Trust CompOs-signed artifacts
If the current artifacts are missing or invalid, and if we have
pending CompOs artifacts, then attempt to use them. This includes
verifying the signatures and adding them to fs-verity if need be.
This is largely a proposal in the form of a CL. Note specifically the
definition of what a signature file looks like
(compos_signature.proto, VerityUtils.cpp).
I rationalised the way we handle multiple certificate subjects because
it was starting to get messy & confusing.
Apart from various refactorings, the significant changes remain behind
an if (false). It is currently largely untestable (we don't have
anything to produce signatures) and there's a couple more CLs to come,
but I think this is a big enough CL as it stands.
Bug: 190166662
Test: Create pending directory, see it deleted.
Test: Create valid pending directory, it gets renamed, fails verification
Test: Invalid signature file is rejected
Test: Presubmit
Change-Id: I20ef65f3c382bcfd5db8747e73fc0148a4b978e9
9 files changed