commit 2abbbd03339947327ada0becba5bd4ef41f1bdab
author Baligh Uddin <baligh@google.com> Wed Jun 22 12:14:16 2016 -0700
committer Baligh Uddin <baligh@google.com> Thu Jun 23 10:34:51 2016 -0700
tree b5c8e798a302cbacf6c6a372ad4bc850d8b99579
parent fbe2eedb28bc62b1d84ee1618677f8f490fbbafb

Add ability to pass in payload_signer args

Bug: 28701652
Change-Id: I110d5fc14446e4a6a0f8e25dcb0d300decdf09a4

tools/releasetools/ota_from_target_files.py

diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index 0a0173d..915a29e 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -121,6 +121,9 @@
       directly, a payload signer that knows how to do that should be specified.
       The signer will be supplied with "-inkey <path_to_key>",
       "-in <input_file>" and "-out <output_file>" parameters.
+
+  --payload_signer_args <args>
+      Specify the arguments needed for payload signer.
 """
 
 import sys
@@ -132,6 +135,7 @@
 import multiprocessing
 import os
 import subprocess
+import shlex
 import tempfile
 import zipfile
 
@@ -169,6 +173,7 @@
 OPTIONS.gen_verify = False
 OPTIONS.log_diff = None
 OPTIONS.payload_signer = None
+OPTIONS.payload_signer_args = []
 
 def MostPopularKey(d, default):
   """Given a dict, return the key corresponding to the largest
@@ -1246,22 +1251,23 @@
                                                  suffix=".bin")
   # 3a. Sign the payload hash.
   if OPTIONS.payload_signer is not None:
-    cmd = [OPTIONS.payload_signer,
-           "-inkey", OPTIONS.package_key + OPTIONS.private_key_suffix]
+    cmd = [OPTIONS.payload_signer]
+    cmd.extend(OPTIONS.payload_signer_args)
   else:
     cmd = ["openssl", "pkeyutl", "-sign",
            "-inkey", rsa_key,
            "-pkeyopt", "digest:sha256"]
   cmd.extend(["-in", payload_sig_file,
               "-out", signed_payload_sig_file])
+
   p1 = common.Run(cmd, stdout=subprocess.PIPE)
   p1.wait()
   assert p1.returncode == 0, "openssl sign payload failed"
 
   # 3b. Sign the metadata hash.
   if OPTIONS.payload_signer is not None:
-    cmd = [OPTIONS.payload_signer,
-           "-inkey", OPTIONS.package_key + OPTIONS.private_key_suffix]
+    cmd = [OPTIONS.payload_signer]
+    cmd.extend(OPTIONS.payload_signer_args)
   else:
     cmd = ["openssl", "pkeyutl", "-sign",
            "-inkey", rsa_key,
@@ -1926,6 +1932,8 @@
       OPTIONS.log_diff = a
     elif o == "--payload_signer":
       OPTIONS.payload_signer = a
+    elif o == "--payload_signer_args":
+      OPTIONS.payload_signer_args = shlex.split(a)
     else:
       return False
     return True
@@ -1956,6 +1964,7 @@
                                  "gen_verify",
                                  "log_diff=",
                                  "payload_signer=",
+                                 "payload_signer_args=",
                              ], extra_option_handler=option_handler)
 
   if len(args) != 2: