diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 1f9a3cadb..c96e61658 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -597,7 +597,7 @@ def ReplaceVerityKeyId(input_zip, output_zip, key_path): # Extract keyid using openssl command. p = common.Run(["openssl", "x509", "-in", key_path, "-text"], - stdout=subprocess.PIPE) + stdout=subprocess.PIPE, stderr=subprocess.PIPE) keyid, stderr = p.communicate() assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr) keyid = re.search( diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py index 726d6b9bb..0cab80195 100644 --- a/tools/releasetools/test_sign_target_files_apks.py +++ b/tools/releasetools/test_sign_target_files_apks.py @@ -16,18 +16,19 @@ from __future__ import print_function -import tempfile +import os.path import unittest import zipfile import common +import test_utils from sign_target_files_apks import EditTags, ReplaceVerityKeyId, RewriteProps class SignTargetFilesApksTest(unittest.TestCase): def setUp(self): - self.tempdir = common.MakeTempDir() + self.testdata_dir = test_utils.get_testdata_dir() def tearDown(self): common.Cleanup() @@ -88,94 +89,31 @@ class SignTargetFilesApksTest(unittest.TestCase): "androidboot.hardware=marlin user_debug=31 ehci-hcd.park=3 " "lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff loop.max_part=7 " "buildvariant=userdebug " - "veritykeyid=id:485900563d272c46ae118605a47419ac09ca8c11\n") + "veritykeyid=id:d24f2590e9abab5cff5f59da4c4f0366e3f43e94\n") - # From build/target/product/security/verity.x509.pem. - VERITY_CERTIFICATE1 = """-----BEGIN CERTIFICATE----- -MIID/TCCAuWgAwIBAgIJAJcPmDkJqolJMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g -VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE -AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0xNDExMDYxOTA3NDBaFw00MjAzMjQxOTA3NDBaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G -A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAOjreE0vTVSRenuzO9vnaWfk0eQzYab0gqpi -6xAzi6dmD+ugoEKJmbPiuE5Dwf21isZ9uhUUu0dQM46dK4ocKxMRrcnmGxydFn6o -fs3ODJMXOkv2gKXL/FdbEPdDbxzdu8z3yk+W67udM/fW7WbaQ3DO0knu+izKak/3 -T41c5uoXmQ81UNtAzRGzGchNVXMmWuTGOkg6U+0I2Td7K8yvUMWhAWPPpKLtVH9r -AL5TzjYNR92izdKcz3AjRsI3CTjtpiVABGeX0TcjRSuZB7K9EK56HV+OFNS6I1NP -jdD7FIShyGlqqZdUOkAUZYanbpgeT5N7QL6uuqcGpoTOkalu6kkCAwEAAaNQME4w -HQYDVR0OBBYEFH5DM/m7oArf4O3peeKO0ZIEkrQPMB8GA1UdIwQYMBaAFH5DM/m7 -oArf4O3peeKO0ZIEkrQPMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB -AHO3NSvDE5jFvMehGGtS8BnFYdFKRIglDMc4niWSzhzOVYRH4WajxdtBWc5fx0ix -NF/+hVKVhP6AIOQa+++sk+HIi7RvioPPbhjcsVlZe7cUEGrLSSveGouQyc+j0+m6 -JF84kszIl5GGNMTnx0XRPO+g8t6h5LWfnVydgZfpGRRg+WHewk1U2HlvTjIceb0N -dcoJ8WKJAFWdcuE7VIm4w+vF/DYX/A2Oyzr2+QRhmYSv1cusgAeC1tvH4ap+J1Lg -UnOu5Kh/FqPLLSwNVQp4Bu7b9QFfqK8Moj84bj88NqRGZgDyqzuTrFxn6FW7dmyA -yttuAJAEAymk1mipd9+zp38= ------END CERTIFICATE----- -""" - - # From build/target/product/security/testkey.x509.pem. - VERITY_CERTIFICATE2 = """-----BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE -AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G -A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI -hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM -qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4 -wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy -4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU -RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s -zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw -HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ -AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE -CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH -QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG -CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa -J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y -LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe -+ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX -31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr -sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0= ------END CERTIFICATE----- -""" - - input_file = tempfile.NamedTemporaryFile( - delete=False, suffix='.zip', dir=self.tempdir) - with zipfile.ZipFile(input_file.name, 'w') as input_zip: + input_file = common.MakeTempFile(suffix='.zip') + with zipfile.ZipFile(input_file, 'w') as input_zip: input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE1) # Test with the first certificate. - cert_file = tempfile.NamedTemporaryFile( - delete=False, suffix='.x509.pem', dir=self.tempdir) - cert_file.write(VERITY_CERTIFICATE1) - cert_file.close() + cert_file = os.path.join(self.testdata_dir, 'verity.x509.pem') - output_file = tempfile.NamedTemporaryFile( - delete=False, suffix='.zip', dir=self.tempdir) - with zipfile.ZipFile(input_file.name, 'r') as input_zip, \ - zipfile.ZipFile(output_file.name, 'w') as output_zip: - ReplaceVerityKeyId(input_zip, output_zip, cert_file.name) + output_file = common.MakeTempFile(suffix='.zip') + with zipfile.ZipFile(input_file, 'r') as input_zip, \ + zipfile.ZipFile(output_file, 'w') as output_zip: + ReplaceVerityKeyId(input_zip, output_zip, cert_file) - with zipfile.ZipFile(output_file.name) as output_zip: + with zipfile.ZipFile(output_file) as output_zip: self.assertEqual(BOOT_CMDLINE1, output_zip.read('BOOT/cmdline')) # Test with the second certificate. - with open(cert_file.name, 'w') as cert_file_fp: - cert_file_fp.write(VERITY_CERTIFICATE2) + cert_file = os.path.join(self.testdata_dir, 'testkey.x509.pem') - with zipfile.ZipFile(input_file.name, 'r') as input_zip, \ - zipfile.ZipFile(output_file.name, 'w') as output_zip: - ReplaceVerityKeyId(input_zip, output_zip, cert_file.name) + with zipfile.ZipFile(input_file, 'r') as input_zip, \ + zipfile.ZipFile(output_file, 'w') as output_zip: + ReplaceVerityKeyId(input_zip, output_zip, cert_file) - with zipfile.ZipFile(output_file.name) as output_zip: + with zipfile.ZipFile(output_file) as output_zip: self.assertEqual(BOOT_CMDLINE2, output_zip.read('BOOT/cmdline')) def test_ReplaceVerityKeyId_no_veritykeyid(self): @@ -184,16 +122,14 @@ sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0= "lpm_levels.sleep_disabled=1 msm_poweroff.download_mode=0 " "loop.max_part=7\n") - input_file = tempfile.NamedTemporaryFile( - delete=False, suffix='.zip', dir=self.tempdir) - with zipfile.ZipFile(input_file.name, 'w') as input_zip: + input_file = common.MakeTempFile(suffix='.zip') + with zipfile.ZipFile(input_file, 'w') as input_zip: input_zip.writestr('BOOT/cmdline', BOOT_CMDLINE) - output_file = tempfile.NamedTemporaryFile( - delete=False, suffix='.zip', dir=self.tempdir) - with zipfile.ZipFile(input_file.name, 'r') as input_zip, \ - zipfile.ZipFile(output_file.name, 'w') as output_zip: + output_file = common.MakeTempFile(suffix='.zip') + with zipfile.ZipFile(input_file, 'r') as input_zip, \ + zipfile.ZipFile(output_file, 'w') as output_zip: ReplaceVerityKeyId(input_zip, output_zip, None) - with zipfile.ZipFile(output_file.name) as output_zip: + with zipfile.ZipFile(output_file) as output_zip: self.assertEqual(BOOT_CMDLINE, output_zip.read('BOOT/cmdline')) diff --git a/tools/releasetools/testdata/verity.x509.pem b/tools/releasetools/testdata/verity.x509.pem new file mode 100644 index 000000000..86399c3c1 --- /dev/null +++ b/tools/releasetools/testdata/verity.x509.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAJcPmDkJqolJMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g +VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE +AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xNDExMDYxOTA3NDBaFw00MjAzMjQxOTA3NDBaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAOjreE0vTVSRenuzO9vnaWfk0eQzYab0gqpi +6xAzi6dmD+ugoEKJmbPiuE5Dwf21isZ9uhUUu0dQM46dK4ocKxMRrcnmGxydFn6o +fs3ODJMXOkv2gKXL/FdbEPdDbxzdu8z3yk+W67udM/fW7WbaQ3DO0knu+izKak/3 +T41c5uoXmQ81UNtAzRGzGchNVXMmWuTGOkg6U+0I2Td7K8yvUMWhAWPPpKLtVH9r +AL5TzjYNR92izdKcz3AjRsI3CTjtpiVABGeX0TcjRSuZB7K9EK56HV+OFNS6I1NP +jdD7FIShyGlqqZdUOkAUZYanbpgeT5N7QL6uuqcGpoTOkalu6kkCAwEAAaNQME4w +HQYDVR0OBBYEFH5DM/m7oArf4O3peeKO0ZIEkrQPMB8GA1UdIwQYMBaAFH5DM/m7 +oArf4O3peeKO0ZIEkrQPMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AHO3NSvDE5jFvMehGGtS8BnFYdFKRIglDMc4niWSzhzOVYRH4WajxdtBWc5fx0ix +NF/+hVKVhP6AIOQa+++sk+HIi7RvioPPbhjcsVlZe7cUEGrLSSveGouQyc+j0+m6 +JF84kszIl5GGNMTnx0XRPO+g8t6h5LWfnVydgZfpGRRg+WHewk1U2HlvTjIceb0N +dcoJ8WKJAFWdcuE7VIm4w+vF/DYX/A2Oyzr2+QRhmYSv1cusgAeC1tvH4ap+J1Lg +UnOu5Kh/FqPLLSwNVQp4Bu7b9QFfqK8Moj84bj88NqRGZgDyqzuTrFxn6FW7dmyA +yttuAJAEAymk1mipd9+zp38= +-----END CERTIFICATE-----