Add code to bulk-sign artifacts
This isn't wired up yet - we need to be able to iterate over AuthFs
directories, but that's coming soon.
Import the OdsignInfo proto, which contains the map of filenames and
digests, and provide a way to build it from a set of artifact files
and write it along with its signature.
Also remove the old Signer trait (which is unused), and a couple of
small refactorings.
Bug: 161471326
Test: Builds
Change-Id: I37fccb1f2ca4fa1ea3006185d9f805d668252e2a
diff --git a/compos/src/compsvc.rs b/compos/src/compsvc.rs
index 0a15876..19f2f47 100644
--- a/compos/src/compsvc.rs
+++ b/compos/src/compsvc.rs
@@ -24,7 +24,7 @@
use std::default::Default;
use std::env;
use std::path::PathBuf;
-use std::sync::{Arc, RwLock};
+use std::sync::RwLock;
use crate::compilation::{compile_cmd, odrefresh, CompilerOutput};
use crate::compos_key_service::CompOsKeyService;
@@ -50,7 +50,7 @@
dex2oat_path: PathBuf::from(DEX2OAT_PATH),
odrefresh_path: PathBuf::from(ODREFRESH_PATH),
key_service: CompOsKeyService::new()?,
- key_blob: Arc::new(RwLock::new(Vec::new())),
+ key_blob: RwLock::new(Vec::new()),
};
Ok(BnCompOsService::new_binder(service, BinderFeatures::default()))
}
@@ -59,7 +59,7 @@
dex2oat_path: PathBuf,
odrefresh_path: PathBuf,
key_service: CompOsKeyService,
- key_blob: Arc<RwLock<Vec<u8>>>,
+ key_blob: RwLock<Vec<u8>>,
}
impl CompOsService {
@@ -69,7 +69,7 @@
fsverity_digest: &fsverity::Sha256Digest,
) -> Vec<u8> {
let formatted_digest = fsverity::to_formatted_digest(fsverity_digest);
- self.key_service.do_sign(key_blob, &formatted_digest[..]).unwrap_or_else(|e| {
+ self.key_service.sign(key_blob, &formatted_digest[..]).unwrap_or_else(|e| {
warn!("Failed to sign the fsverity digest, returning empty signature. Error: {}", e);
Vec::new()
})
@@ -189,12 +189,12 @@
fn generateSigningKey(&self) -> BinderResult<CompOsKeyData> {
self.key_service
- .do_generate()
+ .generate()
.map_err(|e| new_binder_exception(ExceptionCode::ILLEGAL_STATE, e.to_string()))
}
fn verifySigningKey(&self, key_blob: &[u8], public_key: &[u8]) -> BinderResult<bool> {
- Ok(if let Err(e) = self.key_service.do_verify(key_blob, public_key) {
+ Ok(if let Err(e) = self.key_service.verify(key_blob, public_key) {
warn!("Signing key verification failed: {}", e.to_string());
false
} else {
@@ -208,7 +208,7 @@
Err(new_binder_exception(ExceptionCode::ILLEGAL_STATE, "Key is not initialized"))
} else {
self.key_service
- .do_sign(key, data)
+ .sign(key, data)
.map_err(|e| new_binder_exception(ExceptionCode::ILLEGAL_STATE, e.to_string()))
}
}