Gitiles
Code Review Sign In
gerrit.omnirom.org / android_build_soong / c47ccaeabdbe6e8215fe83f5c7dc22a0de409ff3^! / .
commitc47ccaeabdbe6e8215fe83f5c7dc22a0de409ff3[log] [tgz]
authorSpandan Das <spandandas@google.com>Thu Dec 12 00:15:26 2024 +0000
committerSpandan Das <spandandas@google.com>Thu Dec 12 10:17:14 2024 -0800
tree823a91b120cc5f026b8b65da1532b0fc8063c919
parenta7ba154af5a3c8af420e0a57a0ed3242e9a66375 [diff]
Remove avb_salt from filesystem and boot_img

avb_salt was added to filesystem and boot_img to create reproducible
builds https://r.android.com/2069528. This is no longer necessary, since
build_image.py and verity_utils.py has been updated since then to
prevent non-hermiticity from unspecified avb_salt.
https://r.android.com/2613794. It uses the build_fingerprint as the salt
instead of the filesystem entries.

In preparation for creating bit-identical make and soong partition
images, make the avb_salt consistent between make and soong partition
iamges.

Bug: 376539388
Test: lunch aosp_panther-trunk_staging-userdebug
Test: m
out/soong/.intermediates/packages/modules/Virtualization/guest/pvmfw/pvmfw_img/android_arm64_armv8-2a_cortex-a55/pvmfw.img
(a bootimage module) followed by rm repeatedly
Test: sha remains consistent

Change-Id: Ie1afa4599ef1de4c8f1cd708a52cb60b37c19373

diff --git a/filesystem/bootimg.go b/filesystem/bootimg.go
index 0ffec26..36b1a18 100644
--- a/filesystem/bootimg.go
+++ b/filesystem/bootimg.go

@@ -391,15 +391,6 @@
 	return output
 }
 
-// Calculates avb_salt from some input for deterministic output.
-func (b *bootimg) salt() string {
-	var input []string
-	input = append(input, b.properties.Cmdline...)
-	input = append(input, proptools.StringDefault(b.properties.Partition_name, b.Name()))
-	input = append(input, proptools.String(b.properties.Header_version))
-	return sha1sum(input)
-}
-
 func (b *bootimg) buildPropFile(ctx android.ModuleContext) (android.Path, android.Paths) {
 	var sb strings.Builder
 	var deps android.Paths
@@ -420,7 +411,6 @@
 	addStr("avb_add_hash_footer_args", "") // TODO(jiyong): add --rollback_index
 	partitionName := proptools.StringDefault(b.properties.Partition_name, b.Name())
 	addStr("partition_name", partitionName)
-	addStr("avb_salt", b.salt())
 
 	propFile := android.PathForModuleOut(ctx, "prop")
 	android.WriteFileRule(ctx, propFile, sb.String())

diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index b30c0f7..eea54a9 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go

@@ -622,11 +622,6 @@
 	return fcBin
 }
 
-// Calculates avb_salt from entry list (sorted) for deterministic output.
-func (f *filesystem) salt() string {
-	return sha1sum(f.entries)
-}
-
 func (f *filesystem) buildPropFile(ctx android.ModuleContext) (android.Path, android.Paths) {
 	var deps android.Paths
 	var propFileString strings.Builder
@@ -692,7 +687,6 @@
 		avb_add_hashtree_footer_args += fmt.Sprintf(" --prop com.android.build.%s.fingerprint:{CONTENTS_OF:%s}", f.partitionName(), ctx.Config().BuildFingerprintFile(ctx))
 		avb_add_hashtree_footer_args += fmt.Sprintf(" --prop com.android.build.%s.security_patch:%s", f.partitionName(), ctx.Config().PlatformSecurityPatch())
 		addStr("avb_add_hashtree_footer_args", avb_add_hashtree_footer_args)
-		addStr("avb_salt", f.salt())
 	}
 
 	if f.properties.File_contexts != nil && f.properties.Precompiled_file_contexts != nil {