commit 48532e571bf79f32af972f6096681c11674c3825
author Daichi Hirono <hirono@google.com> Tue Apr 26 17:52:42 2022 +0900
committer Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Apr 27 23:00:54 2022 +0000
tree c5f2820cac3fa1585a3465c6b78826052c8b8c6b
parent adadf8e219f4d1cbe6b940100ae0be843f438cef

signer: Check the list of android image files

BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally

Signed-off-by: Daichi Hirono <hirono@chromium.org>

Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>

scripts/image_signing/sign_android_image.sh

diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh
index 5af1aa6..f8a1ed4 100755
--- a/scripts/image_signing/sign_android_image.sh
+++ b/scripts/image_signing/sign_android_image.sh
@@ -265,6 +265,12 @@
   return 0
 }
 
+list_image_files() {
+  local unsquashfs=$1
+  local system_img=$2
+  sudo "${unsquashfs}" -l "${system_img}" | grep ^squashfs-root
+}
+
 sign_android_internal() {
   local root_fs_dir=$1
   local key_dir=$2
@@ -332,6 +338,8 @@
   local system_mnt="${working_dir}/mnt"
 
   info "Unpacking squashfs system image to ${system_mnt}"
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.orig"
   sudo "${unsquashfs}" -no-xattrs -f -no-progress -d "${system_mnt}" "${system_img}"
 
   snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.orig"
@@ -408,6 +416,14 @@
     -no-progress
   local new_size=$(stat -c '%s' "${system_img}")
   info "Android system image size change: ${old_size} -> ${new_size}"
+
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.new"
+  if ! d=$(diff "${working_dir}"/image_file_list.{orig,new}); then
+    # Here we have already deleted the original Android image so cannot retry.
+    die "Unexpected change of file list\n${d}"
+  fi
+
   return 0
 }