Merge "First round of clean up of lint warnings for avbtool. In particular, addressing line-to-long, misaligned wrapped lines. There are no functional changes to the code."
diff --git a/avbtool b/avbtool
index 439c0b4..f892be9 100755
--- a/avbtool
+++ b/avbtool
@@ -258,7 +258,7 @@
This is the reverse of encode_long().
Arguments:
- value: A bytearray() with the encoded long.
+ blob: A bytearray() with the encoded long.
Returns:
The decoded value.
@@ -478,8 +478,8 @@
signing_file = tempfile.NamedTemporaryFile()
signing_file.write(str(raw_data_to_sign))
signing_file.flush()
- p = subprocess.Popen(
- [signing_helper_with_files, algorithm_name, key_path, signing_file.name])
+ p = subprocess.Popen([
+ signing_helper_with_files, algorithm_name, key_path, signing_file.name])
retcode = p.wait()
if retcode != 0:
raise AvbError('Error signing')
@@ -584,19 +584,22 @@
'\n'
'[rsapubkey]\n'
'n=INTEGER:%s\n'
- 'e=INTEGER:%s\n' % (hex(modulus).rstrip('L'), hex(exponent).rstrip('L')))
+ 'e=INTEGER:%s\n' % (hex(modulus).rstrip('L'),
+ hex(exponent).rstrip('L')))
asn1_tmpfile = tempfile.NamedTemporaryFile()
asn1_tmpfile.write(asn1_str)
asn1_tmpfile.flush()
der_tmpfile = tempfile.NamedTemporaryFile()
p = subprocess.Popen(
- ['openssl', 'asn1parse', '-genconf', asn1_tmpfile.name, '-out', der_tmpfile.name, '-noout'])
+ ['openssl', 'asn1parse', '-genconf', asn1_tmpfile.name, '-out',
+ der_tmpfile.name, '-noout'])
retcode = p.wait()
if retcode != 0:
raise AvbError('Error generating DER file')
p = subprocess.Popen(
- ['openssl', 'rsautl', '-verify', '-pubin', '-inkey', der_tmpfile.name, '-keyform', 'DER', '-raw'],
+ ['openssl', 'rsautl', '-verify', '-pubin', '-inkey', der_tmpfile.name,
+ '-keyform', 'DER', '-raw'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
@@ -944,7 +947,7 @@
offset: Offset to seek to from the beginning of the file.
"""
if offset < 0:
- raise RuntimeError("Seeking with negative offset: %d" % offset)
+ raise RuntimeError('Seeking with negative offset: %d' % offset)
self._file_pos = offset
def read(self, size):
@@ -1145,9 +1148,10 @@
image_dir: The directory of the file being verified.
image_ext: The extension of the file being verified (e.g. '.img').
expected_chain_partitions_map: A map from partition name to the
- tuple (rollback_index_location, key_blob).
+ tuple (rollback_index_location, key_blob).
image_containing_descriptor: The image the descriptor is in.
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
Returns:
True if the descriptor verifies, False otherwise.
@@ -1155,6 +1159,7 @@
# Nothing to do.
return True
+
class AvbPropertyDescriptor(AvbDescriptor):
"""A class for property descriptors.
@@ -1232,9 +1237,10 @@
image_dir: The directory of the file being verified.
image_ext: The extension of the file being verified (e.g. '.img').
expected_chain_partitions_map: A map from partition name to the
- tuple (rollback_index_location, key_blob).
+ tuple (rollback_index_location, key_blob).
image_containing_descriptor: The image the descriptor is in.
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
Returns:
True if the descriptor verifies, False otherwise.
@@ -1242,6 +1248,7 @@
# Nothing to do.
return True
+
class AvbHashtreeDescriptor(AvbDescriptor):
"""A class for hashtree descriptors.
@@ -1395,9 +1402,10 @@
image_dir: The directory of the file being verified.
image_ext: The extension of the file being verified (e.g. '.img').
expected_chain_partitions_map: A map from partition name to the
- tuple (rollback_index_location, key_blob).
+ tuple (rollback_index_location, key_blob).
image_containing_descriptor: The image the descriptor is in.
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
Returns:
True if the descriptor verifies, False otherwise.
@@ -1412,7 +1420,7 @@
digest_size = len(hashlib.new(name=self.hash_algorithm).digest())
digest_padding = round_to_pow2(digest_size) - digest_size
(hash_level_offsets, tree_size) = calc_hash_level_offsets(
- self.image_size, self.data_block_size, digest_size + digest_padding)
+ self.image_size, self.data_block_size, digest_size + digest_padding)
root_digest, hash_tree = generate_hash_tree(image, self.image_size,
self.data_block_size,
self.hash_algorithm, self.salt,
@@ -1429,7 +1437,8 @@
hash_tree_ondisk = image.read(self.tree_size)
is_zeroed = (self.tree_size == 0) or (hash_tree_ondisk[0:8] == 'ZeRoHaSH')
if is_zeroed and accept_zeroed_hashtree:
- print ('{}: skipping verification since hashtree is zeroed and --accept_zeroed_hashtree was given'
+ print ('{}: skipping verification since hashtree is zeroed and '
+ '--accept_zeroed_hashtree was given'
.format(self.partition_name))
else:
if hash_tree != hash_tree_ondisk:
@@ -1559,9 +1568,10 @@
image_dir: The directory of the file being verified.
image_ext: The extension of the file being verified (e.g. '.img').
expected_chain_partitions_map: A map from partition name to the
- tuple (rollback_index_location, key_blob).
+ tuple (rollback_index_location, key_blob).
image_containing_descriptor: The image the descriptor is in.
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
Returns:
True if the descriptor verifies, False otherwise.
@@ -1671,9 +1681,10 @@
image_dir: The directory of the file being verified.
image_ext: The extension of the file being verified (e.g. '.img').
expected_chain_partitions_map: A map from partition name to the
- tuple (rollback_index_location, key_blob).
+ tuple (rollback_index_location, key_blob).
image_containing_descriptor: The image the descriptor is in.
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
Returns:
True if the descriptor verifies, False otherwise.
@@ -1681,6 +1692,7 @@
# Nothing to verify.
return True
+
class AvbChainPartitionDescriptor(AvbDescriptor):
"""A class for chained partition descriptors.
@@ -1775,9 +1787,10 @@
image_dir: The directory of the file being verified.
image_ext: The extension of the file being verified (e.g. '.img').
expected_chain_partitions_map: A map from partition name to the
- tuple (rollback_index_location, key_blob).
+ tuple (rollback_index_location, key_blob).
image_containing_descriptor: The image the descriptor is in.
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
Returns:
True if the descriptor verifies, False otherwise.
@@ -2620,7 +2633,8 @@
vbmeta_end_offset = footer.vbmeta_offset + footer.vbmeta_size
if vbmeta_end_offset % image.block_size != 0:
- vbmeta_end_offset += image.block_size - (vbmeta_end_offset % image.block_size)
+ vbmeta_end_offset += image.block_size - (vbmeta_end_offset
+ % image.block_size)
if partition_size < vbmeta_end_offset + 1*image.block_size:
raise AvbError('Requested size of {} is too small for an image '
@@ -2726,17 +2740,20 @@
if num_printed == 0:
o.write(' (none)\n')
- def verify_image(self, image_filename, key_path, expected_chain_partitions, follow_chain_partitions,
- accept_zeroed_hashtree):
+ def verify_image(self, image_filename, key_path, expected_chain_partitions,
+ follow_chain_partitions, accept_zeroed_hashtree):
"""Implements the 'verify_image' command.
Arguments:
image_filename: Image file to get information from (file object).
- key_path: None or check that embedded public key matches key at given path.
+ key_path: None or check that embedded public key matches key at given
+ path.
expected_chain_partitions: List of chain partitions to check or None.
- follow_chain_partitions: If True, will follows chain partitions even when not
- specified with the --expected_chain_partition option
- accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is zeroed out.
+ follow_chain_partitions:
+ If True, will follows chain partitions even when not specified with
+ the --expected_chain_partition option
+ accept_zeroed_hashtree: If True, don't fail if hashtree or FEC data is
+ zeroed out.
"""
expected_chain_partitions_map = {}
if expected_chain_partitions:
@@ -2749,17 +2766,20 @@
rollback_index_location = int(cp_tokens[1])
file_path = cp_tokens[2]
pk_blob = open(file_path).read()
- expected_chain_partitions_map[partition_name] = (rollback_index_location, pk_blob)
+ expected_chain_partitions_map[partition_name] = (
+ rollback_index_location, pk_blob)
image_dir = os.path.dirname(image_filename)
image_ext = os.path.splitext(image_filename)[1]
key_blob = None
if key_path:
- print 'Verifying image {} using key at {}'.format(image_filename, key_path)
+ print 'Verifying image {} using key at {}'.format(image_filename,
+ key_path)
key_blob = encode_rsa_key(key_path)
else:
- print 'Verifying image {} using embedded public key'.format(image_filename)
+ print 'Verifying image {} using embedded public key'.format(
+ image_filename)
image = ImageHandler(image_filename)
(footer, header, descriptors, image_size) = self._parse_image(image)
@@ -2768,8 +2788,9 @@
offset = footer.vbmeta_offset
image.seek(offset)
- vbmeta_blob = image.read(header.SIZE + header.authentication_data_block_size +
- header.auxiliary_data_block_size)
+ vbmeta_blob = image.read(header.SIZE
+ + header.authentication_data_block_size
+ + header.auxiliary_data_block_size)
alg_name, _ = lookup_algorithm_by_type(header.algorithm_type)
if not verify_vbmeta_signature(header, vbmeta_blob):
@@ -2781,7 +2802,8 @@
key_offset = AvbVBMetaHeader.SIZE
key_offset += header.authentication_data_block_size
key_offset += header.public_key_offset
- key_blob_in_vbmeta = vbmeta_blob[key_offset:key_offset + header.public_key_size]
+ key_blob_in_vbmeta = vbmeta_blob[key_offset:key_offset
+ + header.public_key_size]
if key_blob != key_blob_in_vbmeta:
raise AvbError('Embedded public key does not match given key.')
@@ -2793,24 +2815,29 @@
.format(alg_name, image.filename))
for desc in descriptors:
- if (isinstance(desc, AvbChainPartitionDescriptor) and follow_chain_partitions and
- expected_chain_partitions_map.get(desc.partition_name) == None):
+ if (isinstance(desc, AvbChainPartitionDescriptor)
+ and follow_chain_partitions
+ and expected_chain_partitions_map.get(desc.partition_name) == None):
# In this case we're processing a chain descriptor but don't have a
# --expect_chain_partition ... however --follow_chain_partitions was
# specified so we shouldn't error out in desc.verify().
- print ('{}: Chained but ROLLBACK_SLOT (which is {}) and KEY (which has sha1 {}) not specified'
- .format(desc.partition_name, desc.rollback_index_location,
- hashlib.sha1(desc.public_key).hexdigest()))
+ print ('{}: Chained but ROLLBACK_SLOT (which is {}) '
+ 'and KEY (which has sha1 {}) not specified'
+ .format(desc.partition_name, desc.rollback_index_location,
+ hashlib.sha1(desc.public_key).hexdigest()))
else:
- if not desc.verify(image_dir, image_ext, expected_chain_partitions_map, image,
- accept_zeroed_hashtree):
+ if not desc.verify(image_dir, image_ext, expected_chain_partitions_map,
+ image, accept_zeroed_hashtree):
raise AvbError('Error verifying descriptor.')
- # Honor --follow_chain_partitions - add '--' to make the output more readable.
- if isinstance(desc, AvbChainPartitionDescriptor) and follow_chain_partitions:
+ # Honor --follow_chain_partitions - add '--' to make the output more
+ # readable.
+ if (isinstance(desc, AvbChainPartitionDescriptor)
+ and follow_chain_partitions):
print '--'
- chained_image_filename = os.path.join(image_dir, desc.partition_name + image_ext)
- self.verify_image(chained_image_filename, key_path, None, False, accept_zeroed_hashtree)
-
+ chained_image_filename = os.path.join(image_dir,
+ desc.partition_name + image_ext)
+ self.verify_image(chained_image_filename, key_path, None, False,
+ accept_zeroed_hashtree)
def calculate_vbmeta_digest(self, image_filename, hash_algorithm, output):
"""Implements the 'calculate_vbmeta_digest' command.
@@ -2839,9 +2866,11 @@
for desc in descriptors:
if isinstance(desc, AvbChainPartitionDescriptor):
- ch_image_filename = os.path.join(image_dir, desc.partition_name + image_ext)
+ ch_image_filename = os.path.join(image_dir,
+ desc.partition_name + image_ext)
ch_image = ImageHandler(ch_image_filename)
- (ch_footer, ch_header, ch_descriptors, ch_image_size) = self._parse_image(ch_image)
+ (ch_footer, ch_header, ch_descriptors,
+ ch_image_size) = self._parse_image(ch_image)
ch_offset = 0
ch_size = (ch_header.SIZE + ch_header.authentication_data_block_size +
ch_header.auxiliary_data_block_size)
@@ -2854,7 +2883,6 @@
digest = hasher.digest()
output.write('{}\n'.format(digest.encode('hex')))
-
def calculate_kernel_cmdline(self, image_filename, hashtree_disabled, output):
"""Implements the 'calculate_kernel_cmdline' command.
@@ -2873,7 +2901,8 @@
cmdline_descriptors = []
for desc in descriptors:
if isinstance(desc, AvbChainPartitionDescriptor):
- ch_image_filename = os.path.join(image_dir, desc.partition_name + image_ext)
+ ch_image_filename = os.path.join(image_dir,
+ desc.partition_name + image_ext)
ch_image = ImageHandler(ch_image_filename)
_, _, ch_descriptors, _ = self._parse_image(ch_image)
for ch_desc in ch_descriptors:
@@ -2885,17 +2914,19 @@
kernel_cmdline_snippets = []
for desc in cmdline_descriptors:
use_cmdline = True
- if (desc.flags & AvbKernelCmdlineDescriptor.FLAGS_USE_ONLY_IF_HASHTREE_NOT_DISABLED) != 0:
+ if ((desc.flags &
+ AvbKernelCmdlineDescriptor.FLAGS_USE_ONLY_IF_HASHTREE_NOT_DISABLED)
+ != 0):
if hashtree_disabled:
use_cmdline = False
- if (desc.flags & AvbKernelCmdlineDescriptor.FLAGS_USE_ONLY_IF_HASHTREE_DISABLED) != 0:
+ if (desc.flags &
+ AvbKernelCmdlineDescriptor.FLAGS_USE_ONLY_IF_HASHTREE_DISABLED) != 0:
if not hashtree_disabled:
use_cmdline = False
if use_cmdline:
kernel_cmdline_snippets.append(desc.kernel_cmdline)
output.write(' '.join(kernel_cmdline_snippets))
-
def _parse_image(self, image):
"""Gets information about an image.
@@ -3690,7 +3721,8 @@
release_string, append_to_release_string,
output_vbmeta_image, do_not_append_vbmeta_image,
print_required_libavb_version,
- use_persistent_root_digest, do_not_use_ab, no_hashtree):
+ use_persistent_root_digest, do_not_use_ab,
+ no_hashtree):
"""Implements the 'add_hashtree_footer' command.
See https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity for
@@ -4432,7 +4464,8 @@
sub_parser.add_argument('--padding_size',
metavar='NUMBER',
help='If non-zero, pads output with NUL bytes so '
- 'its size is a multiple of NUMBER (default: 0)',
+ 'its size is a multiple of NUMBER '
+ '(default: 0)',
type=parse_number,
default=0)
self._add_common_args(sub_parser)
@@ -4485,8 +4518,9 @@
type=argparse.FileType('rb'))
sub_parser.set_defaults(func=self.append_vbmeta_image)
- sub_parser = subparsers.add_parser('add_hashtree_footer',
- help='Add hashtree and footer to image.')
+ sub_parser = subparsers.add_parser(
+ 'add_hashtree_footer',
+ help='Add hashtree and footer to image.')
sub_parser.add_argument('--image',
help='Image to add hashtree to',
type=argparse.FileType('rab+'))
@@ -4514,9 +4548,10 @@
sub_parser.add_argument('--generate_fec',
help=argparse.SUPPRESS,
action='store_true')
- sub_parser.add_argument('--do_not_generate_fec',
- help='Do not generate forward-error-correction codes',
- action='store_true')
+ sub_parser.add_argument(
+ '--do_not_generate_fec',
+ help='Do not generate forward-error-correction codes',
+ action='store_true')
sub_parser.add_argument('--fec_num_roots',
help='Number of roots for FEC (default: 2)',
type=parse_number,
@@ -4567,8 +4602,9 @@
required=True)
sub_parser.set_defaults(func=self.zero_hashtree)
- sub_parser = subparsers.add_parser('extract_vbmeta_image',
- help='Extracts vbmeta from an image with a footer.')
+ sub_parser = subparsers.add_parser(
+ 'extract_vbmeta_image',
+ help='Extracts vbmeta from an image with a footer.')
sub_parser.add_argument('--image',
help='Image with footer',
type=argparse.FileType('rb'),
@@ -4579,7 +4615,8 @@
sub_parser.add_argument('--padding_size',
metavar='NUMBER',
help='If non-zero, pads output with NUL bytes so '
- 'its size is a multiple of NUMBER (default: 0)',
+ 'its size is a multiple of NUMBER '
+ '(default: 0)',
type=parse_number,
default=0)
sub_parser.set_defaults(func=self.extract_vbmeta_image)
@@ -4623,13 +4660,15 @@
help='Expected chain partition',
metavar='PART_NAME:ROLLBACK_SLOT:KEY_PATH',
action='append')
- sub_parser.add_argument('--follow_chain_partitions',
- help=('Follows chain partitions even when not '
- 'specified with the --expected_chain_partition option'),
- action='store_true')
- sub_parser.add_argument('--accept_zeroed_hashtree',
- help=('Accept images where the hashtree or FEC data is zeroed out'),
- action='store_true')
+ sub_parser.add_argument(
+ '--follow_chain_partitions',
+ help=('Follows chain partitions even when not '
+ 'specified with the --expected_chain_partition option'),
+ action='store_true')
+ sub_parser.add_argument(
+ '--accept_zeroed_hashtree',
+ help=('Accept images where the hashtree or FEC data is zeroed out'),
+ action='store_true')
sub_parser.set_defaults(func=self.verify_image)
sub_parser = subparsers.add_parser(
@@ -4867,30 +4906,31 @@
sys.stderr.write('The --generate_fec option is deprecated since FEC '
'is now generated by default. Use the option '
'--do_not_generate_fec to not generate FEC.\n')
- self.avb.add_hashtree_footer(args.image.name if args.image else None,
- args.partition_size,
- args.partition_name,
- not args.do_not_generate_fec, args.fec_num_roots,
- args.hash_algorithm, args.block_size,
- args.salt, args.chain_partition, args.algorithm,
- args.key, args.public_key_metadata,
- args.rollback_index, args.flags, args.prop,
- args.prop_from_file,
- args.kernel_cmdline,
- args.setup_rootfs_from_kernel,
- args.setup_as_rootfs_from_kernel,
- args.include_descriptors_from_image,
- args.calc_max_image_size,
- args.signing_helper,
- args.signing_helper_with_files,
- args.internal_release_string,
- args.append_to_release_string,
- args.output_vbmeta_image,
- args.do_not_append_vbmeta_image,
- args.print_required_libavb_version,
- args.use_persistent_digest,
- args.do_not_use_ab,
- args.no_hashtree)
+ self.avb.add_hashtree_footer(
+ args.image.name if args.image else None,
+ args.partition_size,
+ args.partition_name,
+ not args.do_not_generate_fec, args.fec_num_roots,
+ args.hash_algorithm, args.block_size,
+ args.salt, args.chain_partition, args.algorithm,
+ args.key, args.public_key_metadata,
+ args.rollback_index, args.flags, args.prop,
+ args.prop_from_file,
+ args.kernel_cmdline,
+ args.setup_rootfs_from_kernel,
+ args.setup_as_rootfs_from_kernel,
+ args.include_descriptors_from_image,
+ args.calc_max_image_size,
+ args.signing_helper,
+ args.signing_helper_with_files,
+ args.internal_release_string,
+ args.append_to_release_string,
+ args.output_vbmeta_image,
+ args.do_not_append_vbmeta_image,
+ args.print_required_libavb_version,
+ args.use_persistent_digest,
+ args.do_not_use_ab,
+ args.no_hashtree)
def erase_footer(self, args):
"""Implements the 'erase_footer' sub-command."""
@@ -4931,7 +4971,8 @@
def calculate_kernel_cmdline(self, args):
"""Implements the 'calculate_kernel_cmdline' sub-command."""
- self.avb.calculate_kernel_cmdline(args.image.name, args.hashtree_disabled, args.output)
+ self.avb.calculate_kernel_cmdline(args.image.name, args.hashtree_disabled,
+ args.output)
def make_atx_certificate(self, args):
"""Implements the 'make_atx_certificate' sub-command."""