Merge "Update the argument when signing aftl"
This commit is contained in:
Tianjie Xu
Gerrit Code Review
@@ -932,8 +932,8 @@ def GetAvbChainedPartitionArg(partition, info_dict, key=None):
|
|||||||
return "{}:{}:{}".format(partition, rollback_index_location, pubkey_path)
|
return "{}:{}:{}".format(partition, rollback_index_location, pubkey_path)
|
||||||
|
|
||||||
|
|
||||||
def AddAftlInclusionProof(output_image):
|
def ConstructAftlMakeImageCommands(output_image):
|
||||||
"""Appends the aftl inclusion proof to the vbmeta image."""
|
"""Constructs the command to append the aftl image to vbmeta."""
|
||||||
|
|
||||||
# Ensure the other AFTL parameters are set as well.
|
# Ensure the other AFTL parameters are set as well.
|
||||||
assert OPTIONS.aftl_tool_path is not None, 'No aftl tool provided.'
|
assert OPTIONS.aftl_tool_path is not None, 'No aftl tool provided.'
|
||||||
@@ -946,17 +946,24 @@ def AddAftlInclusionProof(output_image):
|
|||||||
build_info = BuildInfo(OPTIONS.info_dict)
|
build_info = BuildInfo(OPTIONS.info_dict)
|
||||||
version_incremental = build_info.GetBuildProp("ro.build.version.incremental")
|
version_incremental = build_info.GetBuildProp("ro.build.version.incremental")
|
||||||
aftltool = OPTIONS.aftl_tool_path
|
aftltool = OPTIONS.aftl_tool_path
|
||||||
|
server_argument_list = [OPTIONS.aftl_server, OPTIONS.aftl_key_path]
|
||||||
aftl_cmd = [aftltool, "make_icp_from_vbmeta",
|
aftl_cmd = [aftltool, "make_icp_from_vbmeta",
|
||||||
"--vbmeta_image_path", vbmeta_image,
|
"--vbmeta_image_path", vbmeta_image,
|
||||||
"--output", output_image,
|
"--output", output_image,
|
||||||
"--version_incremental", version_incremental,
|
"--version_incremental", version_incremental,
|
||||||
"--transparency_log_servers", OPTIONS.aftl_server,
|
"--transparency_log_servers", ','.join(server_argument_list),
|
||||||
"--transparency_log_pub_keys", OPTIONS.aftl_key_path,
|
|
||||||
"--manufacturer_key", OPTIONS.aftl_manufacturer_key_path,
|
"--manufacturer_key", OPTIONS.aftl_manufacturer_key_path,
|
||||||
"--algorithm", "SHA256_RSA4096",
|
"--algorithm", "SHA256_RSA4096",
|
||||||
"--padding", "4096"]
|
"--padding", "4096"]
|
||||||
if OPTIONS.aftl_signer_helper:
|
if OPTIONS.aftl_signer_helper:
|
||||||
aftl_cmd.extend(shlex.split(OPTIONS.aftl_signer_helper))
|
aftl_cmd.extend(shlex.split(OPTIONS.aftl_signer_helper))
|
||||||
|
return aftl_cmd
|
||||||
|
|
||||||
|
|
||||||
|
def AddAftlInclusionProof(output_image):
|
||||||
|
"""Appends the aftl inclusion proof to the vbmeta image."""
|
||||||
|
|
||||||
|
aftl_cmd = ConstructAftlMakeImageCommands(output_image)
|
||||||
RunAndCheckOutput(aftl_cmd)
|
RunAndCheckOutput(aftl_cmd)
|
||||||
|
|
||||||
verify_cmd = ['aftltool', 'verify_image_icp', '--vbmeta_image_path',
|
verify_cmd = ['aftltool', 'verify_image_icp', '--vbmeta_image_path',
|
||||||
|
|||||||
@@ -19,6 +19,7 @@ import os
|
|||||||
import subprocess
|
import subprocess
|
||||||
import tempfile
|
import tempfile
|
||||||
import time
|
import time
|
||||||
|
import unittest
|
||||||
import zipfile
|
import zipfile
|
||||||
from hashlib import sha1
|
from hashlib import sha1
|
||||||
|
|
||||||
@@ -1431,8 +1432,45 @@ class CommonUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||||||
self.assertEqual('3', chained_partition_args[1])
|
self.assertEqual('3', chained_partition_args[1])
|
||||||
self.assertTrue(os.path.exists(chained_partition_args[2]))
|
self.assertTrue(os.path.exists(chained_partition_args[2]))
|
||||||
|
|
||||||
@test_utils.SkipIfExternalToolsUnavailable()
|
def test_BuildVBMeta_appendAftlCommandSyntax(self):
|
||||||
def test_BuildVBMeta_appendAftl(self):
|
testdata_dir = test_utils.get_testdata_dir()
|
||||||
|
common.OPTIONS.info_dict = {
|
||||||
|
'ab_update': 'true',
|
||||||
|
'avb_avbtool': 'avbtool',
|
||||||
|
'build.prop': {
|
||||||
|
'ro.build.version.incremental': '6285659',
|
||||||
|
'ro.product.device': 'coral',
|
||||||
|
'ro.build.fingerprint': 'google/coral/coral:R/RP1A.200311.002/'
|
||||||
|
'6285659:userdebug/dev-keys'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
common.OPTIONS.aftl_tool_path = 'aftltool'
|
||||||
|
common.OPTIONS.aftl_server = 'log.endpoints.aftl-dev.cloud.goog:9000'
|
||||||
|
common.OPTIONS.aftl_key_path = os.path.join(testdata_dir,
|
||||||
|
'test_transparency_key.pub')
|
||||||
|
common.OPTIONS.aftl_manufacturer_key_path = os.path.join(
|
||||||
|
testdata_dir, 'test_aftl_rsa4096.pem')
|
||||||
|
|
||||||
|
vbmeta_image = tempfile.NamedTemporaryFile(delete=False)
|
||||||
|
cmd = common.ConstructAftlMakeImageCommands(vbmeta_image.name)
|
||||||
|
expected_cmd = [
|
||||||
|
'aftltool', 'make_icp_from_vbmeta',
|
||||||
|
'--vbmeta_image_path', 'place_holder',
|
||||||
|
'--output', vbmeta_image.name,
|
||||||
|
'--version_incremental', '6285659',
|
||||||
|
'--transparency_log_servers',
|
||||||
|
'log.endpoints.aftl-dev.cloud.goog:9000,{}'.format(
|
||||||
|
common.OPTIONS.aftl_key_path),
|
||||||
|
'--manufacturer_key', common.OPTIONS.aftl_manufacturer_key_path,
|
||||||
|
'--algorithm', 'SHA256_RSA4096',
|
||||||
|
'--padding', '4096']
|
||||||
|
|
||||||
|
# ignore the place holder, i.e. path to a temp file
|
||||||
|
self.assertEqual(cmd[:3], expected_cmd[:3])
|
||||||
|
self.assertEqual(cmd[4:], expected_cmd[4:])
|
||||||
|
|
||||||
|
@unittest.skip("enable after we have a server for public")
|
||||||
|
def test_BuildVBMeta_appendAftlContactServer(self):
|
||||||
testdata_dir = test_utils.get_testdata_dir()
|
testdata_dir = test_utils.get_testdata_dir()
|
||||||
common.OPTIONS.info_dict = {
|
common.OPTIONS.info_dict = {
|
||||||
'ab_update': 'true',
|
'ab_update': 'true',
|
||||||
|
|||||||
Reference in New Issue
Block a user