From 707569711b85cf0a92136a66aeddcc7cd940eb5e Mon Sep 17 00:00:00 2001 From: zhangyongpeng Date: Wed, 12 Apr 2023 15:31:33 +0800 Subject: [PATCH] Try with search_path for some avb path args MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If we can't find relative signing_helper path, try with the OPTIONS.search_path dir prefix, and integrate the avb_*_key_path for the same logic. Test: Build && releasetools_test Signed-off-by: zhangyongpeng Change-Id: Ifb1096ddea90693668f3344eb242bf9725113d11 --- tools/releasetools/common.py | 53 +++++++++++++++++++++--------- tools/releasetools/verity_utils.py | 6 +--- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 3904a781c5..068cbf4b02 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -1357,11 +1357,7 @@ def RunHostInitVerifier(product_out, partition_map): def AppendAVBSigningArgs(cmd, partition): """Append signing arguments for avbtool.""" # e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096" - key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path") - if key_path and not os.path.exists(key_path) and OPTIONS.search_path: - new_key_path = os.path.join(OPTIONS.search_path, key_path) - if os.path.exists(new_key_path): - key_path = new_key_path + key_path = ResolveAVBSigningPathArgs(OPTIONS.info_dict.get("avb_" + partition + "_key_path")) algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm") if key_path and algorithm: cmd.extend(["--key", key_path, "--algorithm", algorithm]) @@ -1371,6 +1367,32 @@ def AppendAVBSigningArgs(cmd, partition): cmd.extend(["--salt", avb_salt]) +def ResolveAVBSigningPathArgs(split_args): + + def ResolveBinaryPath(path): + if os.path.exists(path): + return path + new_path = os.path.join(OPTIONS.search_path, path) + if os.path.exists(new_path): + return new_path + raise ExternalError( + "Failed to find {}".format(new_path)) + + if not split_args: + return split_args + + if isinstance(split_args, list): + for index, arg in enumerate(split_args[:-1]): + if arg == '--signing_helper': + signing_helper_path = split_args[index + 1] + split_args[index + 1] = ResolveBinaryPath(signing_helper_path) + break + elif isinstance(split_args, str): + split_args = ResolveBinaryPath(split_args) + + return split_args + + def GetAvbPartitionArg(partition, image, info_dict=None): """Returns the VBMeta arguments for partition. @@ -1423,10 +1445,7 @@ def GetAvbChainedPartitionArg(partition, info_dict, key=None): """ if key is None: key = info_dict["avb_" + partition + "_key_path"] - if key and not os.path.exists(key) and OPTIONS.search_path: - new_key_path = os.path.join(OPTIONS.search_path, key) - if os.path.exists(new_key_path): - key = new_key_path + key = ResolveAVBSigningPathArgs(key) pubkey_path = ExtractAvbPublicKey(info_dict["avb_avbtool"], key) rollback_index_location = info_dict[ "avb_" + partition + "_rollback_index_location"] @@ -1442,10 +1461,7 @@ def _GenerateGkiCertificate(image, image_name): key_path = OPTIONS.info_dict.get("gki_signing_key_path") algorithm = OPTIONS.info_dict.get("gki_signing_algorithm") - if not os.path.exists(key_path) and OPTIONS.search_path: - new_key_path = os.path.join(OPTIONS.search_path, key_path) - if os.path.exists(new_key_path): - key_path = new_key_path + key_path = ResolveAVBSigningPathArgs(key_path) # Checks key_path exists, before processing --gki_signing_* args. if not os.path.exists(key_path): @@ -1541,6 +1557,8 @@ def BuildVBMeta(image_path, partitions, name, needed_partitions): found = True break assert found, 'Failed to find {}'.format(chained_image) + + split_args = ResolveAVBSigningPathArgs(split_args) cmd.extend(split_args) RunAndCheckOutput(cmd) @@ -1751,7 +1769,8 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, AppendAVBSigningArgs(cmd, partition_name) args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args") if args and args.strip(): - cmd.extend(shlex.split(args)) + split_args = ResolveAVBSigningPathArgs(shlex.split(args)) + cmd.extend(split_args) RunAndCheckOutput(cmd) img.seek(os.SEEK_SET, 0) @@ -1792,7 +1811,8 @@ def _SignBootableImage(image_path, prebuilt_name, partition_name, AppendAVBSigningArgs(cmd, partition_name) args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args") if args and args.strip(): - cmd.extend(shlex.split(args)) + split_args = ResolveAVBSigningPathArgs(shlex.split(args)) + cmd.extend(split_args) RunAndCheckOutput(cmd) @@ -1972,7 +1992,8 @@ def _BuildVendorBootImage(sourcedir, partition_name, info_dict=None): AppendAVBSigningArgs(cmd, partition_name) args = info_dict.get(f'avb_{partition_name}_add_hash_footer_args') if args and args.strip(): - cmd.extend(shlex.split(args)) + split_args = ResolveAVBSigningPathArgs(shlex.split(args)) + cmd.extend(split_args) RunAndCheckOutput(cmd) img.seek(os.SEEK_SET, 0) diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py index 755241d282..dddb7f4448 100644 --- a/tools/releasetools/verity_utils.py +++ b/tools/releasetools/verity_utils.py @@ -141,11 +141,7 @@ class VerifiedBootVersion2VerityImageBuilder(VerityImageBuilder): self.footer_type = footer_type self.avbtool = avbtool self.algorithm = algorithm - self.key_path = key_path - if key_path and not os.path.exists(key_path) and OPTIONS.search_path: - new_key_path = os.path.join(OPTIONS.search_path, key_path) - if os.path.exists(new_key_path): - self.key_path = new_key_path + self.key_path = common.ResolveAVBSigningPathArgs(key_path) self.salt = salt self.signing_args = signing_args