Add ability to pass in payload_signer args

Bug: 28701652 Change-Id: I110d5fc14446e4a6a0f8e25dcb0d300decdf09a4
2016-06-22 12:14:16 -07:00 · 2016-06-22 12:14:16 -07:00 · 2abbbd0333
parent fbe2eedb28
commit 2abbbd0333
1 changed files with 13 additions and 4 deletions
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@ -121,6 +121,9 @@ Usage:  ota_from_target_files [flags] input_target_files output_ota_package
      directly, a payload signer that knows how to do that should be specified.
      The signer will be supplied with "-inkey <path_to_key>",
      "-in <input_file>" and "-out <output_file>" parameters.
+
+  --payload_signer_args <args>
+      Specify the arguments needed for payload signer.
 """

 import sys
@ -132,6 +135,7 @@ if sys.hexversion < 0x02070000:
 import multiprocessing
 import os
 import subprocess
+import shlex
 import tempfile
 import zipfile

@ -169,6 +173,7 @@ OPTIONS.stash_threshold = 0.8
 OPTIONS.gen_verify = False
 OPTIONS.log_diff = None
 OPTIONS.payload_signer = None
+OPTIONS.payload_signer_args = []

 def MostPopularKey(d, default):
  """Given a dict, return the key corresponding to the largest
@ -1246,22 +1251,23 @@ def WriteABOTAPackageWithBrilloScript(target_file, output_file,
                                                 suffix=".bin")
  # 3a. Sign the payload hash.
  if OPTIONS.payload_signer is not None:
-    cmd = [OPTIONS.payload_signer,
-           "-inkey", OPTIONS.package_key + OPTIONS.private_key_suffix]
+    cmd = [OPTIONS.payload_signer]
+    cmd.extend(OPTIONS.payload_signer_args)
  else:
    cmd = ["openssl", "pkeyutl", "-sign",
           "-inkey", rsa_key,
           "-pkeyopt", "digest:sha256"]
  cmd.extend(["-in", payload_sig_file,
              "-out", signed_payload_sig_file])
+
  p1 = common.Run(cmd, stdout=subprocess.PIPE)
  p1.wait()
  assert p1.returncode == 0, "openssl sign payload failed"

  # 3b. Sign the metadata hash.
  if OPTIONS.payload_signer is not None:
-    cmd = [OPTIONS.payload_signer,
-           "-inkey", OPTIONS.package_key + OPTIONS.private_key_suffix]
+    cmd = [OPTIONS.payload_signer]
+    cmd.extend(OPTIONS.payload_signer_args)
  else:
    cmd = ["openssl", "pkeyutl", "-sign",
           "-inkey", rsa_key,
@ -1926,6 +1932,8 @@ def main(argv):
      OPTIONS.log_diff = a
    elif o == "--payload_signer":
      OPTIONS.payload_signer = a
+    elif o == "--payload_signer_args":
+      OPTIONS.payload_signer_args = shlex.split(a)
    else:
      return False
    return True
@ -1956,6 +1964,7 @@ def main(argv):
                                 "gen_verify",
                                 "log_diff=",
                                 "payload_signer=",
+                                 "payload_signer_args=",
                             ], extra_option_handler=option_handler)

  if len(args) != 2: