Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / d8a2447466f80ae1fe56a57b297322a96ba389b1
commitd8a2447466f80ae1fe56a57b297322a96ba389b1[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Tue Dec 07 15:27:09 2021 +0000
committerAlan Stokes <alanstokes@google.com>Wed Dec 08 11:20:49 2021 +0000
tree4d7c55755c44fc5313eed0a65e7b5b1449b1b79d
parent12d60c328a5356360ba49b326bef3dd1c4befd8e [diff]
Verify pending artifacts using compos.info

Rather than a signature file per artifact file, we now expect a single
file + signature giving the path & root digest of all artifacts from
CompOS - reusing the OdsignInfo format.

There's a lot of now-dead code that can be removed; I'll do that in a
follow-up CL (and remove the remaining test tool client).

Bug: 209572241
Test: Run compos_key_cmd sign-info, check signatures accepted
Test: Check artifacts already in fs-verity and not
Test: Check various failure cases correctly rejected
Change-Id: Iaa85d8b28abfedb9d99985d6e87980881f470354
3 files changed
tree: 4d7c55755c44fc5313eed0a65e7b5b1449b1b79d
  1. fsverity/
  2. fsverity_init/
  3. identity/
  4. keystore/
  5. keystore-engine/
  6. keystore2/
  7. ondevice-signing/
  8. provisioner/
  9. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  10. .clang-format
  11. .gitignore
  12. Android.bp
  13. METADATA
  14. MODULE_LICENSE_APACHE2
  15. NOTICE
  16. OWNERS
  17. PREUPLOAD.cfg