From e147d481fe040a350d27c011b9ba5044e1a5b537 Mon Sep 17 00:00:00 2001 From: Jan Monsch Date: Wed, 23 Jun 2021 12:30:35 +0200 Subject: [PATCH] Removing AFTL integration from release tools. Bug: 158639560 Test: Treehugger Change-Id: I6949385e3448ad539099966c41ce99f156e3fdc4 --- core/Makefile | 1 - tools/releasetools/common.py | 63 +------------- tools/releasetools/test_common.py | 82 ------------------- .../testdata/test_aftl_rsa4096.pem | 52 ------------ .../testdata/test_transparency_key.pub | 15 ---- 5 files changed, 1 insertion(+), 212 deletions(-) delete mode 100644 tools/releasetools/testdata/test_aftl_rsa4096.pem delete mode 100644 tools/releasetools/testdata/test_transparency_key.pub diff --git a/core/Makefile b/core/Makefile index 1a60157db7..f96e7b3bc1 100644 --- a/core/Makefile +++ b/core/Makefile @@ -4234,7 +4234,6 @@ ifeq ($(build_otatools_package),true) INTERNAL_OTATOOLS_MODULES := \ aapt2 \ add_img_to_target_files \ - aftltool \ apksigner \ append2simg \ avbtool \ diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 498e48728b..0711af5270 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -80,11 +80,6 @@ class Options(object): self.boot_signer_args = [] self.verity_signer_path = None self.verity_signer_args = [] - self.aftl_tool_path = None - self.aftl_server = None - self.aftl_key_path = None - self.aftl_manufacturer_key_path = None - self.aftl_signer_helper = None self.verbose = False self.tempfiles = [] self.device_specific = None @@ -1383,46 +1378,6 @@ def GetAvbChainedPartitionArg(partition, info_dict, key=None): return "{}:{}:{}".format(partition, rollback_index_location, pubkey_path) -def ConstructAftlMakeImageCommands(output_image): - """Constructs the command to append the aftl image to vbmeta.""" - - # Ensure the other AFTL parameters are set as well. - assert OPTIONS.aftl_tool_path is not None, 'No aftl tool provided.' - assert OPTIONS.aftl_key_path is not None, 'No AFTL key provided.' - assert OPTIONS.aftl_manufacturer_key_path is not None, \ - 'No AFTL manufacturer key provided.' - - vbmeta_image = MakeTempFile() - os.rename(output_image, vbmeta_image) - build_info = BuildInfo(OPTIONS.info_dict, use_legacy_id=True) - version_incremental = build_info.GetBuildProp("ro.build.version.incremental") - aftltool = OPTIONS.aftl_tool_path - server_argument_list = [OPTIONS.aftl_server, OPTIONS.aftl_key_path] - aftl_cmd = [aftltool, "make_icp_from_vbmeta", - "--vbmeta_image_path", vbmeta_image, - "--output", output_image, - "--version_incremental", version_incremental, - "--transparency_log_servers", ','.join(server_argument_list), - "--manufacturer_key", OPTIONS.aftl_manufacturer_key_path, - "--algorithm", "SHA256_RSA4096", - "--padding", "4096"] - if OPTIONS.aftl_signer_helper: - aftl_cmd.extend(shlex.split(OPTIONS.aftl_signer_helper)) - return aftl_cmd - - -def AddAftlInclusionProof(output_image): - """Appends the aftl inclusion proof to the vbmeta image.""" - - aftl_cmd = ConstructAftlMakeImageCommands(output_image) - RunAndCheckOutput(aftl_cmd) - - verify_cmd = ['aftltool', 'verify_image_icp', '--vbmeta_image_path', - output_image, '--transparency_log_pub_keys', - OPTIONS.aftl_key_path] - RunAndCheckOutput(verify_cmd) - - def AppendGkiSigningArgs(cmd): """Append GKI signing arguments for mkbootimg.""" # e.g., --gki_signing_key path/to/signing_key @@ -1516,10 +1471,6 @@ def BuildVBMeta(image_path, partitions, name, needed_partitions): RunAndCheckOutput(cmd) - # Generate the AFTL inclusion proof. - if OPTIONS.aftl_server is not None: - AddAftlInclusionProof(image_path) - def _MakeRamdisk(sourcedir, fs_config_file=None, ramdisk_format=RamdiskFormat.GZ): @@ -2477,9 +2428,7 @@ def ParseOptions(argv, "java_path=", "java_args=", "android_jar_path=", "public_key_suffix=", "private_key_suffix=", "boot_signer_path=", "boot_signer_args=", "verity_signer_path=", "verity_signer_args=", "device_specific=", - "extra=", "logfile=", "aftl_tool_path=", "aftl_server=", - "aftl_key_path=", "aftl_manufacturer_key_path=", - "aftl_signer_helper="] + list(extra_long_opts)) + "extra=", "logfile="] + list(extra_long_opts)) except getopt.GetoptError as err: Usage(docstring) print("**", str(err), "**") @@ -2517,16 +2466,6 @@ def ParseOptions(argv, OPTIONS.verity_signer_path = a elif o in ("--verity_signer_args",): OPTIONS.verity_signer_args = shlex.split(a) - elif o in ("--aftl_tool_path",): - OPTIONS.aftl_tool_path = a - elif o in ("--aftl_server",): - OPTIONS.aftl_server = a - elif o in ("--aftl_key_path",): - OPTIONS.aftl_key_path = a - elif o in ("--aftl_manufacturer_key_path",): - OPTIONS.aftl_manufacturer_key_path = a - elif o in ("--aftl_signer_helper",): - OPTIONS.aftl_signer_helper = a elif o in ("-s", "--device_specific"): OPTIONS.device_specific = a elif o in ("-x", "--extra"): diff --git a/tools/releasetools/test_common.py b/tools/releasetools/test_common.py index 1a00549c3f..e42d41791c 100644 --- a/tools/releasetools/test_common.py +++ b/tools/releasetools/test_common.py @@ -1631,88 +1631,6 @@ class CommonUtilsTest(test_utils.ReleaseToolsTestCase): self.assertEqual('3', chained_partition_args[1]) self.assertTrue(os.path.exists(chained_partition_args[2])) - def test_BuildVBMeta_appendAftlCommandSyntax(self): - testdata_dir = test_utils.get_testdata_dir() - common.OPTIONS.info_dict = { - 'ab_update': 'true', - 'avb_avbtool': 'avbtool', - 'build.prop': common.PartitionBuildProps.FromDictionary( - 'system', { - 'ro.build.version.incremental': '6285659', - 'ro.product.device': 'coral', - 'ro.build.fingerprint': - 'google/coral/coral:R/RP1A.200311.002/' - '6285659:userdebug/dev-keys'} - ), - } - common.OPTIONS.aftl_tool_path = 'aftltool' - common.OPTIONS.aftl_server = 'log.endpoints.aftl-dev.cloud.goog:9000' - common.OPTIONS.aftl_key_path = os.path.join(testdata_dir, - 'test_transparency_key.pub') - common.OPTIONS.aftl_manufacturer_key_path = os.path.join( - testdata_dir, 'test_aftl_rsa4096.pem') - - vbmeta_image = tempfile.NamedTemporaryFile(delete=False) - cmd = common.ConstructAftlMakeImageCommands(vbmeta_image.name) - expected_cmd = [ - 'aftltool', 'make_icp_from_vbmeta', - '--vbmeta_image_path', 'place_holder', - '--output', vbmeta_image.name, - '--version_incremental', '6285659', - '--transparency_log_servers', - 'log.endpoints.aftl-dev.cloud.goog:9000,{}'.format( - common.OPTIONS.aftl_key_path), - '--manufacturer_key', common.OPTIONS.aftl_manufacturer_key_path, - '--algorithm', 'SHA256_RSA4096', - '--padding', '4096'] - - # ignore the place holder, i.e. path to a temp file - self.assertEqual(cmd[:3], expected_cmd[:3]) - self.assertEqual(cmd[4:], expected_cmd[4:]) - - @unittest.skip("enable after we have a server for public") - def test_BuildVBMeta_appendAftlContactServer(self): - testdata_dir = test_utils.get_testdata_dir() - common.OPTIONS.info_dict = { - 'ab_update': 'true', - 'avb_avbtool': 'avbtool', - 'build.prop': common.PartitionBuildProps.FromDictionary( - 'system', { - 'ro.build.version.incremental': '6285659', - 'ro.product.device': 'coral', - 'ro.build.fingerprint': - 'google/coral/coral:R/RP1A.200311.002/' - '6285659:userdebug/dev-keys'} - ) - } - common.OPTIONS.aftl_tool_path = "aftltool" - common.OPTIONS.aftl_server = "log.endpoints.aftl-dev.cloud.goog:9000" - common.OPTIONS.aftl_key_path = os.path.join(testdata_dir, - 'test_transparency_key.pub') - common.OPTIONS.aftl_manufacturer_key_path = os.path.join( - testdata_dir, 'test_aftl_rsa4096.pem') - - input_dir = common.MakeTempDir() - system_image = common.MakeTempFile() - build_image_cmd = ['mkuserimg_mke2fs', input_dir, system_image, 'ext4', - '/system', str(4096 * 100), '-j', '0', '-s'] - common.RunAndCheckOutput(build_image_cmd) - - add_footer_cmd = ['avbtool', 'add_hashtree_footer', - '--partition_size', str(4096 * 150), - '--partition_name', 'system', - '--image', system_image] - common.RunAndCheckOutput(add_footer_cmd) - - vbmeta_image = common.MakeTempFile() - common.BuildVBMeta(vbmeta_image, {'system': system_image}, 'vbmeta', - ['system']) - - verify_cmd = ['aftltool', 'verify_image_icp', '--vbmeta_image_path', - vbmeta_image, '--transparency_log_pub_keys', - common.OPTIONS.aftl_key_path] - common.RunAndCheckOutput(verify_cmd) - @test_utils.SkipIfExternalToolsUnavailable() def test_AppendGkiSigningArgs_NoSigningKeyPath(self): # A non-GKI boot.img has no gki_signing_key_path. diff --git a/tools/releasetools/testdata/test_aftl_rsa4096.pem b/tools/releasetools/testdata/test_aftl_rsa4096.pem deleted file mode 100644 index 89f1ef3e59..0000000000 --- a/tools/releasetools/testdata/test_aftl_rsa4096.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDDlhUPUgtWL6LB -Wybp6wsEJeioV1aRLPGSA2/xIpTiJUK46cb/MD5eBTWjKENoIgX23eL/ePy2I68e -+WvcZ5ITGOTRQqNVZIdc5qvr03wkV0BsJQMHSMAHacePpB/4xM5MzN/6Ku1wA8Dw -uK+v/Cw4hqq8H/gP0oPVQ1bwcIePzRPX4YkkyXusoyzTIm5DJ9reVtyFucKqANCN -aFmGxcaEc2nADtARQWJpO95joFsMvr68+JBxpCt8aWbxuSz/rLJ9Y8Z46V/++XG+ -E4QEob/WVY5pUD/RyogLrfhIf+zO7R3wJklXElSFacIX9+RzR9dgkQVbqxLfBKIP -XWLCsF4I4EnvqUtaVjIMl8UpZpoq8pDLRqZ71Os5xZYq06x9E02M6DnvFbZEdaOX -MCz2mmNX3g5FahvJayBhCuNhyTkd79MFR71Wp48TvWxKz3S7q0T0cWHNhtPkHSCa -KwD93AQnqtLKYDGkHIZBzJPcs+QxbzdHyGzhXZb+qh5KmQvNA9HRBQY1RkMmzIbI -8pzYTwpOkbCEhVoCWcRaaF1Pgl+zcpgJOMbBBUabx/dConFIhMDW/I5fHgKgwGqm -tWUibrMPdnfS6W5MXi8jC0eDuZl0VwmdE+4dLujiOofUYnb7D+GXojf3PrSLcTw1 -PmG0f7l5xDKN9a0N+IXqvD2oAANTsQIDAQABAoICAQCW5HXw8OogHvYg2HMIKrbA -B4McRO1baWIhtRcq4PQeGIMGaA2HmS+0l65O5uRCNWWGlJ7pW+0TlCop6mHFk/4F -T8JQk2mxmrI4ARqIAQwYeVwRUuioOP81eO1mK0gjQ6qpY7I0reOq9KpozQN18UYo -gfS82Kkng9EDukUbkKV1UtFJTw3gXLVWdjlB1qFcnCXmPPs7DBpbz+8V+XiAWpsS -WnwumP77IQeMiozDLdaw2YQMBHRjyDVocWTjfmpyAkleJZjcdagC7W1MKIBElomL -EUyigTALaYZWBGy1ekQ3TIY5XUBdtZ2RpAsDNNOCAN3v+VI565zOhCOHWRO1gh24 -vyhBFR0HYqBRoLbLAqo8bM5iLPz1EWGyaTnfxt38J8Va0TD7KihcBnphiA+dkhEF -oc0yIp/8S2o3CfkNok7Ju8Amb7M4JJuKhuP8wxn86fAHpjjd3Y4SlZp0NrTrd7T2 -msLIneb1OUZZxFxyJG1XQGEZplLPalnGadIF4p3q/3nd1rVb491qCNl/A5QwhI9r -ZV62O90M9fu3+cAynBLbMT09IZecNwP1gXmunlY6YH+ymM+3NFqC8q2tnzomiz8/ -Fee0ftZ2C/jK62fET0Y8LPWGkVQGHtvZH0FPg4suA0GMmYAe0tQl93A+jFltfKKZ -RgCDrYs6Wv76E9gnWVnEdQKCAQEA8L76LjZUTKOg83Bra+hP+cXnwGsgwOwJfGBp -OM++5HzlpYjtbD38esBZVJtwb/8xJGdsHtP2n7ZgbSDuAnRj5S50QHIApvRkz1Y+ -1hL8tAdgVP2JkYjpyG3bPk4QVKyXkKvBcp2BCidXs75+HzfOxqkazumaYOYo2guh -azHdka2xSqxcZqo4yyORc/oue25RU4skmuNDOlP0+OTxU/uXnl7QZmlaOfT5TqO4 -s7uER4BXt/87j44mnOBdXmtqrsL49+R9bzVskx76aeuaBbwf7jnpR058E71OZwSd -F1P3fx6hl0yLOZF/5Jnq+14rEna6jH50XtzlhB6deSZFTOw2gwKCAQEAz/qXRzwH -I0YWISgkUG2zBJseHmfHqV4CDzb5+tTJ3B2I8cXE0m2sQJXi2s7oMhWSc1cQOHCX -txpgWaD59uBz2lcwnGRNp27TRXv8Wo+X0+O+lGWU2cO+j8AB2Vtb7F7rCySp0+Uu -z+dBfoQ2zhKEQlkX0YldVILGzCL3QBHVvPC4iDlwkMRbcejDoh9NsBtHL8lG+MAw -ZXbwJjhaJkhTXJFpJpejq70naS8VVlLt8Os80iuBXe5JK/ecAHtsNcJlXO02sMNZ -Fbcy8WosGyvRKQ/tHtTjAlxZ7Ey8usWE8BvWBdUgiIBkIcjLtE2GrA8eOGNb3v1I -HRt8NsV8yaLWuwKCAQAR7SaT6le8nTKO7gARuOq7npDzMwbtVqYeLM+o+08rlGFF -QjzronH6cfg05J4quMXgABN8+CuVGO91MM6IQEJv/lWJtvN1ex1GkxV6u0812JbD -vV1RCPDfi86XhRiSNYfTrfZponDJYMSXDcg2auFqyYzFe3+TV5ATLGqIoN3uyxA4 -jz0SJ/qypaNfD3IGnuBPaD0Bi4ql/TpwjhuqNUHE+SprdczSI/usb2SBfaUL7fKa -MNcuiVc2tz48maMIAFypmMn+TewXyGa9HF4Lr0ZxZr6IIL/8eEwuP5my8v2q6Yz+ -xyRW1Q7A5vUoYoqyhUS+0Wu45JnyjJUNQFxIrg4hAoIBAF1uBIGSvN4iwRQ6FT4w -WahrCre8BVzXh3NQTjJZXylL91YtcwLZE/Wbn+KN6o99U2IPLZE9O1qdNcVt5Hz8 -Te87FfJbuOrLhYuEbFQ+h4U/nUDK9XhyT+wB5JLBUOU5qrtByC0Rmtr411o/iONA -PDwWC/YskEnDygywdIRKvsr3FN7VdvUB0Na2KxRsnZjMWElmUUS0Ccm7CZ0R2aWy -/gfqpuMYYgVnnwnIhfxWmt+MvbDorGAHCMYAoQsyZuUrpB9/zP7RcvanavI6sP+v -ynF43xvnpOdNl3Po8SuyScsXpijOmqPXkaP/sUsZPLOUww2vzPi6raetzjpIs4td -ZLsCggEAe42Zj3FEbruJZeDgmd9lSc0j8UF90mNw8KH44IbuA6R9fGv3WkrNHEVd -XZOwjWqAxhOj6pFoJk8n6h5d8iS/yXFZ0AfBMc21XMecu9mnfx9E9LFAIWmv7Wut -vy3h2BqY+crglpg5RAw+3J97HAGMYCvp+hH2il+9zzjpmCtTD21LRMkw34szY7RR -CDy9G5FTmKVlxw5eegvyj164olQRLurEdUIfSr5UnBjrWftJHy9JW8KWCeFDSmm9 -xCl3nGDyQuZmOTngxPtrOYAhb5LoKR9BeGcy6jlom7V4nYYqm3t1IDBgMqjYGT9c -vqQgxO2OFsQOJQ/4PRYEKd1neTlZrw== ------END PRIVATE KEY----- diff --git a/tools/releasetools/testdata/test_transparency_key.pub b/tools/releasetools/testdata/test_transparency_key.pub deleted file mode 100644 index 8bfd81619d..0000000000 --- a/tools/releasetools/testdata/test_transparency_key.pub +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4ilqCNsenNA013iCdwgD -YPxZ853nbHG9lMBp9boXiwRcqT/8bUKHIL7YX5z7s+QoRYVY3rkMKppRabclXzyx -H59YnPMaU4uv7NqwWzjgaZo7E+vo7IF+KBjV3cJulId5Av0yIYUCsrwd7MpGtWdC -Q3S+7Vd4zwzCKEhcvliNIhnNlp1U3wNkPCxOyCAsMEn6k8O5ar12ke5TvxDv15db -rPDeHh8G2OYWoCkWL+lSN35L2kOJqKqVbLKWrrOd96RCYrrtbPCi580OADJRcUlG -lgcjwmNwmypBWvQMZ6ITj0P0ksHnl1zZz1DE2rXe1goLI1doghb5KxLaezlR8c2C -E3w/uo9KJgNmNgUVzzqZZ6FE0moyIDNOpP7KtZAL0DvEZj6jqLbB0ccPQElrg52m -Dv2/A3nYSr0mYBKeskT4+Bg7PGgoC8p7WyLSxMyzJEDYdtrj9OFx6eZaA23oqTQx -k3Qq5H8RfNBeeSUEeKF7pKH/7gyqZ2bNzBFMA2EBZgBozwRfaeN/HCv3qbaCnwvu -6caacmAsK+RxiYxSL1QsJqyhCWWGxVyenmxdc1KG/u5ypi7OIioztyzR3t2tAzD3 -Nb+2t8lgHBRxbV24yiPlnvPmB1ZYEctXnlRR9Evpl1o9xA9NnybPHKr9rozN39CZ -V/USB8K6ao1y5xPZxa8CZksCAwEAAQ== ------END PUBLIC KEY----- -