diff options
| author | Luis Hector Chavez <lhchavez@google.com> | 2016-09-21 22:38:38 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2016-09-23 21:09:16 -0700 |
| commit | 42b74d2677786cf9e135873b574428bdd74bd3fb (patch) | |
| tree | 069831eb810dceba179b628604aa04b615d31ce8 | |
| parent | 0ea5e1ec4a15994a23d732988f46e74e52d8dadd (diff) | |
| download | vboot-42b74d2677786cf9e135873b574428bdd74bd3fb.tar.gz | |
Preserve file capabilities while signing Android
The version of unsquashfs that is shipped with Trusty does not correctly
file capabilities, even though the target filesystem supports them. This
change forces the Android signer script to prefer the pre-built binaries
for mksquashfs/unsquashfs in order for the file capabilities to be
preserved.
BUG=b:31630024
BRANCH=none
TEST=Called sign_android_image.sh locally, saw capabilities preserved
across repeated invocations.
CQ-DEPEND=CL:*289356
Change-Id: I13e8782edb699eb4ce8bcf82885bd474f4351430
Reviewed-on: https://chromium-review.googlesource.com/387867
Commit-Ready: Luis Hector Chavez <lhchavez@google.com>
Tested-by: Luis Hector Chavez <lhchavez@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
| -rwxr-xr-x | scripts/image_signing/sign_android_image.sh | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh index dd8a6cde..a5602322 100755 --- a/scripts/image_signing/sign_android_image.sh +++ b/scripts/image_signing/sign_android_image.sh @@ -196,6 +196,9 @@ main() { local key_dir=$2 local android_dir="${root_fs_dir}/opt/google/containers/android" local system_img="${android_dir}/system.raw.img" + # Use the versions in $PATH rather than the system ones. + local unsquashfs=$(which unsquashfs) + local mksquashfs=$(which mksquashfs) if [[ $# -ne 2 ]]; then usage "command takes exactly 2 args" @@ -215,8 +218,8 @@ main() { local working_dir=$(make_temp_dir) local system_mnt="${working_dir}/mnt" - info "Unpacking sqaushfs image to ${system_img}" - sudo unsquashfs -f -no-progress -d "${system_mnt}" "${system_img}" + info "Unpacking squashfs image to ${system_img}" + sudo "${unsquashfs}" -x -f -no-progress -d "${system_mnt}" "${system_img}" snapshot_file_properties "${system_mnt}" > "${working_dir}/properties.orig" @@ -232,10 +235,11 @@ main() { die "Unexpected change of file property, diff\n${d}" fi - info "Repacking sqaushfs image" + info "Repacking squashfs image" local old_size=$(stat -c '%s' "${system_img}") # Overwrite the original image. - sudo mksquashfs "${system_mnt}" "${system_img}" -no-progress -comp lzo -noappend + sudo "${mksquashfs}" "${system_mnt}" "${system_img}" \ + -no-progress -comp lzo -noappend local new_size=$(stat -c '%s' "${system_img}") info "Android system image size change: ${old_size} -> ${new_size}" } |