forked from openkylin/platform_build
Allow custom boot_signer and verity_signer.
Bug: 21701163 Change-Id: I85e75fd3a166a9f6a7859ebf81dee73322dc2798
This commit is contained in:
parent
18985e7661
commit
601ddeae06
|
@ -25,9 +25,12 @@ import os.path
|
|||
import subprocess
|
||||
import sys
|
||||
import commands
|
||||
import common
|
||||
import shutil
|
||||
import tempfile
|
||||
|
||||
OPTIONS = common.OPTIONS
|
||||
|
||||
FIXED_SALT = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"
|
||||
|
||||
def RunCommand(cmd):
|
||||
|
@ -55,6 +58,7 @@ def GetVerityTreeSize(partition_size):
|
|||
def GetVerityMetadataSize(partition_size):
|
||||
cmd = "system/extras/verity/build_verity_metadata.py -s %d"
|
||||
cmd %= partition_size
|
||||
|
||||
status, output = commands.getstatusoutput(cmd)
|
||||
if status:
|
||||
print output
|
||||
|
@ -162,7 +166,11 @@ def MakeVerityEnabledImage(out_file, prop_dict):
|
|||
image_size = prop_dict["partition_size"]
|
||||
block_dev = prop_dict["verity_block_device"]
|
||||
signer_key = prop_dict["verity_key"] + ".pk8"
|
||||
signer_path = prop_dict["verity_signer_cmd"]
|
||||
if OPTIONS.verity_signer_path is not None:
|
||||
signer_path = OPTIONS.verity_signer_path + ' '
|
||||
signer_path += ' '.join(OPTIONS.verity_signer_args)
|
||||
else:
|
||||
signer_path = prop_dict["verity_signer_cmd"]
|
||||
|
||||
# make a tempdir
|
||||
tempdir_name = tempfile.mkdtemp(suffix="_verity_images")
|
||||
|
@ -240,6 +248,7 @@ def BuildImage(in_dir, prop_dict, out_file):
|
|||
# adjust the partition size to make room for the hashes if this is to be verified
|
||||
if verity_supported and is_verity_partition and fs_spans_partition:
|
||||
partition_size = int(prop_dict.get("partition_size"))
|
||||
|
||||
adjusted_size = AdjustPartitionSizeForVerity(partition_size)
|
||||
if not adjusted_size:
|
||||
return False
|
||||
|
|
|
@ -51,6 +51,9 @@ class Options(object):
|
|||
self.private_key_suffix = ".pk8"
|
||||
# use otatools built boot_signer by default
|
||||
self.boot_signer_path = "boot_signer"
|
||||
self.boot_signer_args = []
|
||||
self.verity_signer_path = None
|
||||
self.verity_signer_args = []
|
||||
self.verbose = False
|
||||
self.tempfiles = []
|
||||
self.device_specific = None
|
||||
|
@ -362,9 +365,11 @@ def BuildBootableImage(sourcedir, fs_config_file, info_dict=None):
|
|||
if (info_dict.get("boot_signer", None) == "true" and
|
||||
info_dict.get("verity_key", None)):
|
||||
path = "/" + os.path.basename(sourcedir).lower()
|
||||
cmd = [OPTIONS.boot_signer_path, path, img.name,
|
||||
info_dict["verity_key"] + ".pk8",
|
||||
info_dict["verity_key"] + ".x509.pem", img.name]
|
||||
cmd = [OPTIONS.boot_signer_path]
|
||||
cmd.extend(OPTIONS.boot_signer_args)
|
||||
cmd.extend([path, img.name,
|
||||
info_dict["verity_key"] + ".pk8",
|
||||
info_dict["verity_key"] + ".x509.pem", img.name])
|
||||
p = Run(cmd, stdout=subprocess.PIPE)
|
||||
p.communicate()
|
||||
assert p.returncode == 0, "boot_signer of %s image failed" % path
|
||||
|
@ -657,7 +662,8 @@ def ParseOptions(argv,
|
|||
argv, "hvp:s:x:" + extra_opts,
|
||||
["help", "verbose", "path=", "signapk_path=", "extra_signapk_args=",
|
||||
"java_path=", "java_args=", "public_key_suffix=",
|
||||
"private_key_suffix=", "boot_signer_path=", "device_specific=",
|
||||
"private_key_suffix=", "boot_signer_path=", "boot_signer_args=",
|
||||
"verity_signer_path=", "verity_signer_args=", "device_specific=",
|
||||
"extra="] +
|
||||
list(extra_long_opts))
|
||||
except getopt.GetoptError as err:
|
||||
|
@ -687,6 +693,12 @@ def ParseOptions(argv,
|
|||
OPTIONS.private_key_suffix = a
|
||||
elif o in ("--boot_signer_path",):
|
||||
OPTIONS.boot_signer_path = a
|
||||
elif o in ("--boot_signer_args",):
|
||||
OPTIONS.boot_signer_args = shlex.split(a)
|
||||
elif o in ("--verity_signer_path",):
|
||||
OPTIONS.verity_signer_path = a
|
||||
elif o in ("--verity_signer_args",):
|
||||
OPTIONS.verity_signer_args = shlex.split(a)
|
||||
elif o in ("-s", "--device_specific"):
|
||||
OPTIONS.device_specific = a
|
||||
elif o in ("-x", "--extra"):
|
||||
|
|
Loading…
Reference in New Issue