signer: fix accessory_rwsig signingstabilize-10895.Bstabilize-10895.56.Brelease-R69-10895.B

Require that the container passed in is the one containing
the specified key, and no other key. So if only one key is
present it must be the specified key.

BUG=chromium:863464
TEST=run locally
BRANCH=None

Change-Id: Ieeca5773f35b7bf92beae8a2192ed6e6fd9008e6
Reviewed-on: https://chromium-review.googlesource.com/1136910
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Nick Sanders <nsanders@chromium.org>
Reviewed-by: Bob Moragues <moragues@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

1 files changed, 9 insertions, 3 deletions

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index 0f9bd50c..813a0210 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -1148,12 +1148,18 @@ elif [[ "${TYPE}" == "accessory_usbpd" ]]; then
   cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
   futility sign --type usbpd1 --pem "${KEY_NAME}.pem" "${OUTPUT_IMAGE}"
 elif [[ "${TYPE}" == "accessory_rwsig" ]]; then
-  KEY_NAME="${KEY_DIR}/key_$(basename $(dirname ${INPUT_IMAGE}))"
+  # If one key is present in this container, assume it's the right one.
+  # See crbug.com/863464
   if [[ ! -e "${KEY_NAME}.vbprik2" ]]; then
-    KEY_NAME="${KEY_DIR}/key"
+    KEYS=( "${KEY_DIR}"/*.vbprik2 )
+    if [[ ${#KEYS[@]} -eq 1 ]]; then
+      KEY_NAME="${KEYS[0]}"
+    else
+      die "Expected exactly one key present in keyset for accessory_rwsig"
+    fi
   fi
   cp "${INPUT_IMAGE}" "${OUTPUT_IMAGE}"
-  futility sign --type rwsig --prikey "${KEY_NAME}.vbprik2" \
+  futility sign --type rwsig --prikey "${KEY_NAME}" \
            --version "${FIRMWARE_VERSION}" "${OUTPUT_IMAGE}"
 elif [[ "${TYPE}" == "oci-container" ]]; then
   sign_oci_container "${INPUT_IMAGE}" "${KEY_DIR}" "${OUTPUT_IMAGE}"