Extend "non-release" check to session manager use-flags.

Since we've moved away from flag-files in session manager to
enable certain dev/test-mode features, our strategy of checking
for those flag files on the signer fell behind. This test adopts
a scheme that any use flag starting with "test_" or "dangerous_"
is blacklisted from release signing.

BUG=chromium-os:32430
TEST=ran the script against both a 'base' and 'test' image
from the builder/ToT. Passes/fails as expected.

Change-Id: I54d6ef17d52371c7543d5705e0939e000db85e51
Reviewed-on: https://gerrit.chromium.org/gerrit/29034
Reviewed-by: Chris Masone <cmasone@chromium.org>
Tested-by: Jim Hebert <jimhebert@chromium.org>
Commit-Ready: Jim Hebert <jimhebert@chromium.org>

1 files changed, 13 insertions, 1 deletions

diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index bc38a57f..5a07248e 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
@@ -48,6 +48,18 @@ main() {
         fi
     done
 
+    # Some things which used to be flag-files, checked-for by this
+    # test, are now tracked as use-flags.
+    local useflag_path="$rootfs/etc/session_manager_use_flags.txt"
+    for prefix in dangerous_ test_; do
+        local matches=$(grep "^$prefix" "$useflag_path")
+        if [ -n "$matches" ]; then
+            echo "FAIL: Found non-release use flags in $useflag_path:"
+            echo "$matches"
+            testfail=1
+        fi
+    done
+
     exit $testfail
 }
 main "$@"