: "+oldHash+"\n new sha256: "+newHash+"\n"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue