From fb0ddbbdf6018d9305248eb3138cb3cfcd532b31 Mon Sep 17 00:00:00 2001
From: Daichi Hirono <hirono@google.com>
Date: Fri, 20 May 2022 11:13:37 +0900
Subject: signer: Reland "Check the list of android image files"

Previous change I5e8b4d848f30f53fae58c721c9b7ddcfbfea9852
was reverted because the check did not pass if the
signing process adds new files to the image.

The new check alerts only when we miss files in the original image.

BUG=b:230434967
BRANCH=None
TEST=Run ./sign_official_build.sh locally

Signed-off-by: Daichi Hirono <hirono@chromium.org>

Change-Id: If8e9eeb9568fefcde92d737b356fa84b865b05c9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653721
Commit-Queue: Shao-Chuan Lee <shaochuan@chromium.org>
Tested-by: Daichi Hirono <hirono@chromium.org>
Commit-Queue: Daichi Hirono <hirono@chromium.org>
Auto-Submit: Daichi Hirono <hirono@chromium.org>
Reviewed-by: Shao-Chuan Lee <shaochuan@chromium.org>
---
 scripts/image_signing/sign_android_image.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'scripts')

diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh
index 5af1aa69..93977479 100755
--- a/scripts/image_signing/sign_android_image.sh
+++ b/scripts/image_signing/sign_android_image.sh
@@ -265,6 +265,12 @@ image_content_integrity_check() {
   return 0
 }
 
+list_image_files() {
+  local unsquashfs=$1
+  local system_img=$2
+  "${unsquashfs}" -l "${system_img}" | grep ^squashfs-root
+}
+
 sign_android_internal() {
   local root_fs_dir=$1
   local key_dir=$2
@@ -332,6 +338,8 @@ sign_android_internal() {
   local system_mnt="${working_dir}/mnt"
 
   info "Unpacking squashfs system image to ${system_mnt}"
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.orig"
   sudo "${unsquashfs}" -no-xattrs -f -no-progress -d "${system_mnt}" "${system_img}"
 
   snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.orig"
@@ -408,6 +416,17 @@ sign_android_internal() {
     -no-progress
   local new_size=$(stat -c '%s' "${system_img}")
   info "Android system image size change: ${old_size} -> ${new_size}"
+
+  list_image_files "${unsquashfs}" "${system_img}" > \
+      "${working_dir}/image_file_list.new"
+  if d=$(grep -v -F -x -f "${working_dir}"/image_file_list.{new,orig}); then
+    # If we have a line in image_file_list.orig which does not appear in
+    # image_file_list.new, it means some files are removed during signing
+    # process. Here we have already deleted the original Android image so
+    # cannot retry.
+    die "Unexpected change of file list\n${d}"
+  fi
+
   return 0
 }
 
-- 
cgit v1.2.1