composd should open instance image RW
The instance image for the VMs composd creates should be read/write,
so that instance information can be updated.
We don't do this in verify_key, since it should only ever start an
existing instance and never modify it.
Bug: 186126194
Test: atest ComposTestCase
Change-Id: I1c5eaa17881e9b089a697b2b218163d192373936
diff --git a/compos/common/compos_client.rs b/compos/common/compos_client.rs
index 79d8354..5f14005 100644
--- a/compos/common/compos_client.rs
+++ b/compos/common/compos_client.rs
@@ -60,9 +60,7 @@
}
/// Start a new CompOS VM instance using the specified instance image file.
- pub fn start(instance_image: &Path) -> Result<VmInstance> {
- let instance_image =
- File::open(instance_image).context("Failed to open instance image file")?;
+ pub fn start(instance_image: File) -> Result<VmInstance> {
let instance_fd = ParcelFileDescriptor::new(instance_image);
let apex_dir = Path::new(COMPOS_APEX_ROOT);
diff --git a/compos/composd/src/instance_starter.rs b/compos/composd/src/instance_starter.rs
index ec95ff8..1751d35 100644
--- a/compos/composd/src/instance_starter.rs
+++ b/compos/composd/src/instance_starter.rs
@@ -89,8 +89,8 @@
let key_blob = fs::read(&self.key_blob).context("Reading private key blob")?;
let public_key = fs::read(&self.public_key).context("Reading public key")?;
- let vm_instance = VmInstance::start(&self.instance_image).context("Starting VM")?;
- let service = vm_instance.get_service().context("Connecting to CompOS")?;
+ let compos_instance = self.start_vm()?;
+ let service = &compos_instance.service;
if !service.verifySigningKey(&key_blob, &public_key).context("Verifying key pair")? {
bail!("Key pair invalid");
@@ -102,7 +102,7 @@
service.initializeSigningKey(&key_blob).context("Loading signing key")?;
- Ok(CompOsInstance { vm_instance, service })
+ Ok(compos_instance)
}
fn start_new_instance(
@@ -116,8 +116,8 @@
self.create_instance_image(virtualization_service)?;
- let vm_instance = VmInstance::start(&self.instance_image).context("Starting VM")?;
- let service = vm_instance.get_service().context("Connecting to CompOS")?;
+ let compos_instance = self.start_vm()?;
+ let service = &compos_instance.service;
let key_data = service.generateSigningKey().context("Generating signing key")?;
fs::write(&self.key_blob, &key_data.keyBlob).context("Writing key blob")?;
@@ -133,6 +133,17 @@
service.initializeSigningKey(&key_data.keyBlob).context("Loading signing key")?;
+ Ok(compos_instance)
+ }
+
+ fn start_vm(&self) -> Result<CompOsInstance> {
+ let instance_image = fs::OpenOptions::new()
+ .read(true)
+ .write(true)
+ .open(&self.instance_image)
+ .context("Failed to open instance image")?;
+ let vm_instance = VmInstance::start(instance_image).context("Starting VM")?;
+ let service = vm_instance.get_service().context("Connecting to CompOS")?;
Ok(CompOsInstance { vm_instance, service })
}
diff --git a/compos/verify_key/verify_key.rs b/compos/verify_key/verify_key.rs
index 8439b97..0cc6473 100644
--- a/compos/verify_key/verify_key.rs
+++ b/compos/verify_key/verify_key.rs
@@ -87,8 +87,9 @@
let blob = read_small_file(blob).context("Failed to read key blob")?;
let public_key = read_small_file(public_key).context("Failed to read public key")?;
+ let instance_image = File::open(instance_image).context("Failed to open instance image")?;
- let vm_instance = VmInstance::start(&instance_image)?;
+ let vm_instance = VmInstance::start(instance_image)?;
let service = vm_instance.get_service()?;
let result = service.verifySigningKey(&blob, &public_key).context("Verifying signing key")?;