image_signing: ensure_secure_kernelparams.sh: use loopback devices for speed

Rather than read out the whole kernel partition just to dump the kernel config, set the image up via a loopback device and read from there. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: I3797a0e77315e8baf6f481f31c44b889ac6d098a Reviewed-on: https://chromium-review.googlesource.com/505475 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
author: Mike Frysinger <vapier@chromium.org> 2017-05-07 02:07:50 -0400
committer: chrome-bot <chrome-bot@chromium.org> 2017-05-23 23:59:31 -0700
commit: b568c66bd7c325d7f01459032a6c9212f7ac99ac (patch)
tree: 2d6401aa3c80db3c9d0a61bde686c4afdb18463c
parent: 2c8597214882cebdaf7d82297f9832c0dd11da1a (diff)
download: vboot-b568c66bd7c325d7f01459032a6c9212f7ac99ac.tar.gz
2 files changed, 64 insertions, 4 deletions
diff --git a/scripts/image_signing/common.sh b/scripts/image_signing/common.sh
index e816a88c..f100be56 100644
--- a/scripts/image_signing/common.sh
+++ b/scripts/image_signing/common.sh
@@ -68,6 +68,59 @@ error() {
   echo -e >&2   "${V_BOLD_RED}${CROS_LOG_PREFIX:-}ERROR  : $1${V_VIDOFF}"
 }
 
+TEMP_LOOP_LIST=$(mktemp)
+
+# Setup a loopback device for a file and scan for partitions, with retries.
+#
+# $1 - The file to back the new loopback device.
+# $2-$N - Additional arguments to pass to losetup.
+loopback_partscan() {
+  local lb_dev image="$1"
+  shift
+
+  # We know partition scanning & dev node creation can be racy with udev and
+  # the kernel, and the kernel does not sleep/wait for it to finish.  We have
+  # to use the partx tool manually as it will sleep until things are finished.
+  lb_dev=$(sudo losetup --show -f "$@" "${image}")
+
+  # Cache the path so we can clean it up.
+  echo "${lb_dev}" >>"${TEMP_LOOP_LIST}"
+
+  # Ignore problems deleting existing partitions. There shouldn't be any
+  # which will upset partx, but that's actually ok.
+  sudo partx -d "${lb_dev}" 2>/dev/null || true
+  sudo partx -a "${lb_dev}"
+
+  echo "${lb_dev}"
+}
+
+# Detach a loopback device set up earlier.
+#
+# $1 - The loop device to detach.
+# $2-$N - Additional arguments to pass to losetup.
+loopback_detach() {
+  # Retry the deletes before we detach.  crbug.com/469259
+  local i
+  for (( i = 0; i < 10; i++ )); do
+    if sudo partx -d "$1"; then
+      break
+    fi
+    warn "Sleeping & retrying ..."
+    sync
+    sleep 1
+  done
+  sudo losetup --detach "$@"
+}
+
+# Clear out all loopback devices we setup.
+cleanup_loopbacks() {
+  local line
+  while read -r line; do
+    loopback_detach "${line}" 2>/dev/null
+  done <"${TEMP_LOOP_LIST}"
+  rm -f "${TEMP_LOOP_LIST}"
+}
+
 # Usage: lsbval path-to-lsb-file key
 # Returns the value for the given lsb-release file variable.
 lsbval() {
@@ -96,3 +149,4 @@ get_boardvar_from_lsb_release() {
 trap "cleanup" INT TERM EXIT
 
 add_cleanup_action "cleanup_temps_and_mounts"
+add_cleanup_action "cleanup_loopbacks"
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh
index 57e10362..daebe451 100755
--- a/scripts/image_signing/ensure_secure_kernelparams.sh
+++ b/scripts/image_signing/ensure_secure_kernelparams.sh
@@ -67,6 +67,8 @@ main() {
     local output
     # Copy of a string before it has been through sed
     local pre_sed
+    # Where the disk image is mounted.
+    local loopdev
 
     if [[ $# -ne 1 ]] && [[ $# -ne 2 ]]; then
         usage
@@ -89,14 +91,18 @@ main() {
     # Either way, load test-expectations data from config.
     . "$configfile" || return 1
 
-    local kernelblob=$(make_temp_file)
+    # Set up the image on a loopback device so it's faster to access.
+    local loopdev
+    loopdev=$(loopback_partscan "${image}")
+
     # TODO(jimhebert): Perform the kernel security tests on both the kernel
     #                  partitions. Here, we just run it on kernel partition 4
     #                  which is the install kernel on the recovery image.
     #                  crosbug.com/24274
-    extract_image_partition "$image" 4 "$kernelblob"
+    local loop_kern="${loopdev}p4"
+    local loop_rootfs="${loopdev}p3"
     local rootfs=$(make_temp_dir)
-    mount_image_partition_ro "$image" 3 "$rootfs"
+    sudo mount -o ro "${loop_rootfs}" "${rootfs}"
 
     # Pick the right set of test-expectation data to use.
     local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
@@ -120,7 +126,7 @@ main() {
     output+="$(printf "\t'%s'\n" "${required_dmparams_regex[@]}")\n)\n"
 
     # Divide the dm params from the rest and process seperately.
-    local kparams=$(dump_kernel_config "$kernelblob")
+    local kparams=$(sudo dump_kernel_config "${loop_kern}")
     local dmparams=$(get_dmparams "$kparams")
     local kparams_nodm=$(kparams_remove_dm "$kparams")
author	Mike Frysinger <vapier@chromium.org>	2017-05-07 02:07:50 -0400
committer	chrome-bot <chrome-bot@chromium.org>	2017-05-23 23:59:31 -0700
commit	b568c66bd7c325d7f01459032a6c9212f7ac99ac (patch)
tree	2d6401aa3c80db3c9d0a61bde686c4afdb18463c
parent	2c8597214882cebdaf7d82297f9832c0dd11da1a (diff)
download	vboot-b568c66bd7c325d7f01459032a6c9212f7ac99ac.tar.gz