commit fb0ddbbdf6018d9305248eb3138cb3cfcd532b31
author Daichi Hirono <hirono@google.com> Fri May 20 11:13:37 2022 +0900
committer Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri May 27 17:17:21 2022 +0000
tree a44cc7d6bb73c75ec14e43c9ec01924f8dd9eb1a
parent 6dba972b6ab1246864d3af0eaa3effcda29407d1

signer: Reland "Check the list of android image files"

Previous change I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
was reverted because the check did not pass if the
signing process adds new files to the image.

The new check alerts only when we miss files in the original image.

BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally

Signed-off-by: Daichi Hirono <hirono@chromium.org>

Change-Id: If8e9eeb9568fefcde92d737b356fa84b865b05c9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653721
Commit-Queue: Shao-Chuan Lee <shaochuan@chromium.org>
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Auto-Submit: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>

scripts/image_signing/sign_android_image.sh

diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh
index 5af1aa6..9397747 100755
--- a/scripts/image_signing/sign_android_image.sh
+++ b/scripts/image_signing/sign_android_image.sh
@@ -265,6 +265,12 @@
   return 0
 }
 
+list_image_files() {
+  local unsquashfs=$1
+  local system_img=$2
+  "${unsquashfs}" -l "${system_img}" | grep ^squashfs-root
+}
+
 sign_android_internal() {
   local root_fs_dir=$1
   local key_dir=$2
@@ -332,6 +338,8 @@
   local system_mnt="${working_dir}/mnt"
 
   info "Unpacking squashfs system image to ${system_mnt}"
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.orig"
   sudo "${unsquashfs}" -no-xattrs -f -no-progress -d "${system_mnt}" "${system_img}"
 
   snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.orig"
@@ -408,6 +416,17 @@
     -no-progress
   local new_size=$(stat -c '%s' "${system_img}")
   info "Android system image size change: ${old_size} -> ${new_size}"
+
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.new"
+  if d=$(grep -v -F -x -f "${working_dir}"/image_file_list.{new,orig}); then
+    # If we have a line in image_file_list.orig which does not appear in
+    # image_file_list.new, it means some files are removed during signing
+    # process. Here we have already deleted the original Android image so
+    # cannot retry.
+    die "Unexpected change of file list\n${d}"
+  fi
+
   return 0
 }