Gitiles
Code Review Sign In
review.blissroms.org / platform_build_make / 5b5f4958d89dae6a79a9715f4d91c30cb38a4680^! / . / tools / releasetools / build_image.py
commit5b5f4958d89dae6a79a9715f4d91c30cb38a4680[log] [tgz]
authorGeremy Condra <gcondra@google.com>Mon May 05 22:19:37 2014 -0700
committerGeremy Condra <gcondra@google.com>Sat May 10 18:31:07 2014 -0700
treea67fa2de9b1f46454f44a233f76420f685a9dfb3
parentd2151e1402c1d757a3cafd3e314288ea6222178e [diff] [blame]
Add verity support to `make dist`.

Without this, system images will be built that do not contain the
necessary bits for verification.

Change-Id: I87c15282b26377d7a2a1540e3d0e30b0299622e3

diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index d3f7144..4ad5bca 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py

@@ -26,6 +26,7 @@
 import sys
 import commands
 import shutil
+import tempfile
 
 import simg_map
 
@@ -170,10 +171,7 @@
   signer_path = prop_dict["verity_signer_cmd"]
 
   # make a tempdir
-  tempdir_name = os.path.join(os.path.dirname(out_file), "verity_images")
-  if os.path.exists(tempdir_name):
-    shutil.rmtree(tempdir_name)
-  os.mkdir(tempdir_name)
+  tempdir_name = tempfile.mkdtemp(suffix="_verity_images")
 
   # get partial image paths
   verity_image_path = os.path.join(tempdir_name, "verity.img")
@@ -181,7 +179,7 @@
 
   # build the verity tree and get the root hash and salt
   if not BuildVerityTree(out_file, verity_image_path, prop_dict):
-    shutil.rmtree(tempdir_name)
+    shutil.rmtree(tempdir_name, ignore_errors=True)
     return False
 
   # build the metadata blocks
@@ -194,17 +192,17 @@
                               block_dev,
                               signer_path,
                               signer_key):
-    shutil.rmtree(tempdir_name)
+    shutil.rmtree(tempdir_name, ignore_errors=True)
     return False
 
   # build the full verified image
   if not BuildVerifiedImage(out_file,
                             verity_image_path,
                             verity_metadata_path):
-    shutil.rmtree(tempdir_name)
+    shutil.rmtree(tempdir_name, ignore_errors=True)
     return False
 
-  shutil.rmtree(tempdir_name)
+  shutil.rmtree(tempdir_name, ignore_errors=True)
   return True
 
 def BuildImage(in_dir, prop_dict, out_file):
@@ -222,8 +220,10 @@
   fs_type = prop_dict.get("fs_type", "")
   run_fsck = False
 
+  is_verity_partition = prop_dict.get("mount_point") == prop_dict.get("verity_mountpoint")
+  verity_supported = prop_dict.get("verity") == "true"
   # adjust the partition size to make room for the hashes if this is to be verified
-  if prop_dict.get("verity") == "true":
+  if verity_supported and is_verity_partition:
     partition_size = int(prop_dict.get("partition_size"))
     adjusted_size = AdjustPartitionSizeForVerity(partition_size)
     if not adjusted_size:
@@ -258,7 +258,7 @@
     return False
 
   # create the verified image if this is to be verified
-  if prop_dict.get("verity") == "true":
+  if verity_supported and is_verity_partition:
     if not MakeVerityEnabledImage(out_file, prop_dict):
       return False
 
@@ -301,7 +301,8 @@
       "verity",
       "verity_block_device",
       "verity_key",
-      "verity_signer_cmd"
+      "verity_signer_cmd",
+      "verity_mountpoint"
       )
   for p in common_props:
     copy_prop(p, p)