diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index cbcad6d06e..6c526c837d 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -25,9 +25,12 @@ import os.path import subprocess import sys import commands +import common import shutil import tempfile +OPTIONS = common.OPTIONS + FIXED_SALT = "aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7" def RunCommand(cmd): @@ -55,6 +58,7 @@ def GetVerityTreeSize(partition_size): def GetVerityMetadataSize(partition_size): cmd = "system/extras/verity/build_verity_metadata.py -s %d" cmd %= partition_size + status, output = commands.getstatusoutput(cmd) if status: print output @@ -162,7 +166,11 @@ def MakeVerityEnabledImage(out_file, prop_dict): image_size = prop_dict["partition_size"] block_dev = prop_dict["verity_block_device"] signer_key = prop_dict["verity_key"] + ".pk8" - signer_path = prop_dict["verity_signer_cmd"] + if OPTIONS.verity_signer_path is not None: + signer_path = OPTIONS.verity_signer_path + ' ' + signer_path += ' '.join(OPTIONS.verity_signer_args) + else: + signer_path = prop_dict["verity_signer_cmd"] # make a tempdir tempdir_name = tempfile.mkdtemp(suffix="_verity_images") @@ -240,6 +248,7 @@ def BuildImage(in_dir, prop_dict, out_file): # adjust the partition size to make room for the hashes if this is to be verified if verity_supported and is_verity_partition and fs_spans_partition: partition_size = int(prop_dict.get("partition_size")) + adjusted_size = AdjustPartitionSizeForVerity(partition_size) if not adjusted_size: return False diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index c55f94c697..4b276c3e70 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -51,6 +51,9 @@ class Options(object): self.private_key_suffix = ".pk8" # use otatools built boot_signer by default self.boot_signer_path = "boot_signer" + self.boot_signer_args = [] + self.verity_signer_path = None + self.verity_signer_args = [] self.verbose = False self.tempfiles = [] self.device_specific = None @@ -362,9 +365,11 @@ def BuildBootableImage(sourcedir, fs_config_file, info_dict=None): if (info_dict.get("boot_signer", None) == "true" and info_dict.get("verity_key", None)): path = "/" + os.path.basename(sourcedir).lower() - cmd = [OPTIONS.boot_signer_path, path, img.name, - info_dict["verity_key"] + ".pk8", - info_dict["verity_key"] + ".x509.pem", img.name] + cmd = [OPTIONS.boot_signer_path] + cmd.extend(OPTIONS.boot_signer_args) + cmd.extend([path, img.name, + info_dict["verity_key"] + ".pk8", + info_dict["verity_key"] + ".x509.pem", img.name]) p = Run(cmd, stdout=subprocess.PIPE) p.communicate() assert p.returncode == 0, "boot_signer of %s image failed" % path @@ -657,7 +662,8 @@ def ParseOptions(argv, argv, "hvp:s:x:" + extra_opts, ["help", "verbose", "path=", "signapk_path=", "extra_signapk_args=", "java_path=", "java_args=", "public_key_suffix=", - "private_key_suffix=", "boot_signer_path=", "device_specific=", + "private_key_suffix=", "boot_signer_path=", "boot_signer_args=", + "verity_signer_path=", "verity_signer_args=", "device_specific=", "extra="] + list(extra_long_opts)) except getopt.GetoptError as err: @@ -687,6 +693,12 @@ def ParseOptions(argv, OPTIONS.private_key_suffix = a elif o in ("--boot_signer_path",): OPTIONS.boot_signer_path = a + elif o in ("--boot_signer_args",): + OPTIONS.boot_signer_args = shlex.split(a) + elif o in ("--verity_signer_path",): + OPTIONS.verity_signer_path = a + elif o in ("--verity_signer_args",): + OPTIONS.verity_signer_args = shlex.split(a) elif o in ("-s", "--device_specific"): OPTIONS.device_specific = a elif o in ("-x", "--extra"):