tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_build/tools/releasetools/test_validate_target_files.py

332 lines
12 KiB
Python
Raw Normal View History

releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
#
# Copyright (C) 2018 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
Remove the hard-coded path of build_verity_metadata.py. build_image.py used to invoke build_verity_metadata.py with a hard-coded path of 'system/extras/verity/build_verity_metadata.py', which makes it hard to run unittests from non-$(ANDROID_BUILD_TOP) directory. This CL adds the dependency on the tool, so that it gets installed to $(HOST_OUT_EXECUTABLES), then removes the hard-coded path. Bug: 74544459 Bug: 76015688 Test: `m dist` Test: python -m unittest test_validate_target_files Change-Id: I0dcf4eb067a0db6f099cb589eb99a151a05c7f2b
2018-03-16 07:21:28 +01:00
"""Unittests for validate_target_files.py."""
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
import os
import os.path
import shutil
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
import zipfile
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
import common
import test_utils
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
from rangelib import RangeSet
from validate_target_files import (ValidateVerifiedBootImages,
ValidateFileConsistency)
releasetools: Create VerityImageBuilder. Test: `m dist` with aosp_marlin-userdebug (VB 1.0) Test: `m dist` with aosp_taimen-userdebug (VB 2.0) Test: `python -m unittest discover .` Change-Id: I8c016b7621b73f220fb2a4586cc45a21eeee438d
2018-10-03 23:23:59 +02:00
from verity_utils import CreateVerityImageBuilder
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
releasetools: Add a common base class for unittests. All the releasetools unittests extend the common base class of test_utils.ReleaseToolsTestCase. Define tearDown() in the base class to do the clean-up works. Test: `pylint --rcfile=pylintrc test_*.py` Test: `python -m unittest discover .` Change-Id: I51775d964ef032dcdf3bb89c55e1a31371cde708
2018-10-12 06:57:26 +02:00
class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase):
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
def setUp(self):
self.testdata_dir = test_utils.get_testdata_dir()
def _generate_boot_image(self, output_file):
kernel = common.MakeTempFile(prefix='kernel-')
with open(kernel, 'wb') as kernel_fp:
kernel_fp.write(os.urandom(10))
cmd = ['mkbootimg', '--kernel', kernel, '-o', output_file]
releasetools: Set default stdout and stderr in common.Run(). stdout and stderr will default to subprocess.PIPE and subprocess.STDOUT respectively (which is the expected behavior from most of the existing callers), unless caller specifies any of them. Test: `m dist` Test: python -m unittest \ test_common \ test_add_img_to_target_files \ test_ota_from_target_files \ test_validate_target_files Change-Id: I43b3f08edfa8a9bcfe54baf9848dc705c048e327
2018-10-05 01:25:33 +02:00
proc = common.Run(cmd)
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
"Failed to run mkbootimg: {}".format(stdoutdata))
cmd = ['boot_signer', '/boot', output_file,
os.path.join(self.testdata_dir, 'testkey.pk8'),
os.path.join(self.testdata_dir, 'testkey.x509.pem'), output_file]
releasetools: Set default stdout and stderr in common.Run(). stdout and stderr will default to subprocess.PIPE and subprocess.STDOUT respectively (which is the expected behavior from most of the existing callers), unless caller specifies any of them. Test: `m dist` Test: python -m unittest \ test_common \ test_add_img_to_target_files \ test_ota_from_target_files \ test_validate_target_files Change-Id: I43b3f08edfa8a9bcfe54baf9848dc705c048e327
2018-10-05 01:25:33 +02:00
proc = common.Run(cmd)
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
"Failed to sign boot image with boot_signer: {}".format(stdoutdata))
relesetools: Enable releasetools_test in presubmit. About half of the testcases rely on external tools (i.e. the ones in `otatools.zip`, which are external to releasetools module, but still built by Android). It's WAI as releasetools scripts are mostly for gluing purpose. However, the current support in Soong doesn't allow packing the helper modules as part of the built releasetools_test. This CL adds a decorator that allows declaring external dependencies in testcases, which will be skipped while running in presubmit. It doesn't affect local invocation of `atest releasetools_test`. Fixes: 112080715 Test: `atest releasetools_test` Test: TreeHugger; check that releasetools_test is invoked (and test passes). Change-Id: I8fdeb6549023cf5ddeb79d610c7c37cf9f13d3cc
2019-04-09 09:12:30 +02:00
@test_utils.SkipIfExternalToolsUnavailable()
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
def test_ValidateVerifiedBootImages_bootImage(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
self._generate_boot_image(boot_image)
info_dict = {
'boot_signer' : 'true',
}
options = {
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
}
ValidateVerifiedBootImages(input_tmp, info_dict, options)
relesetools: Enable releasetools_test in presubmit. About half of the testcases rely on external tools (i.e. the ones in `otatools.zip`, which are external to releasetools module, but still built by Android). It's WAI as releasetools scripts are mostly for gluing purpose. However, the current support in Soong doesn't allow packing the helper modules as part of the built releasetools_test. This CL adds a decorator that allows declaring external dependencies in testcases, which will be skipped while running in presubmit. It doesn't affect local invocation of `atest releasetools_test`. Fixes: 112080715 Test: `atest releasetools_test` Test: TreeHugger; check that releasetools_test is invoked (and test passes). Change-Id: I8fdeb6549023cf5ddeb79d610c7c37cf9f13d3cc
2019-04-09 09:12:30 +02:00
@test_utils.SkipIfExternalToolsUnavailable()
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
def test_ValidateVerifiedBootImages_bootImage_wrongKey(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
self._generate_boot_image(boot_image)
info_dict = {
'boot_signer' : 'true',
}
options = {
'verity_key' : os.path.join(self.testdata_dir, 'verity.x509.pem'),
}
self.assertRaises(
AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
options)
relesetools: Enable releasetools_test in presubmit. About half of the testcases rely on external tools (i.e. the ones in `otatools.zip`, which are external to releasetools module, but still built by Android). It's WAI as releasetools scripts are mostly for gluing purpose. However, the current support in Soong doesn't allow packing the helper modules as part of the built releasetools_test. This CL adds a decorator that allows declaring external dependencies in testcases, which will be skipped while running in presubmit. It doesn't affect local invocation of `atest releasetools_test`. Fixes: 112080715 Test: `atest releasetools_test` Test: TreeHugger; check that releasetools_test is invoked (and test passes). Change-Id: I8fdeb6549023cf5ddeb79d610c7c37cf9f13d3cc
2019-04-09 09:12:30 +02:00
@test_utils.SkipIfExternalToolsUnavailable()
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
def test_ValidateVerifiedBootImages_bootImage_corrupted(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img')
self._generate_boot_image(boot_image)
# Corrupt the late byte of the image.
with open(boot_image, 'r+b') as boot_fp:
boot_fp.seek(-1, os.SEEK_END)
last_byte = boot_fp.read(1)
releasetools: Make additional modules Python 3 compatible. Bug: 131631303 Test: `python -m unittest test_sign_target_files_apks` Test: `python3 -m unittest test_sign_target_files_apks` Test: `python -m unittest test_add_img_to_target_files` Test: `python3 -m unittest test_add_img_to_target_files` Test: `python -m unittest test_ota_from_target_files` Test: `python3 -m unittest test_ota_from_target_files` Test: `python -m unittest test_validate_target_files` Test: `python3 -m unittest test_validate_target_files` Test: Run `python3 ota_from_target_files.py` to generate an OTA. Test: Run `python3 sign_target_files_apks.py` to sign a target_files. Change-Id: I56b45bbcbf7aa83e690785a9640c0212e45d12d8
2019-06-25 00:33:41 +02:00
last_byte = bytes([255 - ord(last_byte)])
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
boot_fp.seek(-1, os.SEEK_END)
boot_fp.write(last_byte)
info_dict = {
'boot_signer' : 'true',
}
options = {
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
}
self.assertRaises(
AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
options)
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
def _generate_system_image(self, output_file, system_root=None,
file_map=None):
releasetools: Create VerityImageBuilder. Test: `m dist` with aosp_marlin-userdebug (VB 1.0) Test: `m dist` with aosp_taimen-userdebug (VB 2.0) Test: `python -m unittest discover .` Change-Id: I8c016b7621b73f220fb2a4586cc45a21eeee438d
2018-10-03 23:23:59 +02:00
prop_dict = {
'partition_size': str(1024 * 1024),
'verity': 'true',
'verity_block_device': '/dev/block/system',
'verity_key' : os.path.join(self.testdata_dir, 'testkey'),
'verity_fec': "true",
'verity_signer_cmd': 'verity_signer',
}
verity_image_builder = CreateVerityImageBuilder(prop_dict)
image_size = verity_image_builder.CalculateMaxImageSize()
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
# Use an empty root directory.
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
if not system_root:
system_root = common.MakeTempDir()
Use the new executable for mkuserimg_mke2fs This is in line with the change of mkuserimg_mke2fs.sh to python binary. Bug: 112555072 Bug: 63866463 Test: unittests pass Change-Id: I82c0be1e5bbc685edc15120da73aa43fdc9f2f05
2018-08-16 01:16:21 +02:00
cmd = ['mkuserimg_mke2fs', '-s', system_root, output_file, 'ext4',
releasetools: Clean up the use of `partition_size`. Unless using dynamic partitions, `partition_size` should be a fixed value that equals to the partition size in BoardConfig. It should stay the same when building an image for that partition. Only the actual image size that's used to hold the filesystem could be adjusted. This CL cleans up the uses of `partition_size` and `image_size` to better reflect such logic. With dynamic partitions, the only thing that changes is the need to compute `partition_size` upfront. Once that's done, `partition_size` should remain unchanged. Test: `m dist` Test: `python -m unittest test_add_img_to_target_files` Test: `python -m unittest test_validate_target_files` Change-Id: Idedb3e018c95e8f63dc4d9c423be27f30ebb584f
2018-09-28 00:31:11 +02:00
'/system', str(image_size), '-j', '0']
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
if file_map:
cmd.extend(['-B', file_map])
releasetools: Set default stdout and stderr in common.Run(). stdout and stderr will default to subprocess.PIPE and subprocess.STDOUT respectively (which is the expected behavior from most of the existing callers), unless caller specifies any of them. Test: `m dist` Test: python -m unittest \ test_common \ test_add_img_to_target_files \ test_ota_from_target_files \ test_validate_target_files Change-Id: I43b3f08edfa8a9bcfe54baf9848dc705c048e327
2018-10-05 01:25:33 +02:00
proc = common.Run(cmd)
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
stdoutdata, _ = proc.communicate()
self.assertEqual(
0, proc.returncode,
Use the new executable for mkuserimg_mke2fs This is in line with the change of mkuserimg_mke2fs.sh to python binary. Bug: 112555072 Bug: 63866463 Test: unittests pass Change-Id: I82c0be1e5bbc685edc15120da73aa43fdc9f2f05
2018-08-16 01:16:21 +02:00
"Failed to create system image with mkuserimg_mke2fs: {}".format(
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
stdoutdata))
# Append the verity metadata.
releasetools: Create VerityImageBuilder. Test: `m dist` with aosp_marlin-userdebug (VB 1.0) Test: `m dist` with aosp_taimen-userdebug (VB 2.0) Test: `python -m unittest discover .` Change-Id: I8c016b7621b73f220fb2a4586cc45a21eeee438d
2018-10-03 23:23:59 +02:00
verity_image_builder.Build(output_file)
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
relesetools: Enable releasetools_test in presubmit. About half of the testcases rely on external tools (i.e. the ones in `otatools.zip`, which are external to releasetools module, but still built by Android). It's WAI as releasetools scripts are mostly for gluing purpose. However, the current support in Soong doesn't allow packing the helper modules as part of the built releasetools_test. This CL adds a decorator that allows declaring external dependencies in testcases, which will be skipped while running in presubmit. It doesn't affect local invocation of `atest releasetools_test`. Fixes: 112080715 Test: `atest releasetools_test` Test: TreeHugger; check that releasetools_test is invoked (and test passes). Change-Id: I8fdeb6549023cf5ddeb79d610c7c37cf9f13d3cc
2019-04-09 09:12:30 +02:00
@test_utils.SkipIfExternalToolsUnavailable()
Also install verity_key to ramdisk for non-system-as-root target. The commit in d14b895665f9fb122f93edb16655fd3a49510032 (https://android-review.googlesource.com/c/platform/build/+/728287) changed partition layout, to always build the root dir into system.img, even for devices not using system-as-root (i.e. the ones with separate boot ramdisk). With the new layout, there will be two root dirs for non-system-as-root targets during the boot. If such a device uses Verified Boot 1.0, /verity_key needs to be available in both roots, to establish the chain of trust. - bootloader uses the baked-in key to verify boot.img; it then loads the ramdisk from the verified boot.img - First stage init uses /verity_key (in ramdisk) to verify and mount system.img at /system, then chroot's to it - Second stage init uses /verity_key (in system.img) to verify and mount other partitions This CL adds rules to additionally install verity_key into ramdisk for such targets. Bug: 139770257 Test: Set up a target to use non-system-as-root (BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`. Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist in the built target_files.zip. Test: Run validate_target_files to validate the above target_files.zip. $ validate_target_files \ --verity_key_mincrypt /path/to/verity_key \ target_files.zip Test: Run sign_target_files_apks to sign the above target. Re-run validate_target_files on the signed target_files.zip. Test: python -m unittest test_validate_target_files Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
2019-09-16 21:10:43 +02:00
def test_ValidateVerifiedBootImages_systemRootImage(self):
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
self._generate_system_image(system_image)
# Pack the verity key.
Also install verity_key to ramdisk for non-system-as-root target. The commit in d14b895665f9fb122f93edb16655fd3a49510032 (https://android-review.googlesource.com/c/platform/build/+/728287) changed partition layout, to always build the root dir into system.img, even for devices not using system-as-root (i.e. the ones with separate boot ramdisk). With the new layout, there will be two root dirs for non-system-as-root targets during the boot. If such a device uses Verified Boot 1.0, /verity_key needs to be available in both roots, to establish the chain of trust. - bootloader uses the baked-in key to verify boot.img; it then loads the ramdisk from the verified boot.img - First stage init uses /verity_key (in ramdisk) to verify and mount system.img at /system, then chroot's to it - Second stage init uses /verity_key (in system.img) to verify and mount other partitions This CL adds rules to additionally install verity_key into ramdisk for such targets. Bug: 139770257 Test: Set up a target to use non-system-as-root (BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`. Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist in the built target_files.zip. Test: Run validate_target_files to validate the above target_files.zip. $ validate_target_files \ --verity_key_mincrypt /path/to/verity_key \ target_files.zip Test: Run sign_target_files_apks to sign the above target. Re-run validate_target_files on the signed target_files.zip. Test: python -m unittest test_validate_target_files Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
2019-09-16 21:10:43 +02:00
verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key')
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
os.makedirs(os.path.dirname(verity_key_mincrypt))
shutil.copyfile(
os.path.join(self.testdata_dir, 'testkey_mincrypt'),
verity_key_mincrypt)
Also install verity_key to ramdisk for non-system-as-root target. The commit in d14b895665f9fb122f93edb16655fd3a49510032 (https://android-review.googlesource.com/c/platform/build/+/728287) changed partition layout, to always build the root dir into system.img, even for devices not using system-as-root (i.e. the ones with separate boot ramdisk). With the new layout, there will be two root dirs for non-system-as-root targets during the boot. If such a device uses Verified Boot 1.0, /verity_key needs to be available in both roots, to establish the chain of trust. - bootloader uses the baked-in key to verify boot.img; it then loads the ramdisk from the verified boot.img - First stage init uses /verity_key (in ramdisk) to verify and mount system.img at /system, then chroot's to it - Second stage init uses /verity_key (in system.img) to verify and mount other partitions This CL adds rules to additionally install verity_key into ramdisk for such targets. Bug: 139770257 Test: Set up a target to use non-system-as-root (BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`. Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist in the built target_files.zip. Test: Run validate_target_files to validate the above target_files.zip. $ validate_target_files \ --verity_key_mincrypt /path/to/verity_key \ target_files.zip Test: Run sign_target_files_apks to sign the above target. Re-run validate_target_files on the signed target_files.zip. Test: python -m unittest test_validate_target_files Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
2019-09-16 21:10:43 +02:00
info_dict = {
'system_root_image' : 'true',
'verity' : 'true',
}
options = {
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
'verity_key_mincrypt' : verity_key_mincrypt,
}
ValidateVerifiedBootImages(input_tmp, info_dict, options)
@test_utils.SkipIfExternalToolsUnavailable()
def test_ValidateVerifiedBootImages_nonSystemRootImage(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
self._generate_system_image(system_image)
# Pack the verity key into the root dir in system.img.
verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key')
os.makedirs(os.path.dirname(verity_key_mincrypt))
shutil.copyfile(
os.path.join(self.testdata_dir, 'testkey_mincrypt'),
verity_key_mincrypt)
# And a copy in ramdisk.
verity_key_ramdisk = os.path.join(
input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
os.makedirs(os.path.dirname(verity_key_ramdisk))
shutil.copyfile(
os.path.join(self.testdata_dir, 'testkey_mincrypt'),
verity_key_ramdisk)
releasetools: Support validating Verified Boot images. For a given (signed) target-files.zip, this CLs allows verifying the Verified Boot related images. It works with both of VB 1.0 and VB 2.0 images. As part of the CL, it also moves validate_target_files.py to argparse, which is more flexible than the traditional getopt module. Also add unittests for the VB 1.0 path. VB 2.0 tests will be added in follow-up CL. Example usage: - Run the script on aosp_bullhead target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key build/target/product/security/verity.x509.pem \ --verity_key_mincrypt build/target/product/security/verity_key \ aosp_bullhead-target_files-4522605.zip - Run the script on aosp_walleye target-files.zip. $ ./build/make/tools/releasetools/validate_target_files.py \ --verity_key external/avb/test/data/testkey_rsa4096.pem \ aosp_walleye-target_files-4627254.zip Bug: 63706333 Bug: 65486807 Test: Run validate_target_files.py on target_files.zip files. Test: PYTHONPATH=build/make/tools/releasetools python -m unittest \ test_validate_target_files Change-Id: I170f14d5828d15f3687d8af0a89a816968069057
2018-03-11 05:41:16 +01:00
info_dict = {
'verity' : 'true',
}
options = {
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
'verity_key_mincrypt' : verity_key_mincrypt,
}
ValidateVerifiedBootImages(input_tmp, info_dict, options)
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
Also install verity_key to ramdisk for non-system-as-root target. The commit in d14b895665f9fb122f93edb16655fd3a49510032 (https://android-review.googlesource.com/c/platform/build/+/728287) changed partition layout, to always build the root dir into system.img, even for devices not using system-as-root (i.e. the ones with separate boot ramdisk). With the new layout, there will be two root dirs for non-system-as-root targets during the boot. If such a device uses Verified Boot 1.0, /verity_key needs to be available in both roots, to establish the chain of trust. - bootloader uses the baked-in key to verify boot.img; it then loads the ramdisk from the verified boot.img - First stage init uses /verity_key (in ramdisk) to verify and mount system.img at /system, then chroot's to it - Second stage init uses /verity_key (in system.img) to verify and mount other partitions This CL adds rules to additionally install verity_key into ramdisk for such targets. Bug: 139770257 Test: Set up a target to use non-system-as-root (BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`. Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist in the built target_files.zip. Test: Run validate_target_files to validate the above target_files.zip. $ validate_target_files \ --verity_key_mincrypt /path/to/verity_key \ target_files.zip Test: Run sign_target_files_apks to sign the above target. Re-run validate_target_files on the signed target_files.zip. Test: python -m unittest test_validate_target_files Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
2019-09-16 21:10:43 +02:00
@test_utils.SkipIfExternalToolsUnavailable()
def test_ValidateVerifiedBootImages_nonSystemRootImage_mismatchingKeys(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
self._generate_system_image(system_image)
# Pack the verity key into the root dir in system.img.
verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key')
os.makedirs(os.path.dirname(verity_key_mincrypt))
shutil.copyfile(
os.path.join(self.testdata_dir, 'testkey_mincrypt'),
verity_key_mincrypt)
# And an invalid copy in ramdisk.
verity_key_ramdisk = os.path.join(
input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
os.makedirs(os.path.dirname(verity_key_ramdisk))
shutil.copyfile(
os.path.join(self.testdata_dir, 'verity_mincrypt'),
verity_key_ramdisk)
info_dict = {
'verity' : 'true',
}
options = {
'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'),
'verity_key_mincrypt' : verity_key_mincrypt,
}
self.assertRaises(
AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict,
options)
relesetools: Enable releasetools_test in presubmit. About half of the testcases rely on external tools (i.e. the ones in `otatools.zip`, which are external to releasetools module, but still built by Android). It's WAI as releasetools scripts are mostly for gluing purpose. However, the current support in Soong doesn't allow packing the helper modules as part of the built releasetools_test. This CL adds a decorator that allows declaring external dependencies in testcases, which will be skipped while running in presubmit. It doesn't affect local invocation of `atest releasetools_test`. Fixes: 112080715 Test: `atest releasetools_test` Test: TreeHugger; check that releasetools_test is invoked (and test passes). Change-Id: I8fdeb6549023cf5ddeb79d610c7c37cf9f13d3cc
2019-04-09 09:12:30 +02:00
@test_utils.SkipIfExternalToolsUnavailable()
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
def test_ValidateFileConsistency_incompleteRange(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
system_root = os.path.join(input_tmp, "SYSTEM")
os.mkdir(system_root)
releasetools: Support verifying files with non-monotonic ranges. Fixes: 79951650 Test: Run validate_target_files on target_files.zip with files in non-monotonic ranges. Test: python -m unittest test_validate_target_files Test: python3 -m unittest test_validate_target_files Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-04 08:12:55 +02:00
# Write test files that contain multiple blocks of zeros, and these zero
# blocks will be omitted by kernel. Each test file will occupy one block in
# the final system image.
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
with open(os.path.join(system_root, 'a'), 'w') as f:
releasetools: Support verifying files with non-monotonic ranges. Fixes: 79951650 Test: Run validate_target_files on target_files.zip with files in non-monotonic ranges. Test: python -m unittest test_validate_target_files Test: python3 -m unittest test_validate_target_files Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-04 08:12:55 +02:00
f.write('aaa')
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
f.write('\0' * 4096 * 3)
with open(os.path.join(system_root, 'b'), 'w') as f:
releasetools: Support verifying files with non-monotonic ranges. Fixes: 79951650 Test: Run validate_target_files on target_files.zip with files in non-monotonic ranges. Test: python -m unittest test_validate_target_files Test: python3 -m unittest test_validate_target_files Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-04 08:12:55 +02:00
f.write('bbb')
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
f.write('\0' * 4096 * 3)
raw_file_map = os.path.join(input_tmp, 'IMAGES', 'raw_system.map')
self._generate_system_image(system_image, system_root, raw_file_map)
# Parse the generated file map and update the block ranges for each file.
file_map_list = {}
image_ranges = RangeSet()
releasetools: Support verifying files with non-monotonic ranges. Fixes: 79951650 Test: Run validate_target_files on target_files.zip with files in non-monotonic ranges. Test: python -m unittest test_validate_target_files Test: python3 -m unittest test_validate_target_files Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-04 08:12:55 +02:00
with open(raw_file_map) as f:
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
for line in f.readlines():
info = line.split()
self.assertEqual(2, len(info))
image_ranges = image_ranges.union(RangeSet(info[1]))
file_map_list[info[0]] = RangeSet(info[1])
# Add one unoccupied block as the shared block for all test files.
mock_shared_block = RangeSet("10-20").subtract(image_ranges).first(1)
with open(os.path.join(input_tmp, 'IMAGES', 'system.map'), 'w') as f:
for key in sorted(file_map_list.keys()):
releasetools: Support verifying files with non-monotonic ranges. Fixes: 79951650 Test: Run validate_target_files on target_files.zip with files in non-monotonic ranges. Test: python -m unittest test_validate_target_files Test: python3 -m unittest test_validate_target_files Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-04 08:12:55 +02:00
line = '{} {}\n'.format(
Check the completeness of original blocks during target files validation The validate_target_files.py checks the 'incomplete' field of the range in file_map. And range has already considered the shared blocks and could be smaller in size than the original file range. Therefore, the 'incomplete' flag was set on the original range in common.py; and we should switch to use the original range also during validation. I also checked another flag usage in CanUseImgdiff(), and it has explicitly rejected cases of shared blocks. Bug: 124868891 Test: unit tests pass Change-Id: I03959625d7b81fd83420db98f01d23f54064bcd2
2019-02-21 00:03:43 +01:00
key, file_map_list[key].union(mock_shared_block))
f.write(line)
# Prepare for the target zip file
input_file = common.MakeTempFile()
all_entries = ['SYSTEM/', 'SYSTEM/b', 'SYSTEM/a', 'IMAGES/',
'IMAGES/system.map', 'IMAGES/system.img']
with zipfile.ZipFile(input_file, 'w') as input_zip:
for name in all_entries:
input_zip.write(os.path.join(input_tmp, name), arcname=name)
# Expect the validation to pass and both files are skipped due to
# 'incomplete' block range.
releasetools: Support verifying files with non-monotonic ranges. Fixes: 79951650 Test: Run validate_target_files on target_files.zip with files in non-monotonic ranges. Test: python -m unittest test_validate_target_files Test: python3 -m unittest test_validate_target_files Change-Id: I82571d3358598775de4cdeb5e64035689fea6487
2019-10-04 08:12:55 +02:00
with zipfile.ZipFile(input_file) as input_zip:
info_dict = {'extfs_sparse_flag': '-s'}
ValidateFileConsistency(input_zip, input_tmp, info_dict)
@test_utils.SkipIfExternalToolsUnavailable()
def test_ValidateFileConsistency_nonMonotonicRanges(self):
input_tmp = common.MakeTempDir()
os.mkdir(os.path.join(input_tmp, 'IMAGES'))
system_image = os.path.join(input_tmp, 'IMAGES', 'system.img')
system_root = os.path.join(input_tmp, "SYSTEM")
os.mkdir(system_root)
# Write the test file that contain three blocks of 'a', 'b', 'c'.
with open(os.path.join(system_root, 'abc'), 'w') as f:
f.write('a' * 4096 + 'b' * 4096 + 'c' * 4096)
raw_file_map = os.path.join(input_tmp, 'IMAGES', 'raw_system.map')
self._generate_system_image(system_image, system_root, raw_file_map)
# Parse the generated file map and manipulate the block ranges of 'abc' to
# be 'cba'.
file_map_list = {}
with open(raw_file_map) as f:
for line in f.readlines():
info = line.split()
self.assertEqual(2, len(info))
ranges = RangeSet(info[1])
self.assertTrue(ranges.monotonic)
blocks = reversed(list(ranges.next_item()))
file_map_list[info[0]] = ' '.join([str(block) for block in blocks])
# Update the contents of 'abc' to be 'cba'.
with open(os.path.join(system_root, 'abc'), 'w') as f:
f.write('c' * 4096 + 'b' * 4096 + 'a' * 4096)
# Update the system.map.
with open(os.path.join(input_tmp, 'IMAGES', 'system.map'), 'w') as f:
for key in sorted(file_map_list.keys()):
f.write('{} {}\n'.format(key, file_map_list[key]))
# Get the target zip file.
input_file = common.MakeTempFile()
all_entries = ['SYSTEM/', 'SYSTEM/abc', 'IMAGES/',
'IMAGES/system.map', 'IMAGES/system.img']
with zipfile.ZipFile(input_file, 'w') as input_zip:
for name in all_entries:
input_zip.write(os.path.join(input_tmp, name), arcname=name)
with zipfile.ZipFile(input_file) as input_zip:
info_dict = {'extfs_sparse_flag': '-s'}
ValidateFileConsistency(input_zip, input_tmp, info_dict)
Reference in a new issue Copy permalink