Merge "Allow more relaxed artifact path req enforcement"
diff --git a/core/Makefile b/core/Makefile
index 517410a..2df67e9 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -3045,33 +3045,42 @@
# -----------------------------------------------------------------
# host tools needed to build dist and OTA packages
-build_ota_package := true
-ifeq ($(TARGET_SKIP_OTA_PACKAGE),true)
-build_ota_package := false
-endif
ifeq ($(BUILD_OS),darwin)
-build_ota_package := false
-endif
-ifneq ($(strip $(SANITIZE_TARGET)),)
-build_ota_package := false
-endif
-ifeq ($(TARGET_PRODUCT),sdk)
-build_ota_package := false
-endif
-ifneq ($(filter generic%,$(TARGET_DEVICE)),)
-build_ota_package := false
-endif
-ifeq ($(TARGET_NO_KERNEL),true)
-build_ota_package := false
-endif
-ifeq ($(recovery_fstab),)
-build_ota_package := false
-endif
-ifeq ($(TARGET_BUILD_PDK),true)
-build_ota_package := false
+ build_ota_package := false
+ build_otatools_package := false
+else
+ # set build_ota_package, and allow opt-out below
+ build_ota_package := true
+ ifeq ($(TARGET_SKIP_OTA_PACKAGE),true)
+ build_ota_package := false
+ endif
+ ifneq ($(strip $(SANITIZE_TARGET)),)
+ build_ota_package := false
+ endif
+ ifeq ($(TARGET_PRODUCT),sdk)
+ build_ota_package := false
+ endif
+ ifneq ($(filter generic%,$(TARGET_DEVICE)),)
+ build_ota_package := false
+ endif
+ ifeq ($(TARGET_NO_KERNEL),true)
+ build_ota_package := false
+ endif
+ ifeq ($(recovery_fstab),)
+ build_ota_package := false
+ endif
+ ifeq ($(TARGET_BUILD_PDK),true)
+ build_ota_package := false
+ endif
+
+ # set build_otatools_package, and allow opt-out below
+ build_otatools_package := true
+ ifeq ($(TARGET_SKIP_OTATOOLS_PACKAGE),true)
+ build_otatools_package := false
+ endif
endif
-ifeq ($(build_ota_package),true)
+ifeq ($(build_otatools_package),true)
OTATOOLS := $(HOST_OUT_EXECUTABLES)/minigzip \
$(HOST_OUT_EXECUTABLES)/aapt \
$(HOST_OUT_EXECUTABLES)/checkvintf \
@@ -3160,13 +3169,23 @@
OTATOOLS_DEPS := \
system/extras/ext4_utils/mke2fs.conf \
- $(sort $(shell find external/avb/test/data -type f -name "testkey_*.pem" -o \
- -name "atx_metadata.bin")) \
- $(sort $(shell find system/update_engine/scripts -name "*.pyc" -prune -o -type f -print)) \
$(sort $(shell find build/target/product/security -type f -name "*.x509.pem" -o -name "*.pk8" -o \
- -name verity_key)) \
+ -name verity_key))
+
+ifneq (,$(wildcard device))
+OTATOOLS_DEPS += \
$(sort $(shell find device $(wildcard vendor) -type f -name "*.pk8" -o -name "verifiedboot*" -o \
-name "*.x509.pem" -o -name "oem*.prop"))
+endif
+ifneq (,$(wildcard external/avb))
+OTATOOLS_DEPS += \
+ $(sort $(shell find external/avb/test/data -type f -name "testkey_*.pem" -o \
+ -name "atx_metadata.bin"))
+endif
+ifneq (,$(wildcard system/update_engine))
+OTATOOLS_DEPS += \
+ $(sort $(shell find system/update_engine/scripts -name "*.pyc" -prune -o -type f -print))
+endif
OTATOOLS_RELEASETOOLS := \
$(sort $(shell find build/make/tools/releasetools -name "*.pyc" -prune -o -type f))
@@ -3189,7 +3208,7 @@
.PHONY: otatools-package
otatools-package: $(BUILT_OTATOOLS_PACKAGE)
-endif # build_ota_package
+endif # build_otatools_package
# -----------------------------------------------------------------
# A zip of the directories that map to the target filesystem.
diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk
index 3ce64f9..ffb6021 100644
--- a/core/combo/TARGET_linux-arm.mk
+++ b/core/combo/TARGET_linux-arm.mk
@@ -33,7 +33,7 @@
TARGET_$(combo_2nd_arch_prefix)CPU_VARIANT := generic
endif
-KNOWN_ARMv8_CORES := cortex-a53 cortex-a53.a57 cortex-a55 cortex-a73 cortex-a75
+KNOWN_ARMv8_CORES := cortex-a53 cortex-a53.a57 cortex-a55 cortex-a73 cortex-a75 cortex-a76
KNOWN_ARMv8_CORES += kryo denver64 exynos-m1 exynos-m2
# Many devices (incorrectly) use armv7-a-neon as the 2nd architecture variant
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index e58f676..be1b124 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -212,10 +212,6 @@
my_sanitize := $(filter-out scudo,$(my_sanitize))
endif
-ifneq ($(filter scudo,$(my_sanitize)),)
- my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_RUNTIME_LIBRARY)
-endif
-
# Undefined symbols can occur if a non-sanitized library links
# sanitized static libraries. That's OK, because the executable
# always depends on the ASan runtime library, which defines these
@@ -375,7 +371,7 @@
endif
endif
ifneq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize)),)
- ifeq ($(filter unsigned-integer-overflow signed-integer overflow integer,$(my_sanitize_diag)),)
+ ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer,$(my_sanitize_diag)),)
ifeq ($(filter cfi,$(my_sanitize_diag)),)
ifeq ($(filter address hwaddress,$(my_sanitize)),)
my_cflags += -fsanitize-minimal-runtime
@@ -387,6 +383,18 @@
endif
endif
+# For Scudo, we opt for the minimal runtime, unless some diagnostics are enabled.
+ifneq ($(filter scudo,$(my_sanitize)),)
+ ifeq ($(filter unsigned-integer-overflow signed-integer-overflow integer cfi,$(my_sanitize_diag)),)
+ my_cflags += -fsanitize-minimal-runtime
+ endif
+ ifneq ($(filter -fsanitize-minimal-runtime,$(my_cflags)),)
+ my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_MINIMAL_RUNTIME_LIBRARY)
+ else
+ my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)SCUDO_RUNTIME_LIBRARY)
+ endif
+endif
+
ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
my_cflags += -fsanitize-recover=$(recover_arg)
diff --git a/core/dex_preopt_libart_boot.mk b/core/dex_preopt_libart_boot.mk
index a56fd5e..14955f0 100644
--- a/core/dex_preopt_libart_boot.mk
+++ b/core/dex_preopt_libart_boot.mk
@@ -108,7 +108,7 @@
--instruction-set-variant=$($(PRIVATE_2ND_ARCH_VAR_PREFIX)DEX2OAT_TARGET_CPU_VARIANT) \
--instruction-set-features=$($(PRIVATE_2ND_ARCH_VAR_PREFIX)DEX2OAT_TARGET_INSTRUCTION_SET_FEATURES) \
--android-root=$(PRODUCT_OUT)/system \
- --multi-image --no-inline-from=core-oj.jar \
+ --no-inline-from=core-oj.jar \
--abort-on-hard-verifier-error \
--abort-on-soft-verifier-error \
$(PRODUCT_DEX_PREOPT_BOOT_FLAGS) $(GLOBAL_DEXPREOPT_FLAGS) $(ART_BOOT_IMAGE_EXTRA_ARGS) \
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 42f05a7..43c91da 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -29,18 +29,14 @@
import os
import os.path
import re
-import shlex
import shutil
import sys
import common
-import sparse_img
-
+import verity_utils
OPTIONS = common.OPTIONS
-
-FIXED_SALT = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"
-BLOCK_SIZE = 4096
+BLOCK_SIZE = common.BLOCK_SIZE
BYTES_IN_MB = 1024 * 1024
@@ -51,34 +47,6 @@
Exception.__init__(self, message)
-def GetVerityFECSize(partition_size):
- cmd = ["fec", "-s", str(partition_size)]
- output = common.RunAndCheckOutput(cmd, verbose=False)
- return int(output)
-
-
-def GetVerityTreeSize(partition_size):
- cmd = ["build_verity_tree", "-s", str(partition_size)]
- output = common.RunAndCheckOutput(cmd, verbose=False)
- return int(output)
-
-
-def GetVerityMetadataSize(partition_size):
- cmd = ["build_verity_metadata.py", "size", str(partition_size)]
- output = common.RunAndCheckOutput(cmd, verbose=False)
- return int(output)
-
-
-def GetVeritySize(partition_size, fec_supported):
- verity_tree_size = GetVerityTreeSize(partition_size)
- verity_metadata_size = GetVerityMetadataSize(partition_size)
- verity_size = verity_tree_size + verity_metadata_size
- if fec_supported:
- fec_size = GetVerityFECSize(partition_size + verity_size)
- return verity_size + fec_size
- return verity_size
-
-
def GetDiskUsage(path):
"""Returns the number of bytes that "path" occupies on host.
@@ -102,258 +70,6 @@
return int(output.split()[0]) * 512
-def GetSimgSize(image_file):
- simg = sparse_img.SparseImage(image_file, build_map=False)
- return simg.blocksize * simg.total_blocks
-
-
-def ZeroPadSimg(image_file, pad_size):
- blocks = pad_size // BLOCK_SIZE
- print("Padding %d blocks (%d bytes)" % (blocks, pad_size))
- simg = sparse_img.SparseImage(image_file, mode="r+b", build_map=False)
- simg.AppendFillChunk(0, blocks)
-
-
-def AVBCalcMaxImageSize(avbtool, footer_type, partition_size, additional_args):
- """Calculates max image size for a given partition size.
-
- Args:
- avbtool: String with path to avbtool.
- footer_type: 'hash' or 'hashtree' for generating footer.
- partition_size: The size of the partition in question.
- additional_args: Additional arguments to pass to "avbtool add_hash_footer"
- or "avbtool add_hashtree_footer".
-
- Returns:
- The maximum image size.
-
- Raises:
- BuildImageError: On invalid image size.
- """
- cmd = [avbtool, "add_%s_footer" % footer_type,
- "--partition_size", str(partition_size), "--calc_max_image_size"]
- cmd.extend(shlex.split(additional_args))
-
- output = common.RunAndCheckOutput(cmd)
- image_size = int(output)
- if image_size <= 0:
- raise BuildImageError(
- "Invalid max image size: {}".format(output))
- return image_size
-
-
-def AVBCalcMinPartitionSize(image_size, size_calculator):
- """Calculates min partition size for a given image size.
-
- Args:
- image_size: The size of the image in question.
- size_calculator: The function to calculate max image size
- for a given partition size.
-
- Returns:
- The minimum partition size required to accommodate the image size.
- """
- # Use image size as partition size to approximate final partition size.
- image_ratio = size_calculator(image_size) / float(image_size)
-
- # Prepare a binary search for the optimal partition size.
- lo = int(image_size / image_ratio) // BLOCK_SIZE * BLOCK_SIZE - BLOCK_SIZE
-
- # Ensure lo is small enough: max_image_size should <= image_size.
- delta = BLOCK_SIZE
- max_image_size = size_calculator(lo)
- while max_image_size > image_size:
- image_ratio = max_image_size / float(lo)
- lo = int(image_size / image_ratio) // BLOCK_SIZE * BLOCK_SIZE - delta
- delta *= 2
- max_image_size = size_calculator(lo)
-
- hi = lo + BLOCK_SIZE
-
- # Ensure hi is large enough: max_image_size should >= image_size.
- delta = BLOCK_SIZE
- max_image_size = size_calculator(hi)
- while max_image_size < image_size:
- image_ratio = max_image_size / float(hi)
- hi = int(image_size / image_ratio) // BLOCK_SIZE * BLOCK_SIZE + delta
- delta *= 2
- max_image_size = size_calculator(hi)
-
- partition_size = hi
-
- # Start to binary search.
- while lo < hi:
- mid = ((lo + hi) // (2 * BLOCK_SIZE)) * BLOCK_SIZE
- max_image_size = size_calculator(mid)
- if max_image_size >= image_size: # if mid can accommodate image_size
- if mid < partition_size: # if a smaller partition size is found
- partition_size = mid
- hi = mid
- else:
- lo = mid + BLOCK_SIZE
-
- if OPTIONS.verbose:
- print("AVBCalcMinPartitionSize({}): partition_size: {}.".format(
- image_size, partition_size))
-
- return partition_size
-
-
-def AVBAddFooter(image_path, avbtool, footer_type, partition_size,
- partition_name, key_path, algorithm, salt,
- additional_args):
- """Adds dm-verity hashtree and AVB metadata to an image.
-
- Args:
- image_path: Path to image to modify.
- avbtool: String with path to avbtool.
- footer_type: 'hash' or 'hashtree' for generating footer.
- partition_size: The size of the partition in question.
- partition_name: The name of the partition - will be embedded in metadata.
- key_path: Path to key to use or None.
- algorithm: Name of algorithm to use or None.
- salt: The salt to use (a hexadecimal string) or None.
- additional_args: Additional arguments to pass to "avbtool add_hash_footer"
- or "avbtool add_hashtree_footer".
- """
- cmd = [avbtool, "add_%s_footer" % footer_type,
- "--partition_size", partition_size,
- "--partition_name", partition_name,
- "--image", image_path]
-
- if key_path and algorithm:
- cmd.extend(["--key", key_path, "--algorithm", algorithm])
- if salt:
- cmd.extend(["--salt", salt])
-
- cmd.extend(shlex.split(additional_args))
-
- common.RunAndCheckOutput(cmd)
-
-
-def AdjustPartitionSizeForVerity(partition_size, fec_supported):
- """Modifies the provided partition size to account for the verity metadata.
-
- This information is used to size the created image appropriately.
-
- Args:
- partition_size: the size of the partition to be verified.
-
- Returns:
- A tuple of the size of the partition adjusted for verity metadata, and
- the size of verity metadata.
- """
- key = "%d %d" % (partition_size, fec_supported)
- if key in AdjustPartitionSizeForVerity.results:
- return AdjustPartitionSizeForVerity.results[key]
-
- hi = partition_size
- if hi % BLOCK_SIZE != 0:
- hi = (hi // BLOCK_SIZE) * BLOCK_SIZE
-
- # verity tree and fec sizes depend on the partition size, which
- # means this estimate is always going to be unnecessarily small
- verity_size = GetVeritySize(hi, fec_supported)
- lo = partition_size - verity_size
- result = lo
-
- # do a binary search for the optimal size
- while lo < hi:
- i = ((lo + hi) // (2 * BLOCK_SIZE)) * BLOCK_SIZE
- v = GetVeritySize(i, fec_supported)
- if i + v <= partition_size:
- if result < i:
- result = i
- verity_size = v
- lo = i + BLOCK_SIZE
- else:
- hi = i
-
- if OPTIONS.verbose:
- print("Adjusted partition size for verity, partition_size: {},"
- " verity_size: {}".format(result, verity_size))
- AdjustPartitionSizeForVerity.results[key] = (result, verity_size)
- return (result, verity_size)
-
-
-AdjustPartitionSizeForVerity.results = {}
-
-
-def BuildVerityFEC(sparse_image_path, verity_path, verity_fec_path,
- padding_size):
- cmd = ["fec", "-e", "-p", str(padding_size), sparse_image_path,
- verity_path, verity_fec_path]
- common.RunAndCheckOutput(cmd)
-
-
-def BuildVerityTree(sparse_image_path, verity_image_path):
- cmd = ["build_verity_tree", "-A", FIXED_SALT, sparse_image_path,
- verity_image_path]
- output = common.RunAndCheckOutput(cmd)
- root, salt = output.split()
- return root, salt
-
-
-def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
- block_device, signer_path, key, signer_args,
- verity_disable):
- cmd = ["build_verity_metadata.py", "build", str(image_size),
- verity_metadata_path, root_hash, salt, block_device, signer_path, key]
- if signer_args:
- cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),))
- if verity_disable:
- cmd.append("--verity_disable")
- common.RunAndCheckOutput(cmd)
-
-
-def Append2Simg(sparse_image_path, unsparse_image_path, error_message):
- """Appends the unsparse image to the given sparse image.
-
- Args:
- sparse_image_path: the path to the (sparse) image
- unsparse_image_path: the path to the (unsparse) image
-
- Raises:
- BuildImageError: On error.
- """
- cmd = ["append2simg", sparse_image_path, unsparse_image_path]
- try:
- common.RunAndCheckOutput(cmd)
- except:
- raise BuildImageError(error_message)
-
-
-def Append(target, file_to_append, error_message):
- """Appends file_to_append to target.
-
- Raises:
- BuildImageError: On error.
- """
- try:
- with open(target, "a") as out_file, open(file_to_append, "r") as input_file:
- for line in input_file:
- out_file.write(line)
- except IOError:
- raise BuildImageError(error_message)
-
-
-def BuildVerifiedImage(data_image_path, verity_image_path,
- verity_metadata_path, verity_fec_path,
- padding_size, fec_supported):
- Append(
- verity_image_path, verity_metadata_path,
- "Could not append verity metadata!")
-
- if fec_supported:
- # Build FEC for the entire partition, including metadata.
- BuildVerityFEC(
- data_image_path, verity_image_path, verity_fec_path, padding_size)
- Append(verity_image_path, verity_fec_path, "Could not append FEC!")
-
- Append2Simg(
- data_image_path, verity_image_path, "Could not append verity data!")
-
-
def UnsparseImage(sparse_image_path, replace=True):
img_dir = os.path.dirname(sparse_image_path)
unsparse_image_path = "unsparse_" + os.path.basename(sparse_image_path)
@@ -372,56 +88,6 @@
return unsparse_image_path
-def MakeVerityEnabledImage(out_file, fec_supported, prop_dict):
- """Creates an image that is verifiable using dm-verity.
-
- Args:
- out_file: the location to write the verifiable image at
- prop_dict: a dictionary of properties required for image creation and
- verification
-
- Raises:
- AssertionError: On invalid partition sizes.
- BuildImageError: On other errors.
- """
- # get properties
- image_size = int(prop_dict["image_size"])
- block_dev = prop_dict["verity_block_device"]
- signer_key = prop_dict["verity_key"] + ".pk8"
- if OPTIONS.verity_signer_path is not None:
- signer_path = OPTIONS.verity_signer_path
- else:
- signer_path = prop_dict["verity_signer_cmd"]
- signer_args = OPTIONS.verity_signer_args
-
- tempdir_name = common.MakeTempDir(suffix="_verity_images")
-
- # Get partial image paths.
- verity_image_path = os.path.join(tempdir_name, "verity.img")
- verity_metadata_path = os.path.join(tempdir_name, "verity_metadata.img")
- verity_fec_path = os.path.join(tempdir_name, "verity_fec.img")
-
- # Build the verity tree and get the root hash and salt.
- root_hash, salt = BuildVerityTree(out_file, verity_image_path)
-
- # Build the metadata blocks.
- verity_disable = "verity_disable" in prop_dict
- BuildVerityMetadata(
- image_size, verity_metadata_path, root_hash, salt, block_dev, signer_path,
- signer_key, signer_args, verity_disable)
-
- # Build the full verified image.
- partition_size = int(prop_dict["partition_size"])
- verity_size = int(prop_dict["verity_size"])
-
- padding_size = partition_size - image_size - verity_size
- assert padding_size >= 0
-
- BuildVerifiedImage(
- out_file, verity_image_path, verity_metadata_path, verity_fec_path,
- padding_size, fec_supported)
-
-
def ConvertBlockMapToBaseFs(block_map_file):
base_fs_file = common.MakeTempFile(prefix="script_gen_", suffix=".base_fs")
convert_command = ["blk_alloc_to_base_fs", block_map_file, base_fs_file]
@@ -570,9 +236,9 @@
# Adjust partition_size to add more space for AVB footer, to prevent
# it from consuming partition_reserved_size.
if avb_footer_type:
- size = AVBCalcMinPartitionSize(
+ size = verity_utils.AVBCalcMinPartitionSize(
size,
- lambda x: AVBCalcMaxImageSize(
+ lambda x: verity_utils.AVBCalcMaxImageSize(
avbtool, avb_footer_type, x, avb_signing_args))
prop_dict["partition_size"] = str(size)
if OPTIONS.verbose:
@@ -583,7 +249,7 @@
# Adjust the image size to make room for the hashes if this is to be verified.
if verity_supported and is_verity_partition:
partition_size = int(prop_dict.get("partition_size"))
- image_size, verity_size = AdjustPartitionSizeForVerity(
+ image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity(
partition_size, verity_fec_supported)
prop_dict["image_size"] = str(image_size)
prop_dict["verity_size"] = str(verity_size)
@@ -592,7 +258,7 @@
if avb_footer_type:
partition_size = prop_dict["partition_size"]
# avb_add_hash_footer_args or avb_add_hashtree_footer_args.
- max_image_size = AVBCalcMaxImageSize(
+ max_image_size = verity_utils.AVBCalcMaxImageSize(
avbtool, avb_footer_type, partition_size, avb_signing_args)
prop_dict["image_size"] = str(max_image_size)
@@ -709,17 +375,18 @@
if not fs_spans_partition:
mount_point = prop_dict.get("mount_point")
image_size = int(prop_dict["image_size"])
- sparse_image_size = GetSimgSize(out_file)
+ sparse_image_size = verity_utils.GetSimgSize(out_file)
if sparse_image_size > image_size:
raise BuildImageError(
"Error: {} image size of {} is larger than partition size of "
"{}".format(mount_point, sparse_image_size, image_size))
if verity_supported and is_verity_partition:
- ZeroPadSimg(out_file, image_size - sparse_image_size)
+ verity_utils.ZeroPadSimg(out_file, image_size - sparse_image_size)
# Create the verified image if this is to be verified.
if verity_supported and is_verity_partition:
- MakeVerityEnabledImage(out_file, verity_fec_supported, prop_dict)
+ verity_utils.MakeVerityEnabledImage(
+ out_file, verity_fec_supported, prop_dict)
# Add AVB HASH or HASHTREE footer (metadata).
if avb_footer_type:
@@ -729,7 +396,7 @@
key_path = prop_dict.get("avb_key_path")
algorithm = prop_dict.get("avb_algorithm")
salt = prop_dict.get("avb_salt")
- AVBAddFooter(
+ verity_utils.AVBAddFooter(
out_file, avbtool, avb_footer_type, partition_size, partition_name,
key_path, algorithm, salt, avb_signing_args)
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index d1bfc8f..7cca766 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -73,6 +73,9 @@
OPTIONS = Options()
+# The block size that's used across the releasetools scripts.
+BLOCK_SIZE = 4096
+
# Values for "certificate" in apkcerts that mean special things.
SPECIAL_CERT_STRINGS = ("PRESIGNED", "EXTERNAL")
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 7ea53f8..daf959f 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -169,7 +169,6 @@
import shlex
import shutil
import struct
-import subprocess
import sys
import tempfile
import zipfile
@@ -393,11 +392,7 @@
cmd.extend(["-passin", "pass:" + pw] if pw else ["-nocrypt"])
signing_key = common.MakeTempFile(prefix="key-", suffix=".key")
cmd.extend(["-out", signing_key])
-
- get_signing_key = common.Run(cmd, verbose=False)
- stdoutdata, _ = get_signing_key.communicate()
- assert get_signing_key.returncode == 0, \
- "Failed to get signing key: {}".format(stdoutdata)
+ common.RunAndCheckOutput(cmd, verbose=False)
self.signer = "openssl"
self.signer_args = ["pkeyutl", "-sign", "-inkey", signing_key,
@@ -410,10 +405,7 @@
"""Signs the given input file. Returns the output filename."""
out_file = common.MakeTempFile(prefix="signed-", suffix=".bin")
cmd = [self.signer] + self.signer_args + ['-in', in_file, '-out', out_file]
- signing = common.Run(cmd)
- stdoutdata, _ = signing.communicate()
- assert signing.returncode == 0, \
- "Failed to sign the input file: {}".format(stdoutdata)
+ common.RunAndCheckOutput(cmd)
return out_file
@@ -431,8 +423,6 @@
Args:
secondary: Whether it's generating a secondary payload (default: False).
"""
- # The place where the output from the subprocess should go.
- self._log_file = sys.stdout if OPTIONS.verbose else subprocess.PIPE
self.payload_file = None
self.payload_properties = None
self.secondary = secondary
@@ -457,10 +447,7 @@
if source_file is not None:
cmd.extend(["--source_image", source_file])
cmd.extend(additional_args)
- p = common.Run(cmd, stdout=self._log_file, stderr=subprocess.STDOUT)
- stdoutdata, _ = p.communicate()
- assert p.returncode == 0, \
- "brillo_update_payload generate failed: {}".format(stdoutdata)
+ common.RunAndCheckOutput(cmd)
self.payload_file = payload_file
self.payload_properties = None
@@ -484,9 +471,7 @@
"--signature_size", "256",
"--metadata_hash_file", metadata_sig_file,
"--payload_hash_file", payload_sig_file]
- p1 = common.Run(cmd, stdout=self._log_file, stderr=subprocess.STDOUT)
- p1.communicate()
- assert p1.returncode == 0, "brillo_update_payload hash failed"
+ common.RunAndCheckOutput(cmd)
# 2. Sign the hashes.
signed_payload_sig_file = payload_signer.Sign(payload_sig_file)
@@ -501,9 +486,7 @@
"--signature_size", "256",
"--metadata_signature_file", signed_metadata_sig_file,
"--payload_signature_file", signed_payload_sig_file]
- p1 = common.Run(cmd, stdout=self._log_file, stderr=subprocess.STDOUT)
- p1.communicate()
- assert p1.returncode == 0, "brillo_update_payload sign failed"
+ common.RunAndCheckOutput(cmd)
# 4. Dump the signed payload properties.
properties_file = common.MakeTempFile(prefix="payload-properties-",
@@ -511,9 +494,7 @@
cmd = ["brillo_update_payload", "properties",
"--payload", signed_payload_file,
"--properties_file", properties_file]
- p1 = common.Run(cmd, stdout=self._log_file, stderr=subprocess.STDOUT)
- p1.communicate()
- assert p1.returncode == 0, "brillo_update_payload properties failed"
+ common.RunAndCheckOutput(cmd)
if self.secondary:
with open(properties_file, "a") as f:
diff --git a/tools/releasetools/test_add_img_to_target_files.py b/tools/releasetools/test_add_img_to_target_files.py
index cc7b887..ad22b72 100644
--- a/tools/releasetools/test_add_img_to_target_files.py
+++ b/tools/releasetools/test_add_img_to_target_files.py
@@ -16,7 +16,6 @@
import os
import os.path
-import unittest
import zipfile
import common
@@ -30,14 +29,11 @@
OPTIONS = common.OPTIONS
-class AddImagesToTargetFilesTest(unittest.TestCase):
+class AddImagesToTargetFilesTest(test_utils.ReleaseToolsTestCase):
def setUp(self):
OPTIONS.input_tmp = common.MakeTempDir()
- def tearDown(self):
- common.Cleanup()
-
def _verifyCareMap(self, expected, file_name):
"""Parses the care_map.pb; and checks the content in plain text."""
text_file = common.MakeTempFile(prefix="caremap-", suffix=".txt")
diff --git a/tools/releasetools/test_blockimgdiff.py b/tools/releasetools/test_blockimgdiff.py
index 124b4d5..857026e 100644
--- a/tools/releasetools/test_blockimgdiff.py
+++ b/tools/releasetools/test_blockimgdiff.py
@@ -14,17 +14,14 @@
# limitations under the License.
#
-from __future__ import print_function
-
-import unittest
-
import common
-from blockimgdiff import (BlockImageDiff, EmptyImage, HeapItem, ImgdiffStats,
- Transfer)
+from blockimgdiff import (
+ BlockImageDiff, EmptyImage, HeapItem, ImgdiffStats, Transfer)
from rangelib import RangeSet
+from test_utils import ReleaseToolsTestCase
-class HealpItemTest(unittest.TestCase):
+class HealpItemTest(ReleaseToolsTestCase):
class Item(object):
def __init__(self, score):
@@ -54,7 +51,7 @@
self.assertFalse(item)
-class BlockImageDiffTest(unittest.TestCase):
+class BlockImageDiffTest(ReleaseToolsTestCase):
def test_GenerateDigraphOrder(self):
"""Make sure GenerateDigraph preserves the order.
@@ -245,7 +242,7 @@
block_image_diff.imgdiff_stats.stats)
-class ImgdiffStatsTest(unittest.TestCase):
+class ImgdiffStatsTest(ReleaseToolsTestCase):
def test_Log(self):
imgdiff_stats = ImgdiffStats()
diff --git a/tools/releasetools/test_build_image.py b/tools/releasetools/test_build_image.py
index a2df278..634c6b1 100644
--- a/tools/releasetools/test_build_image.py
+++ b/tools/releasetools/test_build_image.py
@@ -15,33 +15,20 @@
#
import filecmp
-import math
import os.path
-import random
-import unittest
import common
from build_image import (
- AVBCalcMinPartitionSize, BLOCK_SIZE, BuildImageError, CheckHeadroom,
- SetUpInDirAndFsConfig)
+ BuildImageError, CheckHeadroom, SetUpInDirAndFsConfig)
+from test_utils import ReleaseToolsTestCase
-class BuildImageTest(unittest.TestCase):
+class BuildImageTest(ReleaseToolsTestCase):
# Available: 1000 blocks.
EXT4FS_OUTPUT = (
"Created filesystem with 2777/129024 inodes and 515099/516099 blocks")
- def setUp(self):
- # To test AVBCalcMinPartitionSize(), by using 200MB to 2GB image size.
- # - 51200 = 200MB * 1024 * 1024 / 4096
- # - 524288 = 2GB * 1024 * 1024 * 1024 / 4096
- self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset
- for offset in range(BLOCK_SIZE)]
-
- def tearDown(self):
- common.Cleanup()
-
def test_CheckHeadroom_SizeUnderLimit(self):
# Required headroom: 1000 blocks.
prop_dict = {
@@ -189,51 +176,3 @@
self.assertIn('fs-config-system\n', fs_config_data)
self.assertIn('fs-config-root\n', fs_config_data)
self.assertEqual('/', prop_dict['mount_point'])
-
- def test_AVBCalcMinPartitionSize_LinearFooterSize(self):
- """Tests with footer size which is linear to partition size."""
- for image_size in self._image_sizes:
- for ratio in 0.95, 0.56, 0.22:
- expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio)))
- self.assertEqual(
- expected_size,
- AVBCalcMinPartitionSize(image_size, lambda x: int(x * ratio)))
-
- def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self):
- """Tests with footer size which grows slower than partition size."""
-
- def _SizeCalculator(partition_size):
- """Footer size is the power of 0.95 of partition size."""
- # Minus footer size to return max image size.
- return partition_size - int(math.pow(partition_size, 0.95))
-
- for image_size in self._image_sizes:
- min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator)
- # Checks min_partition_size can accommodate image_size.
- self.assertGreaterEqual(
- _SizeCalculator(min_partition_size),
- image_size)
- # Checks min_partition_size (round to BLOCK_SIZE) is the minimum.
- self.assertLess(
- _SizeCalculator(min_partition_size - BLOCK_SIZE),
- image_size)
-
- def test_AVBCalcMinPartitionSize_FasterGrowthFooterSize(self):
- """Tests with footer size which grows faster than partition size."""
-
- def _SizeCalculator(partition_size):
- """Max image size is the power of 0.95 of partition size."""
- # Max image size grows less than partition size, which means
- # footer size grows faster than partition size.
- return int(math.pow(partition_size, 0.95))
-
- for image_size in self._image_sizes:
- min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator)
- # Checks min_partition_size can accommodate image_size.
- self.assertGreaterEqual(
- _SizeCalculator(min_partition_size),
- image_size)
- # Checks min_partition_size (round to BLOCK_SIZE) is the minimum.
- self.assertLess(
- _SizeCalculator(min_partition_size - BLOCK_SIZE),
- image_size)
diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py
index ec86eb2..c99049a 100644
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -19,7 +19,6 @@
import subprocess
import tempfile
import time
-import unittest
import zipfile
from hashlib import sha1
@@ -44,7 +43,8 @@
yield '\0' * (step_size - block_size)
-class CommonZipTest(unittest.TestCase):
+class CommonZipTest(test_utils.ReleaseToolsTestCase):
+
def _verify(self, zip_file, zip_file_name, arcname, expected_hash,
test_file_name=None, expected_stat=None, expected_mode=0o644,
expected_compress_type=zipfile.ZIP_STORED):
@@ -359,7 +359,7 @@
os.remove(zip_file.name)
-class CommonApkUtilsTest(unittest.TestCase):
+class CommonApkUtilsTest(test_utils.ReleaseToolsTestCase):
"""Tests the APK utils related functions."""
APKCERTS_TXT1 = (
@@ -407,9 +407,6 @@
def setUp(self):
self.testdata_dir = test_utils.get_testdata_dir()
- def tearDown(self):
- common.Cleanup()
-
@staticmethod
def _write_apkcerts_txt(apkcerts_txt, additional=None):
if additional is None:
@@ -523,14 +520,11 @@
{})
-class CommonUtilsTest(unittest.TestCase):
+class CommonUtilsTest(test_utils.ReleaseToolsTestCase):
def setUp(self):
self.testdata_dir = test_utils.get_testdata_dir()
- def tearDown(self):
- common.Cleanup()
-
def test_GetSparseImage_emptyBlockMapFile(self):
target_files = common.MakeTempFile(prefix='target_files-', suffix='.zip')
with zipfile.ZipFile(target_files, 'w') as target_files_zip:
@@ -935,7 +929,7 @@
AssertionError, common.LoadInfoDict, target_files_zip, True)
-class InstallRecoveryScriptFormatTest(unittest.TestCase):
+class InstallRecoveryScriptFormatTest(test_utils.ReleaseToolsTestCase):
"""Checks the format of install-recovery.sh.
Its format should match between common.py and validate_target_files.py.
@@ -994,6 +988,3 @@
recovery_image, boot_image, self._info)
validate_target_files.ValidateInstallRecoveryScript(self._tempdir,
self._info)
-
- def tearDown(self):
- common.Cleanup()
diff --git a/tools/releasetools/test_ota_from_target_files.py b/tools/releasetools/test_ota_from_target_files.py
index 29e0d83..44703db 100644
--- a/tools/releasetools/test_ota_from_target_files.py
+++ b/tools/releasetools/test_ota_from_target_files.py
@@ -17,7 +17,6 @@
import copy
import os
import os.path
-import unittest
import zipfile
import common
@@ -104,7 +103,7 @@
self.script.append(('AssertSomeThumbprint',) + args)
-class BuildInfoTest(unittest.TestCase):
+class BuildInfoTest(test_utils.ReleaseToolsTestCase):
TEST_INFO_DICT = {
'build.prop' : {
@@ -352,10 +351,7 @@
script_writer.script)
-class LoadOemDictsTest(unittest.TestCase):
-
- def tearDown(self):
- common.Cleanup()
+class LoadOemDictsTest(test_utils.ReleaseToolsTestCase):
def test_NoneDict(self):
self.assertIsNone(_LoadOemDicts(None))
@@ -388,7 +384,7 @@
self.assertEqual('{}'.format(i), oem_dict['ro.build.index'])
-class OtaFromTargetFilesTest(unittest.TestCase):
+class OtaFromTargetFilesTest(test_utils.ReleaseToolsTestCase):
TEST_TARGET_INFO_DICT = {
'build.prop' : {
@@ -430,9 +426,6 @@
common.OPTIONS.search_path = test_utils.get_search_path()
self.assertIsNotNone(common.OPTIONS.search_path)
- def tearDown(self):
- common.Cleanup()
-
def test_GetPackageMetadata_abOta_full(self):
target_info_dict = copy.deepcopy(self.TEST_TARGET_INFO_DICT)
target_info_dict['ab_update'] = 'true'
@@ -720,14 +713,11 @@
)
-class PropertyFilesTest(unittest.TestCase):
+class PropertyFilesTest(test_utils.ReleaseToolsTestCase):
def setUp(self):
common.OPTIONS.no_signing = False
- def tearDown(self):
- common.Cleanup()
-
@staticmethod
def construct_zip_package(entries):
zip_file = common.MakeTempFile(suffix='.zip')
@@ -1151,7 +1141,7 @@
property_files.Verify(zip_fp, raw_metadata)
-class PayloadSignerTest(unittest.TestCase):
+class PayloadSignerTest(test_utils.ReleaseToolsTestCase):
SIGFILE = 'sigfile.bin'
SIGNED_SIGFILE = 'signed-sigfile.bin'
@@ -1167,9 +1157,6 @@
common.OPTIONS.package_key : None,
}
- def tearDown(self):
- common.Cleanup()
-
def _assertFilesEqual(self, file1, file2):
with open(file1, 'rb') as fp1, open(file2, 'rb') as fp2:
self.assertEqual(fp1.read(), fp2.read())
@@ -1230,7 +1217,7 @@
self._assertFilesEqual(verify_file, signed_file)
-class PayloadTest(unittest.TestCase):
+class PayloadTest(test_utils.ReleaseToolsTestCase):
def setUp(self):
self.testdata_dir = test_utils.get_testdata_dir()
@@ -1244,9 +1231,6 @@
common.OPTIONS.package_key : None,
}
- def tearDown(self):
- common.Cleanup()
-
@staticmethod
def _create_payload_full(secondary=False):
target_file = construct_target_files(secondary)
@@ -1284,7 +1268,7 @@
target_file = construct_target_files()
common.ZipDelete(target_file, 'IMAGES/vendor.img')
payload = Payload()
- self.assertRaises(AssertionError, payload.Generate, target_file)
+ self.assertRaises(common.ExternalError, payload.Generate, target_file)
def test_Sign_full(self):
payload = self._create_payload_full()
@@ -1332,7 +1316,7 @@
payload = self._create_payload_full()
payload_signer = PayloadSigner()
payload_signer.signer_args.append('bad-option')
- self.assertRaises(AssertionError, payload.Sign, payload_signer)
+ self.assertRaises(common.ExternalError, payload.Sign, payload_signer)
def test_WriteToZip(self):
payload = self._create_payload_full()
diff --git a/tools/releasetools/test_rangelib.py b/tools/releasetools/test_rangelib.py
index e181187..1251e11 100644
--- a/tools/releasetools/test_rangelib.py
+++ b/tools/releasetools/test_rangelib.py
@@ -14,11 +14,11 @@
# limitations under the License.
#
-import unittest
-
from rangelib import RangeSet
+from test_utils import ReleaseToolsTestCase
-class RangeSetTest(unittest.TestCase):
+
+class RangeSetTest(ReleaseToolsTestCase):
def test_union(self):
self.assertEqual(RangeSet("10-19 30-34").union(RangeSet("18-29")),
@@ -129,8 +129,8 @@
self.assertEqual(
RangeSet.parse_raw(RangeSet("0-9").to_string_raw()),
RangeSet("0-9"))
- self.assertEqual(RangeSet.parse_raw(
- RangeSet("2-10 12").to_string_raw()),
+ self.assertEqual(
+ RangeSet.parse_raw(RangeSet("2-10 12").to_string_raw()),
RangeSet("2-10 12"))
self.assertEqual(
RangeSet.parse_raw(RangeSet("11 2-10 12 1 0").to_string_raw()),
diff --git a/tools/releasetools/test_sign_target_files_apks.py b/tools/releasetools/test_sign_target_files_apks.py
index ac1b567..18762ee 100644
--- a/tools/releasetools/test_sign_target_files_apks.py
+++ b/tools/releasetools/test_sign_target_files_apks.py
@@ -14,11 +14,8 @@
# limitations under the License.
#
-from __future__ import print_function
-
import base64
import os.path
-import unittest
import zipfile
import common
@@ -28,7 +25,7 @@
ReplaceVerityKeyId, RewriteProps)
-class SignTargetFilesApksTest(unittest.TestCase):
+class SignTargetFilesApksTest(test_utils.ReleaseToolsTestCase):
MAC_PERMISSIONS_XML = """<?xml version="1.0" encoding="iso-8859-1"?>
<policy>
@@ -39,9 +36,6 @@
def setUp(self):
self.testdata_dir = test_utils.get_testdata_dir()
- def tearDown(self):
- common.Cleanup()
-
def test_EditTags(self):
self.assertEqual(EditTags('dev-keys'), ('release-keys'))
self.assertEqual(EditTags('test-keys'), ('release-keys'))
diff --git a/tools/releasetools/test_utils.py b/tools/releasetools/test_utils.py
index a15ff5b..b9c8dc7 100644
--- a/tools/releasetools/test_utils.py
+++ b/tools/releasetools/test_utils.py
@@ -21,6 +21,7 @@
import os
import os.path
import struct
+import unittest
import common
@@ -110,3 +111,10 @@
fp.write(os.urandom(data_size))
return sparse_image
+
+
+class ReleaseToolsTestCase(unittest.TestCase):
+ """A common base class for all the releasetools unittests."""
+
+ def tearDown(self):
+ common.Cleanup()
diff --git a/tools/releasetools/test_validate_target_files.py b/tools/releasetools/test_validate_target_files.py
index ecb7fde..d778d11 100644
--- a/tools/releasetools/test_validate_target_files.py
+++ b/tools/releasetools/test_validate_target_files.py
@@ -16,27 +16,21 @@
"""Unittests for validate_target_files.py."""
-from __future__ import print_function
-
import os
import os.path
import shutil
-import unittest
-import build_image
import common
import test_utils
+import verity_utils
from validate_target_files import ValidateVerifiedBootImages
-class ValidateTargetFilesTest(unittest.TestCase):
+class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase):
def setUp(self):
self.testdata_dir = test_utils.get_testdata_dir()
- def tearDown(self):
- common.Cleanup()
-
def _generate_boot_image(self, output_file):
kernel = common.MakeTempFile(prefix='kernel-')
with open(kernel, 'wb') as kernel_fp:
@@ -115,7 +109,7 @@
def _generate_system_image(self, output_file):
verity_fec = True
partition_size = 1024 * 1024
- image_size, verity_size = build_image.AdjustPartitionSizeForVerity(
+ image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity(
partition_size, verity_fec)
# Use an empty root directory.
@@ -138,7 +132,7 @@
'verity_signer_cmd' : 'verity_signer',
'verity_size' : str(verity_size),
}
- build_image.MakeVerityEnabledImage(output_file, verity_fec, prop_dict)
+ verity_utils.MakeVerityEnabledImage(output_file, verity_fec, prop_dict)
def test_ValidateVerifiedBootImages_systemImage(self):
input_tmp = common.MakeTempDir()
diff --git a/tools/releasetools/test_verity_utils.py b/tools/releasetools/test_verity_utils.py
index f318b02..0988d8e 100644
--- a/tools/releasetools/test_verity_utils.py
+++ b/tools/releasetools/test_verity_utils.py
@@ -16,25 +16,24 @@
"""Unittests for verity_utils.py."""
-from __future__ import print_function
-
+import math
import os.path
-import unittest
+import random
-import build_image
import common
import sparse_img
-import test_utils
from rangelib import RangeSet
+from test_utils import get_testdata_dir, ReleaseToolsTestCase
from verity_utils import (
- CreateHashtreeInfoGenerator, HashtreeInfo,
+ AdjustPartitionSizeForVerity, AVBCalcMinPartitionSize, BLOCK_SIZE,
+ CreateHashtreeInfoGenerator, HashtreeInfo, MakeVerityEnabledImage,
VerifiedBootVersion1HashtreeInfoGenerator)
-class VerifiedBootVersion1HashtreeInfoGeneratorTest(unittest.TestCase):
+class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase):
def setUp(self):
- self.testdata_dir = test_utils.get_testdata_dir()
+ self.testdata_dir = get_testdata_dir()
self.partition_size = 1024 * 1024
self.prop_dict = {
@@ -50,9 +49,6 @@
self.expected_root_hash = \
"0b7c4565e87b1026e11fbab91c0bc29e185c847a5b44d40e6e86e461e8adf80d"
- def tearDown(self):
- common.Cleanup()
-
def _create_simg(self, raw_data):
output_file = common.MakeTempFile()
raw_image = common.MakeTempFile()
@@ -68,7 +64,7 @@
def _generate_image(self):
partition_size = 1024 * 1024
- adjusted_size, verity_size = build_image.AdjustPartitionSizeForVerity(
+ adjusted_size, verity_size = AdjustPartitionSizeForVerity(
partition_size, True)
raw_image = ""
@@ -86,7 +82,7 @@
'verity_signer_cmd': 'verity_signer',
'verity_size': str(verity_size),
}
- build_image.MakeVerityEnabledImage(output_file, True, prop_dict)
+ MakeVerityEnabledImage(output_file, True, prop_dict)
return output_file
@@ -165,3 +161,62 @@
self.assertEqual(self.hash_algorithm, info.hash_algorithm)
self.assertEqual(self.fixed_salt, info.salt)
self.assertEqual(self.expected_root_hash, info.root_hash)
+
+
+class VerityUtilsTest(ReleaseToolsTestCase):
+
+ def setUp(self):
+ # To test AVBCalcMinPartitionSize(), by using 200MB to 2GB image size.
+ # - 51200 = 200MB * 1024 * 1024 / 4096
+ # - 524288 = 2GB * 1024 * 1024 * 1024 / 4096
+ self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset
+ for offset in range(BLOCK_SIZE)]
+
+ def test_AVBCalcMinPartitionSize_LinearFooterSize(self):
+ """Tests with footer size which is linear to partition size."""
+ for image_size in self._image_sizes:
+ for ratio in 0.95, 0.56, 0.22:
+ expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio)))
+ self.assertEqual(
+ expected_size,
+ AVBCalcMinPartitionSize(
+ image_size, lambda x, ratio=ratio: int(x * ratio)))
+
+ def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self):
+ """Tests with footer size which grows slower than partition size."""
+
+ def _SizeCalculator(partition_size):
+ """Footer size is the power of 0.95 of partition size."""
+ # Minus footer size to return max image size.
+ return partition_size - int(math.pow(partition_size, 0.95))
+
+ for image_size in self._image_sizes:
+ min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator)
+ # Checks min_partition_size can accommodate image_size.
+ self.assertGreaterEqual(
+ _SizeCalculator(min_partition_size),
+ image_size)
+ # Checks min_partition_size (round to BLOCK_SIZE) is the minimum.
+ self.assertLess(
+ _SizeCalculator(min_partition_size - BLOCK_SIZE),
+ image_size)
+
+ def test_AVBCalcMinPartitionSize_FasterGrowthFooterSize(self):
+ """Tests with footer size which grows faster than partition size."""
+
+ def _SizeCalculator(partition_size):
+ """Max image size is the power of 0.95 of partition size."""
+ # Max image size grows less than partition size, which means
+ # footer size grows faster than partition size.
+ return int(math.pow(partition_size, 0.95))
+
+ for image_size in self._image_sizes:
+ min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator)
+ # Checks min_partition_size can accommodate image_size.
+ self.assertGreaterEqual(
+ _SizeCalculator(min_partition_size),
+ image_size)
+ # Checks min_partition_size (round to BLOCK_SIZE) is the minimum.
+ self.assertLess(
+ _SizeCalculator(min_partition_size - BLOCK_SIZE),
+ image_size)
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index c512ef3..626a1dd 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -16,13 +16,354 @@
from __future__ import print_function
+import os.path
+import shlex
import struct
import common
-from build_image import (AdjustPartitionSizeForVerity, GetVerityTreeSize,
- GetVerityMetadataSize, BuildVerityTree)
+import sparse_img
from rangelib import RangeSet
+OPTIONS = common.OPTIONS
+BLOCK_SIZE = common.BLOCK_SIZE
+FIXED_SALT = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7"
+
+
+class BuildVerityImageError(Exception):
+ """An Exception raised during verity image building."""
+
+ def __init__(self, message):
+ Exception.__init__(self, message)
+
+
+def GetVerityFECSize(partition_size):
+ cmd = ["fec", "-s", str(partition_size)]
+ output = common.RunAndCheckOutput(cmd, verbose=False)
+ return int(output)
+
+
+def GetVerityTreeSize(partition_size):
+ cmd = ["build_verity_tree", "-s", str(partition_size)]
+ output = common.RunAndCheckOutput(cmd, verbose=False)
+ return int(output)
+
+
+def GetVerityMetadataSize(partition_size):
+ cmd = ["build_verity_metadata.py", "size", str(partition_size)]
+ output = common.RunAndCheckOutput(cmd, verbose=False)
+ return int(output)
+
+
+def GetVeritySize(partition_size, fec_supported):
+ verity_tree_size = GetVerityTreeSize(partition_size)
+ verity_metadata_size = GetVerityMetadataSize(partition_size)
+ verity_size = verity_tree_size + verity_metadata_size
+ if fec_supported:
+ fec_size = GetVerityFECSize(partition_size + verity_size)
+ return verity_size + fec_size
+ return verity_size
+
+
+def GetSimgSize(image_file):
+ simg = sparse_img.SparseImage(image_file, build_map=False)
+ return simg.blocksize * simg.total_blocks
+
+
+def ZeroPadSimg(image_file, pad_size):
+ blocks = pad_size // BLOCK_SIZE
+ print("Padding %d blocks (%d bytes)" % (blocks, pad_size))
+ simg = sparse_img.SparseImage(image_file, mode="r+b", build_map=False)
+ simg.AppendFillChunk(0, blocks)
+
+
+def AdjustPartitionSizeForVerity(partition_size, fec_supported):
+ """Modifies the provided partition size to account for the verity metadata.
+
+ This information is used to size the created image appropriately.
+
+ Args:
+ partition_size: the size of the partition to be verified.
+
+ Returns:
+ A tuple of the size of the partition adjusted for verity metadata, and
+ the size of verity metadata.
+ """
+ key = "%d %d" % (partition_size, fec_supported)
+ if key in AdjustPartitionSizeForVerity.results:
+ return AdjustPartitionSizeForVerity.results[key]
+
+ hi = partition_size
+ if hi % BLOCK_SIZE != 0:
+ hi = (hi // BLOCK_SIZE) * BLOCK_SIZE
+
+ # verity tree and fec sizes depend on the partition size, which
+ # means this estimate is always going to be unnecessarily small
+ verity_size = GetVeritySize(hi, fec_supported)
+ lo = partition_size - verity_size
+ result = lo
+
+ # do a binary search for the optimal size
+ while lo < hi:
+ i = ((lo + hi) // (2 * BLOCK_SIZE)) * BLOCK_SIZE
+ v = GetVeritySize(i, fec_supported)
+ if i + v <= partition_size:
+ if result < i:
+ result = i
+ verity_size = v
+ lo = i + BLOCK_SIZE
+ else:
+ hi = i
+
+ if OPTIONS.verbose:
+ print("Adjusted partition size for verity, partition_size: {},"
+ " verity_size: {}".format(result, verity_size))
+ AdjustPartitionSizeForVerity.results[key] = (result, verity_size)
+ return (result, verity_size)
+
+
+AdjustPartitionSizeForVerity.results = {}
+
+
+def BuildVerityFEC(sparse_image_path, verity_path, verity_fec_path,
+ padding_size):
+ cmd = ["fec", "-e", "-p", str(padding_size), sparse_image_path,
+ verity_path, verity_fec_path]
+ common.RunAndCheckOutput(cmd)
+
+
+def BuildVerityTree(sparse_image_path, verity_image_path):
+ cmd = ["build_verity_tree", "-A", FIXED_SALT, sparse_image_path,
+ verity_image_path]
+ output = common.RunAndCheckOutput(cmd)
+ root, salt = output.split()
+ return root, salt
+
+
+def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
+ block_device, signer_path, key, signer_args,
+ verity_disable):
+ cmd = ["build_verity_metadata.py", "build", str(image_size),
+ verity_metadata_path, root_hash, salt, block_device, signer_path, key]
+ if signer_args:
+ cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),))
+ if verity_disable:
+ cmd.append("--verity_disable")
+ common.RunAndCheckOutput(cmd)
+
+
+def Append2Simg(sparse_image_path, unsparse_image_path, error_message):
+ """Appends the unsparse image to the given sparse image.
+
+ Args:
+ sparse_image_path: the path to the (sparse) image
+ unsparse_image_path: the path to the (unsparse) image
+
+ Raises:
+ BuildVerityImageError: On error.
+ """
+ cmd = ["append2simg", sparse_image_path, unsparse_image_path]
+ try:
+ common.RunAndCheckOutput(cmd)
+ except:
+ raise BuildVerityImageError(error_message)
+
+
+def Append(target, file_to_append, error_message):
+ """Appends file_to_append to target.
+
+ Raises:
+ BuildVerityImageError: On error.
+ """
+ try:
+ with open(target, "a") as out_file, open(file_to_append, "r") as input_file:
+ for line in input_file:
+ out_file.write(line)
+ except IOError:
+ raise BuildVerityImageError(error_message)
+
+
+def BuildVerifiedImage(data_image_path, verity_image_path,
+ verity_metadata_path, verity_fec_path,
+ padding_size, fec_supported):
+ Append(
+ verity_image_path, verity_metadata_path,
+ "Could not append verity metadata!")
+
+ if fec_supported:
+ # Build FEC for the entire partition, including metadata.
+ BuildVerityFEC(
+ data_image_path, verity_image_path, verity_fec_path, padding_size)
+ Append(verity_image_path, verity_fec_path, "Could not append FEC!")
+
+ Append2Simg(
+ data_image_path, verity_image_path, "Could not append verity data!")
+
+
+def MakeVerityEnabledImage(out_file, fec_supported, prop_dict):
+ """Creates an image that is verifiable using dm-verity.
+
+ Args:
+ out_file: the location to write the verifiable image at
+ prop_dict: a dictionary of properties required for image creation and
+ verification
+
+ Raises:
+ AssertionError: On invalid partition sizes.
+ """
+ # get properties
+ image_size = int(prop_dict["image_size"])
+ block_dev = prop_dict["verity_block_device"]
+ signer_key = prop_dict["verity_key"] + ".pk8"
+ if OPTIONS.verity_signer_path is not None:
+ signer_path = OPTIONS.verity_signer_path
+ else:
+ signer_path = prop_dict["verity_signer_cmd"]
+ signer_args = OPTIONS.verity_signer_args
+
+ tempdir_name = common.MakeTempDir(suffix="_verity_images")
+
+ # Get partial image paths.
+ verity_image_path = os.path.join(tempdir_name, "verity.img")
+ verity_metadata_path = os.path.join(tempdir_name, "verity_metadata.img")
+ verity_fec_path = os.path.join(tempdir_name, "verity_fec.img")
+
+ # Build the verity tree and get the root hash and salt.
+ root_hash, salt = BuildVerityTree(out_file, verity_image_path)
+
+ # Build the metadata blocks.
+ verity_disable = "verity_disable" in prop_dict
+ BuildVerityMetadata(
+ image_size, verity_metadata_path, root_hash, salt, block_dev, signer_path,
+ signer_key, signer_args, verity_disable)
+
+ # Build the full verified image.
+ partition_size = int(prop_dict["partition_size"])
+ verity_size = int(prop_dict["verity_size"])
+
+ padding_size = partition_size - image_size - verity_size
+ assert padding_size >= 0
+
+ BuildVerifiedImage(
+ out_file, verity_image_path, verity_metadata_path, verity_fec_path,
+ padding_size, fec_supported)
+
+
+def AVBCalcMaxImageSize(avbtool, footer_type, partition_size, additional_args):
+ """Calculates max image size for a given partition size.
+
+ Args:
+ avbtool: String with path to avbtool.
+ footer_type: 'hash' or 'hashtree' for generating footer.
+ partition_size: The size of the partition in question.
+ additional_args: Additional arguments to pass to "avbtool add_hash_footer"
+ or "avbtool add_hashtree_footer".
+
+ Returns:
+ The maximum image size.
+
+ Raises:
+ BuildVerityImageError: On invalid image size.
+ """
+ cmd = [avbtool, "add_%s_footer" % footer_type,
+ "--partition_size", str(partition_size), "--calc_max_image_size"]
+ cmd.extend(shlex.split(additional_args))
+
+ output = common.RunAndCheckOutput(cmd)
+ image_size = int(output)
+ if image_size <= 0:
+ raise BuildVerityImageError(
+ "Invalid max image size: {}".format(output))
+ return image_size
+
+
+def AVBCalcMinPartitionSize(image_size, size_calculator):
+ """Calculates min partition size for a given image size.
+
+ Args:
+ image_size: The size of the image in question.
+ size_calculator: The function to calculate max image size
+ for a given partition size.
+
+ Returns:
+ The minimum partition size required to accommodate the image size.
+ """
+ # Use image size as partition size to approximate final partition size.
+ image_ratio = size_calculator(image_size) / float(image_size)
+
+ # Prepare a binary search for the optimal partition size.
+ lo = int(image_size / image_ratio) // BLOCK_SIZE * BLOCK_SIZE - BLOCK_SIZE
+
+ # Ensure lo is small enough: max_image_size should <= image_size.
+ delta = BLOCK_SIZE
+ max_image_size = size_calculator(lo)
+ while max_image_size > image_size:
+ image_ratio = max_image_size / float(lo)
+ lo = int(image_size / image_ratio) // BLOCK_SIZE * BLOCK_SIZE - delta
+ delta *= 2
+ max_image_size = size_calculator(lo)
+
+ hi = lo + BLOCK_SIZE
+
+ # Ensure hi is large enough: max_image_size should >= image_size.
+ delta = BLOCK_SIZE
+ max_image_size = size_calculator(hi)
+ while max_image_size < image_size:
+ image_ratio = max_image_size / float(hi)
+ hi = int(image_size / image_ratio) // BLOCK_SIZE * BLOCK_SIZE + delta
+ delta *= 2
+ max_image_size = size_calculator(hi)
+
+ partition_size = hi
+
+ # Start to binary search.
+ while lo < hi:
+ mid = ((lo + hi) // (2 * BLOCK_SIZE)) * BLOCK_SIZE
+ max_image_size = size_calculator(mid)
+ if max_image_size >= image_size: # if mid can accommodate image_size
+ if mid < partition_size: # if a smaller partition size is found
+ partition_size = mid
+ hi = mid
+ else:
+ lo = mid + BLOCK_SIZE
+
+ if OPTIONS.verbose:
+ print("AVBCalcMinPartitionSize({}): partition_size: {}.".format(
+ image_size, partition_size))
+
+ return partition_size
+
+
+def AVBAddFooter(image_path, avbtool, footer_type, partition_size,
+ partition_name, key_path, algorithm, salt,
+ additional_args):
+ """Adds dm-verity hashtree and AVB metadata to an image.
+
+ Args:
+ image_path: Path to image to modify.
+ avbtool: String with path to avbtool.
+ footer_type: 'hash' or 'hashtree' for generating footer.
+ partition_size: The size of the partition in question.
+ partition_name: The name of the partition - will be embedded in metadata.
+ key_path: Path to key to use or None.
+ algorithm: Name of algorithm to use or None.
+ salt: The salt to use (a hexadecimal string) or None.
+ additional_args: Additional arguments to pass to "avbtool add_hash_footer"
+ or "avbtool add_hashtree_footer".
+ """
+ cmd = [avbtool, "add_%s_footer" % footer_type,
+ "--partition_size", partition_size,
+ "--partition_name", partition_name,
+ "--image", image_path]
+
+ if key_path and algorithm:
+ cmd.extend(["--key", key_path, "--algorithm", algorithm])
+ if salt:
+ cmd.extend(["--salt", salt])
+
+ cmd.extend(shlex.split(additional_args))
+
+ common.RunAndCheckOutput(cmd)
+
class HashtreeInfoGenerationError(Exception):
"""An Exception raised during hashtree info generation."""