1*e1997b9aSAndroid Build Coastguard Worker#!/usr/bin/env python3 2*e1997b9aSAndroid Build Coastguard Worker# 3*e1997b9aSAndroid Build Coastguard Worker# Copyright 2022 Google Inc. All rights reserved. 4*e1997b9aSAndroid Build Coastguard Worker# 5*e1997b9aSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License"); 6*e1997b9aSAndroid Build Coastguard Worker# you may not use this file except in compliance with the License. 7*e1997b9aSAndroid Build Coastguard Worker# You may obtain a copy of the License at 8*e1997b9aSAndroid Build Coastguard Worker# 9*e1997b9aSAndroid Build Coastguard Worker# http://www.apache.org/licenses/LICENSE-2.0 10*e1997b9aSAndroid Build Coastguard Worker# 11*e1997b9aSAndroid Build Coastguard Worker# Unless required by applicable law or agreed to in writing, software 12*e1997b9aSAndroid Build Coastguard Worker# distributed under the License is distributed on an "AS IS" BASIS, 13*e1997b9aSAndroid Build Coastguard Worker# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*e1997b9aSAndroid Build Coastguard Worker# See the License for the specific language governing permissions and 15*e1997b9aSAndroid Build Coastguard Worker# limitations under the License. 16*e1997b9aSAndroid Build Coastguard Worker 17*e1997b9aSAndroid Build Coastguard Worker""" 18*e1997b9aSAndroid Build Coastguard Worker`fsverity_manifest_generator` generates the a manifest file containing digests 19*e1997b9aSAndroid Build Coastguard Workerof target files. 20*e1997b9aSAndroid Build Coastguard Worker""" 21*e1997b9aSAndroid Build Coastguard Worker 22*e1997b9aSAndroid Build Coastguard Workerimport argparse 23*e1997b9aSAndroid Build Coastguard Workerimport os 24*e1997b9aSAndroid Build Coastguard Workerimport subprocess 25*e1997b9aSAndroid Build Coastguard Workerimport sys 26*e1997b9aSAndroid Build Coastguard Workerfrom fsverity_digests_pb2 import FSVerityDigests 27*e1997b9aSAndroid Build Coastguard Worker 28*e1997b9aSAndroid Build Coastguard WorkerHASH_ALGORITHM = 'sha256' 29*e1997b9aSAndroid Build Coastguard Worker 30*e1997b9aSAndroid Build Coastguard Workerdef _digest(fsverity_path, input_file): 31*e1997b9aSAndroid Build Coastguard Worker cmd = [fsverity_path, 'digest', input_file] 32*e1997b9aSAndroid Build Coastguard Worker cmd.extend(['--compact']) 33*e1997b9aSAndroid Build Coastguard Worker cmd.extend(['--hash-alg', HASH_ALGORITHM]) 34*e1997b9aSAndroid Build Coastguard Worker out = subprocess.check_output(cmd, universal_newlines=True).strip() 35*e1997b9aSAndroid Build Coastguard Worker return bytes(bytearray.fromhex(out)) 36*e1997b9aSAndroid Build Coastguard Worker 37*e1997b9aSAndroid Build Coastguard Workerif __name__ == '__main__': 38*e1997b9aSAndroid Build Coastguard Worker p = argparse.ArgumentParser(fromfile_prefix_chars='@') 39*e1997b9aSAndroid Build Coastguard Worker p.add_argument( 40*e1997b9aSAndroid Build Coastguard Worker '--output', 41*e1997b9aSAndroid Build Coastguard Worker help='Path to the output manifest', 42*e1997b9aSAndroid Build Coastguard Worker required=True) 43*e1997b9aSAndroid Build Coastguard Worker p.add_argument( 44*e1997b9aSAndroid Build Coastguard Worker '--fsverity-path', 45*e1997b9aSAndroid Build Coastguard Worker help='path to the fsverity program', 46*e1997b9aSAndroid Build Coastguard Worker required=True) 47*e1997b9aSAndroid Build Coastguard Worker p.add_argument( 48*e1997b9aSAndroid Build Coastguard Worker '--base-dir', 49*e1997b9aSAndroid Build Coastguard Worker help='directory to use as a relative root for the inputs', 50*e1997b9aSAndroid Build Coastguard Worker required=True) 51*e1997b9aSAndroid Build Coastguard Worker p.add_argument( 52*e1997b9aSAndroid Build Coastguard Worker 'inputs', 53*e1997b9aSAndroid Build Coastguard Worker nargs='*', 54*e1997b9aSAndroid Build Coastguard Worker help='input file for the build manifest') 55*e1997b9aSAndroid Build Coastguard Worker args = p.parse_args() 56*e1997b9aSAndroid Build Coastguard Worker 57*e1997b9aSAndroid Build Coastguard Worker digests = FSVerityDigests() 58*e1997b9aSAndroid Build Coastguard Worker for f in sorted(args.inputs): 59*e1997b9aSAndroid Build Coastguard Worker # f is a full path for now; make it relative so it starts with {mount_point}/ 60*e1997b9aSAndroid Build Coastguard Worker digest = digests.digests[os.path.relpath(f, args.base_dir)] 61*e1997b9aSAndroid Build Coastguard Worker digest.digest = _digest(args.fsverity_path, f) 62*e1997b9aSAndroid Build Coastguard Worker digest.hash_alg = HASH_ALGORITHM 63*e1997b9aSAndroid Build Coastguard Worker 64*e1997b9aSAndroid Build Coastguard Worker manifest = digests.SerializeToString() 65*e1997b9aSAndroid Build Coastguard Worker 66*e1997b9aSAndroid Build Coastguard Worker with open(args.output, "wb") as f: 67*e1997b9aSAndroid Build Coastguard Worker f.write(manifest) 68