signer: Check the list of android image files

BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally

Signed-off-by: Daichi Hirono <hirono@chromium.org>

Change-Id: I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3607891
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>

1 files changed, 16 insertions, 0 deletions

diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh
index 5af1aa69..f8a1ed4d 100755
--- a/scripts/image_signing/sign_android_image.sh
+++ b/scripts/image_signing/sign_android_image.sh
@@ -265,6 +265,12 @@ image_content_integrity_check() {
   return 0
 }
 
+list_image_files() {
+  local unsquashfs=$1
+  local system_img=$2
+  sudo "${unsquashfs}" -l "${system_img}" | grep ^squashfs-root
+}
+
 sign_android_internal() {
   local root_fs_dir=$1
   local key_dir=$2
@@ -332,6 +338,8 @@ sign_android_internal() {
   local system_mnt="${working_dir}/mnt"
 
   info "Unpacking squashfs system image to ${system_mnt}"
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.orig"
   sudo "${unsquashfs}" -no-xattrs -f -no-progress -d "${system_mnt}" "${system_img}"
 
   snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.orig"
@@ -408,6 +416,14 @@ sign_android_internal() {
     -no-progress
   local new_size=$(stat -c '%s' "${system_img}")
   info "Android system image size change: ${old_size} -> ${new_size}"
+
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.new"
+  if ! d=$(diff "${working_dir}"/image_file_list.{orig,new}); then
+    # Here we have already deleted the original Android image so cannot retry.
+    die "Unexpected change of file list\n${d}"
+  fi
+
   return 0
 }