def ReplaceVerityKeyId(targetfile_input_zip, targetfile_output_zip, keypath):
in_cmdline = targetfile_input_zip.read("BOOT/cmdline")
# copy in_cmdline to output_zip if veritykeyid is not present in in_cmdline
if "veritykeyid" not in in_cmdline:
common.ZipWriteStr(targetfile_output_zip, "BOOT/cmdline", in_cmdline)
return in_cmdline
out_cmdline = []
for param in in_cmdline.split():
if "veritykeyid" in param:
# extract keyid using openssl command
p = common.Run(["openssl", "x509", "-in", keypath, "-text"],
stdout=subprocess.PIPE)
keyid, stderr = p.communicate()
keyid = re.search(r'keyid:([0-9a-fA-F:]*)',
keyid).group(1).replace(':', '').lower()
print "Replacing verity keyid with %s error=%s" % (keyid, stderr)
out_cmdline.append("veritykeyid=id:%s" % (keyid, ))
else:
out_cmdline.append(param)
out_cmdline = ' '.join(out_cmdline)
out_cmdline = out_cmdline.strip()
print "out_cmdline %s" % (out_cmdline)
common.ZipWriteStr(targetfile_output_zip, "BOOT/cmdline", out_cmdline)
return out_cmdline
def VerifyAbOtaPayload(cert, package):
"""Verifies the payload and metadata signatures in an A/B OTA payload."""
package_zip = zipfile.ZipFile(package, 'r')
if 'payload.bin' not in package_zip.namelist():
common.ZipClose(package_zip)
return
print('Verifying A/B OTA payload signatures...')
# Dump pubkey from the certificate.
pubkey = common.MakeTempFile(prefix="key-", suffix=".pem")
with open(pubkey, 'wb') as pubkey_fp:
pubkey_fp.write(common.ExtractPublicKey(cert))
package_dir = common.MakeTempDir(prefix='package-')
# Signature verification with delta_generator.
payload_file = package_zip.extract('payload.bin', package_dir)
cmd = ['delta_generator',
'--in_file=' + payload_file,
'--public_key=' + pubkey]
proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
stdoutdata, _ = proc.communicate()
assert proc.returncode == 0, \
'Failed to verify payload with delta_generator: %s\n%s' % (package,
stdoutdata)
common.ZipClose(package_zip)
# Verified successfully upon reaching here.
print('\nPayload signatures VERIFIED\n\n')
def _generate_system_image(self, output_file):
verity_fec = True
partition_size = 1024 * 1024
image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity(
partition_size, verity_fec)
# Use an empty root directory.
system_root = common.MakeTempDir()
cmd = ['mkuserimg_mke2fs', '-s', system_root, output_file, 'ext4',
'/system', str(image_size), '-j', '0']
proc = common.Run(cmd)
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
"Failed to create system image with mkuserimg_mke2fs: {}".format(
stdoutdata))
# Append the verity metadata.
prop_dict = {
'partition_size' : str(partition_size),
'image_size' : str(image_size),
'verity_block_device' : '/dev/block/system',
'verity_key' : os.path.join(self.testdata_dir, 'testkey'),
'verity_signer_cmd' : 'verity_signer',
'verity_size' : str(verity_size),
}
verity_utils.MakeVerityEnabledImage(output_file, verity_fec, prop_dict)
def AddVBMeta(output_zip,
boot_img_path,
system_img_path,
vendor_img_path,
dtbo_img_path,
prefix="IMAGES/"):
"""Create a VBMeta image and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
cmd = [avbtool, "make_vbmeta_image", "--output", img.name]
common.AppendAVBSigningArgs(cmd, "vbmeta")
public_key_dir = tempfile.mkdtemp(prefix="avbpubkey-")
OPTIONS.tempfiles.append(public_key_dir)
AppendVBMetaArgsForPartition(cmd, "boot", boot_img_path, public_key_dir)
AppendVBMetaArgsForPartition(cmd, "system", system_img_path,
public_key_dir)
AppendVBMetaArgsForPartition(cmd, "vendor", vendor_img_path,
public_key_dir)
AppendVBMetaArgsForPartition(cmd, "dtbo", dtbo_img_path, public_key_dir)
args = OPTIONS.info_dict.get("avb_vbmeta_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
img.Write()
def GenerateBootloaderSecbin(unpack_dir, variant):
""" Generate bootloader with secpack for Non-EFI(example Sofialte); The partitions are
obtained from get_bootloader_list() in GetBootloaderImagesfromFls.
use tool binary_merge to generate Merged.secbin with SecureBlock.bin + LoadMap.bin
"""
for current_file in os.listdir(unpack_dir):
if fnmatch.fnmatch(current_file, '*LoadMap0.bin'):
loader_mapdatafile = current_file
assert loader_mapdatafile is not None, "Error in extracting the LoadMap.bin"
for current_file in os.listdir(unpack_dir):
if fnmatch.fnmatch(current_file, '*SecureBlock.bin'):
loader_scublockfile = current_file
assert loader_scublockfile is not None, "Error in extracting the SecureBlock.bin"
binary_merge = "hardware/intel/sofia_lte-fls/tools/binary_merge"
cmd = [binary_merge, "-o", os.path.join(unpack_dir, "Merged.secbin"),
"-b 1 -p 0"]
cmd.append(os.path.join(unpack_dir, loader_scublockfile))
cmd.append(os.path.join(unpack_dir, loader_mapdatafile))
print("execute 3.command: {}".format(' '.join(cmd)))
try:
p = common.Run(cmd)
except Exception as exc:
print("Error: Unable to execute command: {}".format(' '.join(cmd)))
raise exc
p.communicate()
assert p.returncode == 0, "binary_merge failed"
def pk8_to_pem(der_key_path, password=None, none_on_fail_convert=False):
# If the key is already available in converted form, then use that
# file. This is important for .pk8 files that actually contain references
# to ECSS keys, because they are not fully parseable by openssl.
(der_key_path_root,der_key_path_ext) = os.path.splitext(der_key_path)
der_key_path_pem = der_key_path_root + ".pem"
if os.path.exists(der_key_path_pem):
return open(der_key_path_pem)
# Defaults to 0600 permissions which is defintitely what we want!
tf = tempfile.NamedTemporaryFile(prefix="pk8_to_pem")
cmd = ["openssl", "pkcs8"];
if password:
cmd.extend(["-passin", "stdin"])
else:
cmd.append("-nocrypt")
cmd.extend(["-inform", "DER", "-outform", "PEM",
"-in", der_key_path, "-out", tf.name])
p = common.Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
if password is not None:
password += "\n"
p.communicate(password)
if none_on_fail_convert:
if p.returncode != 0:
tf.close()
return None
else:
assert p.returncode == 0, "openssl key conversion failed"
tf.seek(os.SEEK_SET, 0)
return tf
def get_auth_data(timestamp, sign_pair, password, pem_cert, guid_str, name, payload = None):
esl = get_efi_sig_list(pem_cert, guid_str, name)
if payload:
esl.write(payload)
esl.seek(os.SEEK_SET, 0)
pem_key = pk8_to_pem(sign_pair + common.OPTIONS.private_key_suffix, password)
tf = tempfile.NamedTemporaryFile(prefix="auth_file-"+name+"-")
timestampfmt = "%Y-%m-%d %I:%M:%S"
cmd = ["sign-efi-sig-list", "-t",
time.strftime(timestampfmt, time.strptime(time.ctime(timestamp))),
"-c", sign_pair + common.OPTIONS.public_key_suffix,
"-g", guid_str, "-k", pem_key.name, name, esl.name, tf.name]
p = common.Run(cmd)
p.communicate()
assert p.returncode == 0, "sign-efi-sig-list failed"
tf.seek(os.SEEK_SET, 0)
pem_key.close()
esl.close()
data = tf.read()
tf.close()
return data
def process_iasimage(in_f, out_f):
"""
resign the iasimage with new verity key
"""
#get the unsigned iasimage binary
#the method is to get the payload offset plus
#palyload length plus the crc checksum
s = struct.Struct('I I I I I I I')
with open(in_f, 'rb') as fh:
u = s.unpack(fh.read(struct.calcsize(s.format)))
data_len = u[3]
data_off = u[4]
unsigned_len = data_off + data_len + crc_len
fh.seek(0, 0)
data = fh.read(unsigned_len)
tf = tempfile.NamedTemporaryFile()
tf.write(data)
tf.flush()
#resign the fastboot with new verity key
cmd = ["ias_image_signer"]
cmd.append(tf.name)
cmd.extend([OPTIONS.oem_key + ".pk8", OPTIONS.oem_key + ".x509.pem"])
cmd.append(out_f)
p = common.Run(cmd)
p.wait()
tf.close()
def _generate_system_image(self, output_file):
prop_dict = {
'partition_size': str(1024 * 1024),
'verity': 'true',
'verity_block_device': '/dev/block/system',
'verity_key': os.path.join(self.testdata_dir, 'testkey'),
'verity_fec': "true",
'verity_signer_cmd': 'verity_signer',
}
verity_image_builder = CreateVerityImageBuilder(prop_dict)
image_size = verity_image_builder.CalculateMaxImageSize()
# Use an empty root directory.
system_root = common.MakeTempDir()
cmd = [
'mkuserimg_mke2fs', '-s', system_root, output_file, 'ext4',
'/system',
str(image_size), '-j', '0'
]
proc = common.Run(cmd)
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
"Failed to create system image with mkuserimg_mke2fs: {}".format(
stdoutdata))
# Append the verity metadata.
verity_image_builder.Build(output_file)
def AppendVBMetaArgsForPartition(cmd, partition, img_path, public_key_dir):
if not img_path:
return
# Check if chain partition is used.
key_path = OPTIONS.info_dict.get("avb_" + partition + "_key_path")
if key_path:
# extract public key in AVB format to be included in vbmeta.img
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
public_key_path = os.path.join(public_key_dir,
"%s.avbpubkey" % partition)
p = common.Run([
avbtool, "extract_public_key", "--key", key_path, "--output",
public_key_path
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, \
"avbtool extract_public_key fail for partition: %r" % partition
rollback_index_location = OPTIONS.info_dict["avb_" + partition +
"_rollback_index_location"]
cmd.extend([
"--chain_partition",
"%s:%s:%s" % (partition, rollback_index_location, public_key_path)
])
else:
cmd.extend(["--include_descriptors_from_image", img_path])
def AddPartitionTable(output_zip, prefix="IMAGES/"):
"""Create a partition table image and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix,
"partition-table.img")
bpt = OutputFile(output_zip, OPTIONS.input_tmp, prefix,
"partition-table.bpt")
# use BPTTOOL from environ, or "bpttool" if empty or not set.
bpttool = os.getenv("BPTTOOL") or "bpttool"
cmd = [
bpttool, "make_table", "--output_json", bpt.name, "--output_gpt",
img.name
]
input_files_str = OPTIONS.info_dict["board_bpt_input_files"]
input_files = input_files_str.split(" ")
for i in input_files:
cmd.extend(["--input", i])
disk_size = OPTIONS.info_dict.get("board_bpt_disk_size")
if disk_size:
cmd.extend(["--disk_size", disk_size])
args = OPTIONS.info_dict.get("board_bpt_make_table_args")
if args:
cmd.extend(shlex.split(args))
p = common.Run(cmd, stdout=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "bpttool make_table failed"
img.Write()
bpt.Write()
def AddVBMeta(output_zip,
boot_img_path,
system_img_path,
vendor_img_path,
dtbo_img_path,
prefix="IMAGES/"):
"""Create a VBMeta image and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
cmd = [
avbtool, "make_vbmeta_image", "--output", img.name,
"--include_descriptors_from_image", boot_img_path,
"--include_descriptors_from_image", system_img_path
]
if vendor_img_path is not None:
cmd.extend(["--include_descriptors_from_image", vendor_img_path])
if dtbo_img_path is not None:
cmd.extend(["--include_descriptors_from_image", dtbo_img_path])
if OPTIONS.info_dict.get("system_root_image") == "true":
cmd.extend(["--setup_rootfs_from_kernel", system_img_path])
cmd.extend(shlex.split(OPTIONS.info_dict["avb_signing_args"]))
args = OPTIONS.info_dict.get("board_avb_make_vbmeta_image_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
img.Write()
def AddDtbo(output_zip):
"""Adds the DTBO image.
Uses the image under IMAGES/ if it already exists. Otherwise looks for the
image under PREBUILT_IMAGES/, signs it as needed, and returns the image name.
"""
img = OutputFile(output_zip, OPTIONS.input_tmp, "IMAGES", "dtbo.img")
if os.path.exists(img.input_name):
logger.info("dtbo.img already exists; no need to rebuild...")
return img.input_name
dtbo_prebuilt_path = os.path.join(
OPTIONS.input_tmp, "PREBUILT_IMAGES", "dtbo.img")
assert os.path.exists(dtbo_prebuilt_path)
shutil.copy(dtbo_prebuilt_path, img.name)
# AVB-sign the image as needed.
if OPTIONS.info_dict.get("avb_enable") == "true":
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
part_size = OPTIONS.info_dict["dtbo_size"]
# The AVB hash footer will be replaced if already present.
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "dtbo"]
common.AppendAVBSigningArgs(cmd, "dtbo")
args = OPTIONS.info_dict.get("avb_dtbo_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
proc = common.Run(cmd)
output, _ = proc.communicate()
assert proc.returncode == 0, \
"Failed to call 'avbtool add_hash_footer' for {}:\n{}".format(
img.name, output)
img.Write()
return img.name
def ReplaceVerityKeyId(input_zip, output_zip, key_path):
"""Replaces the veritykeyid parameter in BOOT/cmdline.
Args:
input_zip: The input target_files zip, which should be already open.
output_zip: The output target_files zip, which should be already open and
writable.
key_path: The path to the PEM encoded X.509 certificate.
"""
in_cmdline = input_zip.read("BOOT/cmdline").decode()
# Copy in_cmdline to output_zip if veritykeyid is not present.
if "veritykeyid" not in in_cmdline:
common.ZipWriteStr(output_zip, "BOOT/cmdline", in_cmdline)
return
out_buffer = []
for param in in_cmdline.split():
if "veritykeyid" not in param:
out_buffer.append(param)
continue
# Extract keyid using openssl command.
p = common.Run(["openssl", "x509", "-in", key_path, "-text"],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
keyid, stderr = p.communicate()
assert p.returncode == 0, "Failed to dump certificate: {}".format(stderr)
keyid = re.search(
r'keyid:([0-9a-fA-F:]*)', keyid).group(1).replace(':', '').lower()
print("Replacing verity keyid with {}".format(keyid))
out_buffer.append("veritykeyid=id:%s" % (keyid,))
out_cmdline = ' '.join(out_buffer).strip() + '\n'
common.ZipWriteStr(output_zip, "BOOT/cmdline", out_cmdline)
def AddDtbo(output_zip, prefix="IMAGES/"):
"""Adds the DTBO image.
Uses the image under prefix if it already exists. Otherwise looks for the
image under PREBUILT_IMAGES/, signs it as needed, and returns the image name.
"""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "dtbo.img")
if os.path.exists(img.input_name):
print("dtbo.img already exists in %s, no need to rebuild..." % (prefix,))
return img.input_name
dtbo_prebuilt_path = os.path.join(
OPTIONS.input_tmp, "PREBUILT_IMAGES", "dtbo.img")
assert os.path.exists(dtbo_prebuilt_path)
shutil.copy(dtbo_prebuilt_path, img.name)
# AVB-sign the image as needed.
if OPTIONS.info_dict.get("avb_enable") == "true":
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
part_size = OPTIONS.info_dict["dtbo_size"]
# The AVB hash footer will be replaced if already present.
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "dtbo"]
common.AppendAVBSigningArgs(cmd, "dtbo")
args = OPTIONS.info_dict.get("avb_dtbo_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
p = common.Run(cmd, stdout=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, \
"avbtool add_hash_footer of %s failed" % (img.name,)
img.Write()
return img.name
def ReadManifest(self, full_filename):
p = common.Run(
["aapt", "dump", "xmltree", full_filename, "AndroidManifest.xml"],
stdout=subprocess.PIPE)
manifest, err = p.communicate()
if err:
AddProblem("failed to read manifest")
return
self.shared_uid = None
self.package = None
for line in manifest.split("\n"):
line = line.strip()
m = re.search(r'A: (\S*?)(?:\(0x[0-9a-f]+\))?="(.*?)" \(Raw', line)
if m:
name = m.group(1)
if name == "android:sharedUserId":
if self.shared_uid is not None:
AddProblem("multiple sharedUserId declarations")
self.shared_uid = m.group(2)
elif name == "package":
if self.package is not None:
AddProblem("multiple package declarations")
self.package = m.group(2)
if self.package is None:
AddProblem("no package declaration")
def test_CheckHeadroom_WithMke2fsOutput(self):
"""Tests the result parsing from actual call to mke2fs."""
input_dir = common.MakeTempDir()
output_image = common.MakeTempFile(suffix='.img')
command = [
'mkuserimg_mke2fs', input_dir, output_image, 'ext4', '/system',
'409600', '-j', '0'
]
proc = common.Run(command)
ext4fs_output, _ = proc.communicate()
self.assertEqual(0, proc.returncode)
prop_dict = {
'fs_type': 'ext4',
'partition_headroom': '40960',
'mount_point': 'system',
}
CheckHeadroom(ext4fs_output, prop_dict)
prop_dict = {
'fs_type': 'ext4',
'partition_headroom': '413696',
'mount_point': 'system',
}
self.assertRaises(BuildImageError, CheckHeadroom, ext4fs_output,
prop_dict)
def AddVBMeta(output_zip, partitions, prefix="IMAGES/"):
"""Creates a VBMeta image and store it in output_zip.
Args:
output_zip: The output zip file, which needs to be already open.
partitions: A dict that's keyed by partition names with image paths as
values. Only valid partition names are accepted, which include 'boot',
'recovery', 'system', 'vendor', 'dtbo'.
"""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
if os.path.exists(img.input_name):
print("vbmeta.img already exists in %s; not rebuilding..." %
(prefix, ))
return img.input_name
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
cmd = [avbtool, "make_vbmeta_image", "--output", img.name]
common.AppendAVBSigningArgs(cmd, "vbmeta")
public_key_dir = tempfile.mkdtemp(prefix="avbpubkey-")
OPTIONS.tempfiles.append(public_key_dir)
for partition, path in partitions.items():
assert partition in common.AVB_PARTITIONS, 'Unknown partition: %s' % (
partition, )
assert os.path.exists(
path), 'Failed to find %s for partition %s' % (path, partition)
AppendVBMetaArgsForPartition(cmd, partition, path, public_key_dir)
args = OPTIONS.info_dict.get("avb_vbmeta_args")
if args and args.strip():
split_args = shlex.split(args)
for index, arg in enumerate(split_args[:-1]):
# Sanity check that the image file exists. Some images might be defined
# as a path relative to source tree, which may not be available at the
# same location when running this script (we have the input target_files
# zip only). For such cases, we additionally scan other locations (e.g.
# IMAGES/, RADIO/, etc) before bailing out.
if arg == '--include_descriptors_from_image':
image_path = split_args[index + 1]
if os.path.exists(image_path):
continue
found = False
for dir in [
'IMAGES', 'RADIO', 'VENDOR_IMAGES', 'PREBUILT_IMAGES'
]:
alt_path = os.path.join(OPTIONS.input_tmp, dir,
os.path.basename(image_path))
if os.path.exists(alt_path):
split_args[index + 1] = alt_path
found = True
break
assert found, 'failed to find %s' % (image_path, )
cmd.extend(split_args)
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
img.Write()
def der_pub_from_pem_cert(cert_path):
tf = tempfile.NamedTemporaryFile(prefix="der_pub_from_pem_cert")
cmd1 = ["openssl", "x509", "-in", cert_path, "-noout", "-pubkey"]
cmd2 = [
"openssl", "rsa", "-inform", "PEM", "-pubin", "-outform", "DER",
"-out", tf.name
]
p1 = common.Run(cmd1, stdout=subprocess.PIPE)
p2 = common.Run(cmd2, stdin=p1.stdout)
p2.communicate()
p1.wait()
assert p1.returncode == 0, "extracting verity public key failed"
assert p2.returncode == 0, "verity public key conversion failed"
tf.seek(os.SEEK_SET, 0)
return tf
def files_from_path(target_path, extra_args=None):
"""Gets files under the given path and return a sorted list."""
find_command = ['find', target_path] + (extra_args or [])
find_process = common.Run(
find_command, stdout=subprocess.PIPE, verbose=False)
return common.RunAndCheckOutput(['sort'],
stdin=find_process.stdout,
verbose=False)
def MakeBlob():
print 'TF common: Generating blob...'
blobpath = os.path.join(OUTDIR, "boot.blob")
cmdblob = ["blobpack", blobpath, "LNX", os.path.join(OUTDIR, "boot.img")]
pblob = common.Run(cmdblob, stdout=subprocess.PIPE)
pblob.communicate()
assert pblob.returncode == 0, "blobpack of %s image failed" % (os.path.basename(OUTDIR),)
return open(blobpath).read()
def run_cmd(cmd):
try:
p = common.Run(cmd)
except Exception as exc:
print "Error: Unable to execute command: {}".format(' '.join(cmd))
raise exc
p.communicate()
assert p.returncode == 0, "Command failed: {}".format(' '.join(cmd))
def MakeVFATFilesystem(root_zip, filename, title="ANDROIDIA", size=0, block_size=None, extra_size=0,
extra_files=[], zipped=True):
"""Create a VFAT filesystem image with all the files in the provided
root zipfile. The size of the filesystem, if not provided by the
caller, will be 101% the size of the containing files"""
if zipped:
root = common.UnzipTemp(root_zip)
root_zip = zipfile.ZipFile(root_zip, "r")
else:
root = root_zip
for fn_src, fn_dest in extra_files:
fn_dest = os.path.join(root, fn_dest)
if not os.path.exists(os.path.dirname(fn_dest)):
os.makedirs(os.path.dirname(fn_dest))
shutil.copy(fn_src, fn_dest)
if size == 0:
for dpath, dnames, fnames in os.walk(root):
for f in fnames:
size += os.path.getsize(os.path.join(dpath, f))
# Add 1% extra space, minimum 32K
extra = size / 100
if extra < (32 * 1024):
extra = 32 * 1024
size += extra
size += extra_size
# Round the size of the disk up to 32K so that total sectors is
# a multiple of sectors per track (mtools complains otherwise)
mod = size % (32 * 1024)
if mod != 0:
size = size + (32 * 1024) - mod
# mtools freaks out otherwise
if os.path.exists(filename):
os.unlink(filename)
add_dir_to_path("/sbin")
cmd = ["mkdosfs"]
if block_size:
cmd.extend(["-S", str(block_size)])
cmd.extend(["-n", title, "-C", filename, str(size / 1024)])
try:
p = common.Run(cmd)
except Exception as exc:
print("Error: Unable to execute command: {}".format(' '.join(cmd)))
raise exc
p.wait()
assert p.returncode == 0, "mkdosfs failed"
for f in os.listdir(root):
in_p = os.path.join(root, f)
out_p = os.path.relpath(in_p, root)
PutFatFile(filename, in_p, out_p)
def get_efi_sig_list(pem_cert, guid_str, name):
tf = tempfile.NamedTemporaryFile(prefix="pem_cert_to_esl-" + name + "-")
if pem_cert:
cmd = ["cert-to-efi-sig-list", "-g", guid_str, pem_cert, tf.name]
p = common.Run(cmd)
p.communicate()
assert p.returncode == 0, "cert-to-efi-sig-list failed"
tf.seek(os.SEEK_SET, 0)
return tf
def PutFatFile(fat_img, in_path, out_path):
cmd = ["mcopy", "-s", "-Q", "-i", fat_img, in_path, "::" + out_path]
try:
p = common.Run(cmd)
except Exception as exc:
print "Error: Unable to execute command: {}".format(' '.join(cmd))
raise exc
p.wait()
assert p.returncode == 0, "couldn't insert %s into FAT image" % (in_path, )
def CheckVintfFromExtractedTargetFiles(input_tmp, info_dict=None):
"""
Checks VINTF metadata of an extracted target files directory.
Args:
inp: path to the directory that contains the extracted target files archive.
info_dict: The build-time info dict. If None, it will be loaded from inp.
Returns:
True if VINTF check is skipped or compatible, False if incompatible. Raise
a RuntimeError if any error occurs.
"""
if info_dict is None:
info_dict = common.LoadInfoDict(input_tmp)
if info_dict.get('vintf_enforce') != 'true':
logger.warning(
'PRODUCT_ENFORCE_VINTF_MANIFEST is not set, skipping checks')
return True
dirmap = GetDirmap(input_tmp)
args_for_skus = GetArgsForSkus(info_dict)
shipping_api_level_args = GetArgsForShippingApiLevel(info_dict)
kernel_args = GetArgsForKernel(input_tmp)
common_command = [
'checkvintf',
'--check-compat',
]
for device_path, real_path in dirmap.items():
common_command += ['--dirmap', '{}:{}'.format(device_path, real_path)]
common_command += kernel_args
common_command += shipping_api_level_args
success = True
for sku_args in args_for_skus:
command = common_command + sku_args
proc = common.Run(command,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
out, err = proc.communicate()
if proc.returncode == 0:
logger.info("Command `%s` returns 'compatible'", ' '.join(command))
elif out.strip() == "INCOMPATIBLE":
logger.info("Command `%s` returns 'incompatible'",
' '.join(command))
success = False
else:
raise common.ExternalError(
"Failed to run command '{}' (exit code {}):\nstdout:{}\nstderr:{}"
.format(' '.join(command), proc.returncode, out, err))
logger.info("stdout: %s", out)
logger.info("stderr: %s", err)
return success
def pem_cert_to_der_cert(pem_cert_path):
tf = tempfile.NamedTemporaryFile(prefix="pem_cert_to_der_cert")
cmd = ["openssl", "x509", "-inform", "PEM", "-outform", "DER",
"-in", pem_cert_path, "-out", tf.name]
p = common.Run(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "openssl cert conversion failed"
tf.seek(os.SEEK_SET, 0)
return tf
def AddDisabledVBMeta(output_zip, prefix="IMAGES/"):
"""Create a VBMeta image and store it in output_zip."""
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
cmd = [avbtool, "make_vbmeta_image", "--flag", "2", "--padding_size", "4096", "--output", img.name]
p = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
assert p.returncode == 0, "avbtool make_vbmeta_image failed"
img.Write()
def _generate_boot_image(self, output_file):
kernel = common.MakeTempFile(prefix='kernel-')
with open(kernel, 'wb') as kernel_fp:
kernel_fp.write(os.urandom(10))
cmd = ['mkbootimg', '--kernel', kernel, '-o', output_file]
proc = common.Run(cmd)
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
"Failed to run mkbootimg: {}".format(stdoutdata))
cmd = ['boot_signer', '/boot', output_file,
os.path.join(self.testdata_dir, 'testkey.pk8'),
os.path.join(self.testdata_dir, 'testkey.x509.pem'), output_file]
proc = common.Run(cmd)
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
"Failed to sign boot image with boot_signer: {}".format(stdoutdata))
def test_ParseCertificate(self):
cert = os.path.join(self.testdata_dir, 'testkey.x509.pem')
cmd = ['openssl', 'x509', '-in', cert, '-outform', 'DER']
proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
expected, _ = proc.communicate()
self.assertEqual(0, proc.returncode)
with open(cert) as cert_fp:
actual = common.ParseCertificate(cert_fp.read())
self.assertEqual(expected, actual)
