Merge changes I6f61a908,Iafd22881 am: 32961d0203 am: 7cc500615e
Original change: https://android-review.googlesource.com/c/platform/build/+/1922320 Change-Id: I895253ff5eed373d9bcf14f0661cf9159519ac9c
This commit is contained in:
Inseob Kim
Automerger Merge Worker
commit
eef47a47e4
2 changed files with 34 additions and 9 deletions
|
|
@ -553,6 +553,19 @@ python_binary_host {
|
|||
],
|
||||
}
|
||||
|
||||
python_binary_host {
|
||||
name: "fsverity_metadata_generator",
|
||||
srcs: [
|
||||
"fsverity_metadata_generator.py",
|
||||
],
|
||||
libs: [
|
||||
"fsverity_digests_proto_python",
|
||||
],
|
||||
required: [
|
||||
"fsverity",
|
||||
],
|
||||
}
|
||||
|
||||
//
|
||||
// Tests.
|
||||
//
|
||||
|
|
|
|||
|
|
@ -55,6 +55,9 @@ class FSVerityMetadataGenerator:
|
|||
self.set_hash_alg("sha256")
|
||||
self.set_signature('none')
|
||||
|
||||
def set_key_format(self, key_format):
|
||||
self._key_format = key_format
|
||||
|
||||
def set_key(self, key):
|
||||
self._key = key
|
||||
|
||||
|
|
@ -130,14 +133,17 @@ class FSVerityMetadataGenerator:
|
|||
cmd.append(input_file)
|
||||
cmd.append(sig_file)
|
||||
|
||||
# convert DER private key to PEM
|
||||
pem_key = os.path.join(work_dir, 'key.pem')
|
||||
key_cmd = ['openssl', 'pkcs8']
|
||||
key_cmd.extend(['-inform', 'DER'])
|
||||
key_cmd.extend(['-in', self._key])
|
||||
key_cmd.extend(['-nocrypt'])
|
||||
key_cmd.extend(['-out', pem_key])
|
||||
subprocess.check_call(key_cmd)
|
||||
# If key is DER, convert DER private key to PEM
|
||||
if self._key_format == 'der':
|
||||
pem_key = os.path.join(work_dir, 'key.pem')
|
||||
key_cmd = ['openssl', 'pkcs8']
|
||||
key_cmd.extend(['-inform', 'DER'])
|
||||
key_cmd.extend(['-in', self._key])
|
||||
key_cmd.extend(['-nocrypt'])
|
||||
key_cmd.extend(['-out', pem_key])
|
||||
subprocess.check_call(key_cmd)
|
||||
else:
|
||||
pem_key = self._key
|
||||
|
||||
cmd.extend(['--key', pem_key])
|
||||
cmd.extend(['--cert', self._cert])
|
||||
|
|
@ -195,9 +201,14 @@ if __name__ == '__main__':
|
|||
p.add_argument(
|
||||
'input',
|
||||
help='input file to be signed')
|
||||
p.add_argument(
|
||||
'--key-format',
|
||||
choices=['pem', 'der'],
|
||||
default='der',
|
||||
help='format of the input key. Default is der')
|
||||
p.add_argument(
|
||||
'--key',
|
||||
help='PKCS#8 private key file in DER format')
|
||||
help='PKCS#8 private key file')
|
||||
p.add_argument(
|
||||
'--cert',
|
||||
help='x509 certificate file in PEM format')
|
||||
|
|
@ -227,5 +238,6 @@ if __name__ == '__main__':
|
|||
raise ValueError("To generate signature, key and cert must be set")
|
||||
generator.set_key(args.key)
|
||||
generator.set_cert(args.cert)
|
||||
generator.set_key_format(args.key_format)
|
||||
generator.set_hash_alg(args.hash_alg)
|
||||
generator.generate(args.input, args.output)
|
||||
|
|
|
|||
Loading…
Reference in a new issue