Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / ec38ae2a4aed1e418892455eab63a364d8e312b1^! / . / compos / src / compilation.rs
commitec38ae2a4aed1e418892455eab63a364d8e312b1[log] [tgz]
authorVictor Hsieh <victorhsieh@google.com>Thu Feb 10 00:06:26 2022 +0000
committerVictor Hsieh <victorhsieh@google.com>Thu Feb 10 16:04:19 2022 +0000
treef0cb4f785854fe6a8eb1971a3bd796a4d4e50cd5
parent70e11f7019a44ffa675a79fa595a77398e0bf524 [diff] [blame]
refactor: move signing out of compilation.rs

The implementation needs a callback because the authfs instance is only
alive until `compilation::odrefresh` returns.

Also, check the key initialization state before any real work.

Bug: None
Test: atest ComposHostTestCases
Change-Id: I710db344219caad829f4deefc3a107a5994daa34

diff --git a/compos/src/compilation.rs b/compos/src/compilation.rs
index ae4a29d..6049991 100644
--- a/compos/src/compilation.rs
+++ b/compos/src/compilation.rs

@@ -22,12 +22,9 @@
 use std::collections::HashMap;
 use std::env;
 use std::ffi::OsString;
-use std::fs::read_dir;
 use std::path::{self, Path, PathBuf};
 use std::process::Command;
 
-use crate::artifact_signer::ArtifactSigner;
-use crate::signing_key::DiceSigner;
 use authfs_aidl_interface::aidl::com::android::virt::fs::{
     AuthFsConfig::{
         AuthFsConfig, InputDirFdAnnotation::InputDirFdAnnotation,
@@ -105,12 +102,15 @@
     system_properties::read_bool(name, false).unwrap_or(false)
 }
 
-pub fn odrefresh(
+pub fn odrefresh<F>(
     odrefresh_path: &Path,
     context: OdrefreshContext,
     authfs_service: Strong<dyn IAuthFsService>,
-    signer: DiceSigner,
-) -> Result<ExitCode> {
+    success_fn: F,
+) -> Result<ExitCode>
+where
+    F: FnOnce(PathBuf) -> Result<()>,
+{
     // Mount authfs (via authfs_service). The authfs instance unmounts once the `authfs` variable
     // is out of scope.
     let authfs_config = AuthFsConfig {
@@ -183,13 +183,8 @@
     info!("odrefresh exited with {:?}", exit_code);
 
     if exit_code == ExitCode::CompilationSuccess {
-        // authfs only shows us the files we created, so it's ok to just sign everything under
-        // the target directory.
         let target_dir = art_apex_data.join(context.target_dir_name);
-        let mut artifact_signer = ArtifactSigner::new(&target_dir);
-        add_artifacts(&target_dir, &mut artifact_signer)?;
-
-        artifact_signer.write_info_and_signature(signer, &target_dir.join("compos.info"))?;
+        success_fn(target_dir)?;
     }
 
     Ok(exit_code)
@@ -245,24 +240,6 @@
     Ok(())
 }
 
-fn add_artifacts(target_dir: &Path, artifact_signer: &mut ArtifactSigner) -> Result<()> {
-    for entry in
-        read_dir(&target_dir).with_context(|| format!("Traversing {}", target_dir.display()))?
-    {
-        let entry = entry?;
-        let file_type = entry.file_type()?;
-        if file_type.is_dir() {
-            add_artifacts(&entry.path(), artifact_signer)?;
-        } else if file_type.is_file() {
-            artifact_signer.add_artifact(&entry.path())?;
-        } else {
-            // authfs shouldn't create anything else, but just in case
-            bail!("Unexpected file type in artifacts: {:?}", entry);
-        }
-    }
-    Ok(())
-}
-
 fn spawn_jailed_task(executable: &Path, args: &[String], env_vars: &[String]) -> Result<Minijail> {
     // TODO(b/185175567): Run in a more restricted sandbox.
     let jail = Minijail::new()?;