Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build / d14e8941fb3e8bd8671ffa424955540c8f9cbb3c^! / .
commitd14e8941fb3e8bd8671ffa424955540c8f9cbb3c[log] [tgz]
authorCole Faust <colefaust@google.com>Wed Feb 05 15:38:28 2025 -0800
committerCole Faust <colefaust@google.com>Thu Feb 06 10:16:08 2025 -0800
tree64d1389763fcef14a24f5d52af4a4ed47aa57957
parentfee5677cc5d7a335262659488c38bcd804793ca4 [diff]
Don't read through symlinks in fsverity_metadata_generator

We're trying to change the build system to remove the need for a
staging directory, where all the files are in the same location
as they are on the device. This means that fsverity_metadata_generator
will no longer be able to read through symlinks, because the files
that the symlink is trying to point to won't be at the same location.

Instead, when seeing a symlink, make the corresponding fsv_meta file
also a symlink.

Bug: 394404628
Test: atest ComposHostTestCases
Change-Id: I857f135ff0825971b7779719576e2f931995e481

diff --git a/tools/releasetools/fsverity_metadata_generator.py b/tools/releasetools/fsverity_metadata_generator.py
index fa7cd39..8448237 100644
--- a/tools/releasetools/fsverity_metadata_generator.py
+++ b/tools/releasetools/fsverity_metadata_generator.py

@@ -104,16 +104,13 @@
     out = subprocess.check_output(cmd, universal_newlines=True).strip()
     return bytes(bytearray.fromhex(out))
 
-  def generate(self, input_file, output_file=None):
+  def generate(self, input_file, output_file):
     if self._signature != 'none':
       if not self._key:
         raise RuntimeError("key must be specified.")
       if not self._cert:
         raise RuntimeError("cert must be specified.")
 
-    if not output_file:
-      output_file = input_file + '.fsv_meta'
-
     with TempDirectory() as temp_dir:
       self._do_generate(input_file, output_file, temp_dir)
 
@@ -229,6 +226,21 @@
       required=True)
   args = p.parse_args(sys.argv[1:])
 
+  output_file = args.output
+  if not output_file:
+    output_file = input_file + '.fsv_meta'
+
+  if output_file != args.input + '.fsv_meta':
+    sys.exit('When generating .fsv_meta files for symlinks, we assume that all fsv_meta files '
+      'are named the same as the file they protect, just with the .fsv_meta suffix appended. '
+      'We require that all .fsv_meta files follow this convention regardless of if it\'s a link or '
+      'not. However {args.input} had a different output file: {args.output}')
+
+  if os.path.islink(args.input):
+    target = os.readlink(args.input) + '.fsv_meta'
+    os.symlink(target, output_file)
+    sys.exit(0)
+
   generator = FSVerityMetadataGenerator(args.fsverity_path)
   generator.set_signature(args.signature)
   if args.signature == 'none':
@@ -241,4 +253,4 @@
     generator.set_cert(args.cert)
   generator.set_key_format(args.key_format)
   generator.set_hash_alg(args.hash_alg)
-  generator.generate(args.input, args.output)
+  generator.generate(args.input, output_file)