Extract fsverity_manifest_generator logic Let the fsverity_manifest_generator logic be reused and just keep the bits to generate the BuildManifest.apk. Since this can all be acheived with a series of shell commands, remove the python script and just do it directly in the Makefile. Bug: 237384936 Test: TH Change-Id: I168dc1cea0be72b5098f99e4183e080a687fb03e

commit: 0a6d2e54dc38132550034d6cbe9fad9db0f3cd31 [log] [tgz]
author: Andrew Scull <ascull@google.com> Mon Jul 04 17:48:35 2022 +0000
committer: Andrew Scull <ascull@google.com> Thu Jul 07 19:56:31 2022 +0000
tree: 81a9dbbd3f8050c1c9323b622f041ed92ceceb1f
parent: f68794510fcbfd10a38bdfbf8d5d6c1f6d206afb [diff]
diff --git a/core/Makefile b/core/Makefile
index a96cfd5..c4caf1b 100644
--- a/core/Makefile
+++ b/core/Makefile

@@ -2979,20 +2979,29 @@
 $(FSVERITY_APK_OUT): PRIVATE_FRAMEWORK_RES := $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk
 $(FSVERITY_APK_OUT): PRIVATE_KEY := $(FSVERITY_APK_KEY_PATH)
 $(FSVERITY_APK_OUT): PRIVATE_INPUTS := $(fsverity-metadata-targets)
+$(FSVERITY_APK_OUT): PRIVATE_ASSETS := $(call intermediates-dir-for,ETC,build_manifest)/assets
 $(FSVERITY_APK_OUT): $(HOST_OUT_EXECUTABLES)/fsverity_manifest_generator \
     $(HOST_OUT_EXECUTABLES)/fsverity $(HOST_OUT_EXECUTABLES)/aapt2 \
     $(HOST_OUT_EXECUTABLES)/apksigner $(FSVERITY_APK_MANIFEST_PATH) \
     $(FSVERITY_APK_KEY_PATH).x509.pem $(FSVERITY_APK_KEY_PATH).pk8 \
     $(call intermediates-dir-for,APPS,framework-res,,COMMON)/package-export.apk \
     $(fsverity-metadata-targets)
-	$< --fsverity-path $(PRIVATE_FSVERITY) --aapt2-path $(PRIVATE_AAPT2) \
+	rm -rf $(PRIVATE_ASSETS)
+	mkdir -p $(PRIVATE_ASSETS)
+	$< --fsverity-path $(PRIVATE_FSVERITY) \
+	    --base-dir $(PRODUCT_OUT) \
+	    --output $(PRIVATE_ASSETS)/build_manifest.pb \
+	    $(PRIVATE_INPUTS)
+	$(PRIVATE_AAPT2) link -o $@ \
+	    -A $(PRIVATE_ASSETS) \
+	    -I $(PRIVATE_FRAMEWORK_RES) \
 	    --min-sdk-version $(PRIVATE_MIN_SDK_VERSION) \
 	    --version-code $(PRIVATE_VERSION_CODE) \
 	    --version-name $(PRIVATE_VERSION_NAME) \
-	    --apksigner-path $(PRIVATE_APKSIGNER) --apk-key-path $(PRIVATE_KEY) \
-	    --apk-manifest-path $(PRIVATE_MANIFEST) --framework-res $(PRIVATE_FRAMEWORK_RES) \
-	    --output $@ \
-	    --base-dir $(PRODUCT_OUT) $(PRIVATE_INPUTS)
+	    --manifest $(PRIVATE_MANIFEST)
+	$(PRIVATE_APKSIGNER) sign --in $@ \
+	    --cert $(PRIVATE_KEY).x509.pem \
+	    --key $(PRIVATE_KEY).pk8
 
 ALL_DEFAULT_INSTALLED_MODULES += $(FSVERITY_APK_OUT)
 

diff --git a/tools/releasetools/Android.bp b/tools/releasetools/Android.bp
index d8e34b7..122202b 100644
--- a/tools/releasetools/Android.bp
+++ b/tools/releasetools/Android.bp

@@ -519,23 +519,6 @@
 }
 
 python_binary_host {
-    name: "fsverity_manifest_generator",
-    defaults: ["releasetools_binary_defaults"],
-    srcs: [
-        "fsverity_manifest_generator.py",
-    ],
-    libs: [
-        "fsverity_digests_proto_python",
-        "releasetools_common",
-    ],
-    required: [
-        "aapt2",
-        "apksigner",
-        "fsverity",
-    ],
-}
-
-python_binary_host {
     name: "fsverity_metadata_generator",
     defaults: ["releasetools_binary_defaults"],
     srcs: [

diff --git a/tools/releasetools/fsverity_manifest_generator.py b/tools/releasetools/fsverity_manifest_generator.py
deleted file mode 100644
index b8184bc..0000000
--- a/tools/releasetools/fsverity_manifest_generator.py
+++ /dev/null

@@ -1,115 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright 2022 Google Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""
-`fsverity_manifest_generator` generates build manifest APK file containing
-digests of target files. The APK file is signed so the manifest inside the APK
-can be trusted.
-"""
-
-import argparse
-import common
-import os
-import subprocess
-import sys
-from fsverity_digests_pb2 import FSVerityDigests
-
-HASH_ALGORITHM = 'sha256'
-
-def _digest(fsverity_path, input_file):
-  cmd = [fsverity_path, 'digest', input_file]
-  cmd.extend(['--compact'])
-  cmd.extend(['--hash-alg', HASH_ALGORITHM])
-  out = subprocess.check_output(cmd, universal_newlines=True).strip()
-  return bytes(bytearray.fromhex(out))
-
-if __name__ == '__main__':
-  p = argparse.ArgumentParser()
-  p.add_argument(
-      '--output',
-      help='Path to the output manifest APK',
-      required=True)
-  p.add_argument(
-      '--fsverity-path',
-      help='path to the fsverity program',
-      required=True)
-  p.add_argument(
-      '--aapt2-path',
-      help='path to the aapt2 program',
-      required=True)
-  p.add_argument(
-      '--min-sdk-version',
-      help='minimum supported sdk version of the generated manifest apk',
-      required=True)
-  p.add_argument(
-      '--version-code',
-      help='version code for the generated manifest apk',
-      required=True)
-  p.add_argument(
-      '--version-name',
-      help='version name for the generated manifest apk',
-      required=True)
-  p.add_argument(
-      '--framework-res',
-      help='path to framework-res.apk',
-      required=True)
-  p.add_argument(
-      '--apksigner-path',
-      help='path to the apksigner program',
-      required=True)
-  p.add_argument(
-      '--apk-key-path',
-      help='path to the apk key',
-      required=True)
-  p.add_argument(
-      '--apk-manifest-path',
-      help='path to AndroidManifest.xml',
-      required=True)
-  p.add_argument(
-      '--base-dir',
-      help='directory to use as a relative root for the inputs',
-      required=True)
-  p.add_argument(
-      'inputs',
-      nargs='+',
-      help='input file for the build manifest')
-  args = p.parse_args(sys.argv[1:])
-
-  digests = FSVerityDigests()
-  for f in sorted(args.inputs):
-    # f is a full path for now; make it relative so it starts with {mount_point}/
-    digest = digests.digests[os.path.relpath(f, args.base_dir)]
-    digest.digest = _digest(args.fsverity_path, f)
-    digest.hash_alg = HASH_ALGORITHM
-
-  temp_dir = common.MakeTempDir()
-
-  os.mkdir(os.path.join(temp_dir, "assets"))
-  metadata_path = os.path.join(temp_dir, "assets", "build_manifest.pb")
-  with open(metadata_path, "wb") as f:
-    f.write(digests.SerializeToString())
-
-  common.RunAndCheckOutput([args.aapt2_path, "link",
-      "-A", os.path.join(temp_dir, "assets"),
-      "-o", args.output,
-      "--min-sdk-version", args.min_sdk_version,
-      "--version-code", args.version_code,
-      "--version-name", args.version_name,
-      "-I", args.framework_res,
-      "--manifest", args.apk_manifest_path])
-  common.RunAndCheckOutput([args.apksigner_path, "sign", "--in", args.output,
-      "--cert", args.apk_key_path + ".x509.pem",
-      "--key", args.apk_key_path + ".pk8"])
commit	0a6d2e54dc38132550034d6cbe9fad9db0f3cd31	[log] [tgz]
author	Andrew Scull <ascull@google.com>	Mon Jul 04 17:48:35 2022 +0000
committer	Andrew Scull <ascull@google.com>	Thu Jul 07 19:56:31 2022 +0000
tree	81a9dbbd3f8050c1c9323b622f041ed92ceceb1f
parent	f68794510fcbfd10a38bdfbf8d5d6c1f6d206afb [diff]