Merge changes I6f61a908,Iafd22881 am: 32961d0203 am: 7cc500615e am: eef47a47e4
Original change: https://android-review.googlesource.com/c/platform/build/+/1922320 Change-Id: I7d0d46ced899af76fd3843a6eaa47e6de804eb96
This commit is contained in:
Inseob Kim
Automerger Merge Worker
@@ -553,6 +553,19 @@ python_binary_host {
|
|||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
python_binary_host {
|
||||||
|
name: "fsverity_metadata_generator",
|
||||||
|
srcs: [
|
||||||
|
"fsverity_metadata_generator.py",
|
||||||
|
],
|
||||||
|
libs: [
|
||||||
|
"fsverity_digests_proto_python",
|
||||||
|
],
|
||||||
|
required: [
|
||||||
|
"fsverity",
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Tests.
|
// Tests.
|
||||||
//
|
//
|
||||||
|
|||||||
@@ -55,6 +55,9 @@ class FSVerityMetadataGenerator:
|
|||||||
self.set_hash_alg("sha256")
|
self.set_hash_alg("sha256")
|
||||||
self.set_signature('none')
|
self.set_signature('none')
|
||||||
|
|
||||||
|
def set_key_format(self, key_format):
|
||||||
|
self._key_format = key_format
|
||||||
|
|
||||||
def set_key(self, key):
|
def set_key(self, key):
|
||||||
self._key = key
|
self._key = key
|
||||||
|
|
||||||
@@ -130,14 +133,17 @@ class FSVerityMetadataGenerator:
|
|||||||
cmd.append(input_file)
|
cmd.append(input_file)
|
||||||
cmd.append(sig_file)
|
cmd.append(sig_file)
|
||||||
|
|
||||||
# convert DER private key to PEM
|
# If key is DER, convert DER private key to PEM
|
||||||
pem_key = os.path.join(work_dir, 'key.pem')
|
if self._key_format == 'der':
|
||||||
key_cmd = ['openssl', 'pkcs8']
|
pem_key = os.path.join(work_dir, 'key.pem')
|
||||||
key_cmd.extend(['-inform', 'DER'])
|
key_cmd = ['openssl', 'pkcs8']
|
||||||
key_cmd.extend(['-in', self._key])
|
key_cmd.extend(['-inform', 'DER'])
|
||||||
key_cmd.extend(['-nocrypt'])
|
key_cmd.extend(['-in', self._key])
|
||||||
key_cmd.extend(['-out', pem_key])
|
key_cmd.extend(['-nocrypt'])
|
||||||
subprocess.check_call(key_cmd)
|
key_cmd.extend(['-out', pem_key])
|
||||||
|
subprocess.check_call(key_cmd)
|
||||||
|
else:
|
||||||
|
pem_key = self._key
|
||||||
|
|
||||||
cmd.extend(['--key', pem_key])
|
cmd.extend(['--key', pem_key])
|
||||||
cmd.extend(['--cert', self._cert])
|
cmd.extend(['--cert', self._cert])
|
||||||
@@ -195,9 +201,14 @@ if __name__ == '__main__':
|
|||||||
p.add_argument(
|
p.add_argument(
|
||||||
'input',
|
'input',
|
||||||
help='input file to be signed')
|
help='input file to be signed')
|
||||||
|
p.add_argument(
|
||||||
|
'--key-format',
|
||||||
|
choices=['pem', 'der'],
|
||||||
|
default='der',
|
||||||
|
help='format of the input key. Default is der')
|
||||||
p.add_argument(
|
p.add_argument(
|
||||||
'--key',
|
'--key',
|
||||||
help='PKCS#8 private key file in DER format')
|
help='PKCS#8 private key file')
|
||||||
p.add_argument(
|
p.add_argument(
|
||||||
'--cert',
|
'--cert',
|
||||||
help='x509 certificate file in PEM format')
|
help='x509 certificate file in PEM format')
|
||||||
@@ -227,5 +238,6 @@ if __name__ == '__main__':
|
|||||||
raise ValueError("To generate signature, key and cert must be set")
|
raise ValueError("To generate signature, key and cert must be set")
|
||||||
generator.set_key(args.key)
|
generator.set_key(args.key)
|
||||||
generator.set_cert(args.cert)
|
generator.set_cert(args.cert)
|
||||||
|
generator.set_key_format(args.key_format)
|
||||||
generator.set_hash_alg(args.hash_alg)
|
generator.set_hash_alg(args.hash_alg)
|
||||||
generator.generate(args.input, args.output)
|
generator.generate(args.input, args.output)
|
||||||
|
|||||||
Reference in New Issue
Block a user