Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f64ec9f authored by Cole Faust's avatar Cole Faust Committed by Automerger Merge Worker
Browse files

Merge "Don't read through symlinks in fsverity_metadata_generator" into main am: bfe94d67 

Original change: https://android-review.googlesource.com/c/platform/build/+/3478832



Change-Id: I255bf47c64d99df8de0f0f9092e81f945122a94a
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents cee5e7ab bfe94d67

tools/releasetools/fsverity_metadata_generator.py

+17 −5
Original line number Original line Diff line number Diff line
@@ -104,16 +104,13 @@ class FSVerityMetadataGenerator: 
    out = subprocess.check_output(cmd, universal_newlines=True).strip()

    out = subprocess.check_output(cmd, universal_newlines=True).strip()

    return bytes(bytearray.fromhex(out))

    return bytes(bytearray.fromhex(out))





  def generate(self, input_file, output_file=None):

  def generate(self, input_file, output_file):

    if self._signature != 'none':

    if self._signature != 'none':

      if not self._key:

      if not self._key:

        raise RuntimeError("key must be specified.")

        raise RuntimeError("key must be specified.")

      if not self._cert:

      if not self._cert:

        raise RuntimeError("cert must be specified.")

        raise RuntimeError("cert must be specified.")





    if not output_file:

      output_file = input_file + '.fsv_meta'



    with TempDirectory() as temp_dir:

    with TempDirectory() as temp_dir:

      self._do_generate(input_file, output_file, temp_dir)

      self._do_generate(input_file, output_file, temp_dir)
@@ -229,6 +226,21 @@ if __name__ == '__main__': 
      required=True)

      required=True)

  args = p.parse_args(sys.argv[1:])

  args = p.parse_args(sys.argv[1:])





  output_file = args.output

  if not output_file:

    output_file = input_file + '.fsv_meta'



  if output_file != args.input + '.fsv_meta':

    sys.exit('When generating .fsv_meta files for symlinks, we assume that all fsv_meta files '

      'are named the same as the file they protect, just with the .fsv_meta suffix appended. '

      'We require that all .fsv_meta files follow this convention regardless of if it\'s a link or '

      'not. However {args.input} had a different output file: {args.output}')



  if os.path.islink(args.input):

    target = os.readlink(args.input) + '.fsv_meta'

    os.symlink(target, output_file)

    sys.exit(0)



  generator = FSVerityMetadataGenerator(args.fsverity_path)

  generator = FSVerityMetadataGenerator(args.fsverity_path)

  generator.set_signature(args.signature)

  generator.set_signature(args.signature)

  if args.signature == 'none':

  if args.signature == 'none':
@@ -241,4 +253,4 @@ if __name__ == '__main__': 
    generator.set_cert(args.cert)

    generator.set_cert(args.cert)

  generator.set_key_format(args.key_format)

  generator.set_key_format(args.key_format)

  generator.set_hash_alg(args.hash_alg)

  generator.set_hash_alg(args.hash_alg)

  generator.generate(args.input, args.output)
 
  generator.generate(args.input, output_file)