Merge "releasetools: Support verity signer args."
This commit is contained in:
		| @@ -41,9 +41,6 @@ Usage:  add_img_to_target_files [flag] target_files | ||||
|   --is_signing | ||||
|       Skip building & adding the images for "userdata" and "cache" if we | ||||
|       are signing the target files. | ||||
|  | ||||
|   --verity_signer_path | ||||
|       Specify the signer path to build verity metadata. | ||||
| """ | ||||
|  | ||||
| import sys | ||||
| @@ -71,7 +68,6 @@ OPTIONS.rebuild_recovery = False | ||||
| OPTIONS.replace_verity_public_key = False | ||||
| OPTIONS.replace_verity_private_key = False | ||||
| OPTIONS.is_signing = False | ||||
| OPTIONS.verity_signer_path = None | ||||
|  | ||||
| def AddSystem(output_zip, prefix="IMAGES/", recovery_img=None, boot_img=None): | ||||
|   """Turn the contents of SYSTEM into a system image and store it in | ||||
| @@ -452,8 +448,6 @@ def main(argv): | ||||
|       OPTIONS.replace_verity_public_key = (True, a) | ||||
|     elif o == "--is_signing": | ||||
|       OPTIONS.is_signing = True | ||||
|     elif o == "--verity_signer_path": | ||||
|       OPTIONS.verity_signer_path = a | ||||
|     else: | ||||
|       return False | ||||
|     return True | ||||
| @@ -463,8 +457,7 @@ def main(argv): | ||||
|       extra_long_opts=["add_missing", "rebuild_recovery", | ||||
|                        "replace_verity_public_key=", | ||||
|                        "replace_verity_private_key=", | ||||
|                        "is_signing", | ||||
|                        "verity_signer_path="], | ||||
|                        "is_signing"], | ||||
|       extra_option_handler=option_handler) | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -69,7 +69,7 @@ def GetVerityTreeSize(partition_size): | ||||
|   return True, int(output) | ||||
|  | ||||
| def GetVerityMetadataSize(partition_size): | ||||
|   cmd = "system/extras/verity/build_verity_metadata.py -s %d" | ||||
|   cmd = "system/extras/verity/build_verity_metadata.py size %d" | ||||
|   cmd %= partition_size | ||||
|  | ||||
|   status, output = commands.getstatusoutput(cmd) | ||||
| @@ -214,11 +214,14 @@ def BuildVerityTree(sparse_image_path, verity_image_path, prop_dict): | ||||
|   return True | ||||
|  | ||||
| def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, | ||||
|                         block_device, signer_path, key): | ||||
|                         block_device, signer_path, key, signer_args): | ||||
|   cmd_template = ( | ||||
|       "system/extras/verity/build_verity_metadata.py %s %s %s %s %s %s %s") | ||||
|       "system/extras/verity/build_verity_metadata.py build " + | ||||
|       "%s %s %s %s %s %s %s") | ||||
|   cmd = cmd_template % (image_size, verity_metadata_path, root_hash, salt, | ||||
|                         block_device, signer_path, key) | ||||
|   if signer_args: | ||||
|     cmd += " --signer_args=\"%s\"" % (' '.join(signer_args),) | ||||
|   print cmd | ||||
|   status, output = commands.getstatusoutput(cmd) | ||||
|   if status: | ||||
| @@ -305,10 +308,10 @@ def MakeVerityEnabledImage(out_file, fec_supported, prop_dict): | ||||
|   block_dev = prop_dict["verity_block_device"] | ||||
|   signer_key = prop_dict["verity_key"] + ".pk8" | ||||
|   if OPTIONS.verity_signer_path is not None: | ||||
|     signer_path = OPTIONS.verity_signer_path + ' ' | ||||
|     signer_path += ' '.join(OPTIONS.verity_signer_args) | ||||
|     signer_path = OPTIONS.verity_signer_path | ||||
|   else: | ||||
|     signer_path = prop_dict["verity_signer_cmd"] | ||||
|   signer_args = OPTIONS.verity_signer_args | ||||
|  | ||||
|   # make a tempdir | ||||
|   tempdir_name = tempfile.mkdtemp(suffix="_verity_images") | ||||
| @@ -327,7 +330,7 @@ def MakeVerityEnabledImage(out_file, fec_supported, prop_dict): | ||||
|   root_hash = prop_dict["verity_root_hash"] | ||||
|   salt = prop_dict["verity_salt"] | ||||
|   if not BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, | ||||
|                              block_dev, signer_path, signer_key): | ||||
|                              block_dev, signer_path, signer_key, signer_args): | ||||
|     shutil.rmtree(tempdir_name, ignore_errors=True) | ||||
|     return False | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user