cmake: modules: west: Add function to verify blobs

Add a cmake helper function to verify if blobs have a valid checksum.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>

cmake/modules/west.cmake

@@ -95,3 +95,50 @@ else()
     set(WEST WEST-NOTFOUND CACHE INTERNAL "West")
   endif()
 endif()
+
+# Verify blobs fetched using west. If the sha256 checksum isn't valid, a fatal
+# error message is printed.
+# Paths are relative to the module's zephyr/blobs directory.
+#
+# Usage:
+#   west_blobs_verify([MODULE module]
+#                     [PATHS path [paths...]])
+#
+# Example:
+# west_blobs_verify()                   # verify all blobs
+# west_blobs_verify(MODULE my_module)   # verify all blobs in "my_module"
+# west_blobs_verify(PATHS img/file.bin) # verify a single path
+function(west_blobs_verify)
+  cmake_parse_arguments(WEST_BLOBS_VERIFY "" "MODULE" "PATHS" ${ARGN})
+
+  execute_process(
+    COMMAND ${WEST} blobs list ${WEST_BLOBS_VERIFY_MODULE} -f "{status} {path}"
+    OUTPUT_VARIABLE BLOBS_LIST_OUTPUT
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+    COMMAND_ERROR_IS_FATAL ANY
+  )
+
+  string(REPLACE "\n" ";" BLOBS_LIST ${BLOBS_LIST_OUTPUT})
+
+  if(WEST_BLOBS_VERIFY_PATHS)
+    foreach(path ${WEST_BLOBS_VERIFY_PATHS})
+      message(STATUS "Verifying blob \"${path}\"")
+
+      # Each path that has a correct sha256 is prefixed with an A
+      if(NOT "A ${path}" IN_LIST BLOBS_LIST)
+        message(FATAL_ERROR "Blob for path \"${path}\" isn't valid. Update with: west blobs fetch")
+      endif()
+    endforeach()
+  else()
+    foreach(blob ${BLOBS_LIST})
+      separate_arguments(blob)
+      list(GET blob 0 status)
+      list(GET blob 1 path)
+      message(STATUS "Verifying blob \"${path}\"")
+
+      if(NOT "${status}" STREQUAL "A")
+        message(FATAL_ERROR "Blob for path \"${path}\" isn't valid. Update with: west blobs fetch")
+      endif()
+    endforeach()
+  endif()
+endfunction()