summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@chromium.org>2016-11-23 12:22:29 -0500
committerchrome-bot <chrome-bot@chromium.org>2016-11-29 17:41:03 -0800
commit1e9245dfff914107ec06aac84f3b70c2df1f4a41 (patch)
tree3766ce65407bd95916bd4e61763ccaa04880eff7
parentc66cbc3440b03440d591274b188ea62b2de7af80 (diff)
downloadvboot-1e9245dfff914107ec06aac84f3b70c2df1f4a41.tar.gz
image_signing: unify board extraction logic from lsb-releasefirmware-servo-9040.Bfirmware-reef-9042.87.B
We had two places extracting the board value from lsb-release and parsing the output by hand. Unify them to use the same parsing logic to avoid desynchronized behavior. We also create a new get_boardvar_from_lsb_release helper to unify the board name -> variable name mangling logic. BUG=chromium:667192 TEST=`./security_test_image --board samus` still detects the correct board BRANCH=None Change-Id: If88a8ae59b9c9fd45ddd796653a0173ed0186d2d Reviewed-on: https://chromium-review.googlesource.com/414224 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
-rw-r--r--scripts/image_signing/common.sh28
-rwxr-xr-xscripts/image_signing/ensure_no_nonrelease_files.sh4
-rwxr-xr-xscripts/image_signing/ensure_sane_lsb-release.sh16
-rwxr-xr-xscripts/image_signing/ensure_secure_kernelparams.sh14
4 files changed, 33 insertions, 29 deletions
diff --git a/scripts/image_signing/common.sh b/scripts/image_signing/common.sh
index 62dc362a..657b5be2 100644
--- a/scripts/image_signing/common.sh
+++ b/scripts/image_signing/common.sh
@@ -75,14 +75,28 @@ die() {
exit 1
}
-# Extract and return board name from /etc/lsb-release.
-# Args: rootfs
+# Usage: lsbval path-to-lsb-file key
+# Returns the value for the given lsb-release file variable.
+lsbval() {
+ local lsbfile="$1"
+ local key="$2"
+ grep "^${key}=" "${lsbfile}" | sed "s/^${key}=//"
+}
+
+# Usage: get_board_from_lsb_release rootfs
+# Returns the exact board name from /etc/lsb-release. This may contain
+# dashes or other characters not suitable for variable names. See the
+# next function for that.
get_board_from_lsb_release() {
- local rootfs=$1
- # The cuts turn e.g. x86-foo as a well as x86-foo-pvtkeys into x86_foo.
- local board=$(grep CHROMEOS_RELEASE_BOARD= "${rootfs}/etc/lsb-release" | \
- cut -d = -f 2 | cut -d - -f 1,2 --output-delimiter=_)
- echo "${board}"
+ local rootfs="$1"
+ lsbval "${rootfs}/etc/lsb-release" CHROMEOS_RELEASE_BOARD
+}
+
+# Usage: get_boardvar_from_lsb_release rootfs
+# Returns the board name from /etc/lsb-release in a mangled form that can
+# be used in variable names. e.g. dashes are turned into underscores.
+get_boardvar_from_lsb_release() {
+ get_board_from_lsb_release "$@" | sed 's:[-]:_:g'
}
# This will override the trap set in common_minmal.sh
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index a912c449..a3612cea 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -40,8 +40,8 @@ main() {
local rootfs=$(make_temp_dir)
mount_image_partition_ro "${image}" 3 "${rootfs}"
# Pick the right set of test-expectation data to use.
- local board=$(get_board_from_lsb_release "${rootfs}")
- eval "release_file_blacklist=(\"\${RELEASE_FILE_BLACKLIST_${board}[@]}\")"
+ local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
+ eval "release_file_blacklist=(\"\${RELEASE_FILE_BLACKLIST_${boardvar}[@]}\")"
for file in ${release_file_blacklist}; do
if [ -e "${rootfs}/${file}" ]; then
diff --git a/scripts/image_signing/ensure_sane_lsb-release.sh b/scripts/image_signing/ensure_sane_lsb-release.sh
index ded87fdb..3fd1bae7 100755
--- a/scripts/image_signing/ensure_sane_lsb-release.sh
+++ b/scripts/image_signing/ensure_sane_lsb-release.sh
@@ -16,14 +16,6 @@ usage() {
echo "Usage $PROG image [config]"
}
-# Usage: lsbval path-to-lsb-file key
-# Returns the value for the given lsb-release file variable.
-lsbval() {
- local lsbfile="$1"
- local key="$2"
- grep ^$key= "$lsbfile" | sed s/^$key=//
-}
-
# Usage: lsbequals path-to-lsb-file key expected-value
# Returns 0 if they match, 1 otherwise.
# Also outputs a warning message if they don't match.
@@ -140,13 +132,10 @@ main() {
check_keyval_in_list $lsb CHROMEOS_RELEASE_TRACK \
"${expected_release_tracks[@]}" || testfail=1
+ local board=$(get_board_from_lsb_release "${rootfs}")
if check_keyval_in_list $lsb CHROMEOS_RELEASE_BOARD \
"${expected_boards[@]}"; then
- # Pick the right set of test-expectation data to use.
- local board=$(lsbval $lsb CHROMEOS_RELEASE_BOARD |
- cut -d = -f 2)
- # a copy of the board string with '-' squished to variable-name-safe '_'.
- local boardvar=${board//-/_}
+ local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
channel=$(lsbval $lsb CHROMEOS_RELEASE_TRACK)
# For a canary or dogfood channel, appid maybe a different default value.
if [ $channel = 'canary-channel' ] || [ $channel = 'dogfood-channel' ]; then
@@ -157,6 +146,7 @@ main() {
lsbequals $lsb CHROMEOS_RELEASE_APPID "$expected_appid" || testfail=1
else # unrecognized board
testfail=1
+ error "Unknown board: ${board}"
fi
exit $testfail
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh
index 044b441e..57e10362 100755
--- a/scripts/image_signing/ensure_secure_kernelparams.sh
+++ b/scripts/image_signing/ensure_secure_kernelparams.sh
@@ -99,13 +99,13 @@ main() {
mount_image_partition_ro "$image" 3 "$rootfs"
# Pick the right set of test-expectation data to use.
- local board=$(get_board_from_lsb_release "${rootfs}")
- eval "required_kparams=(\"\${required_kparams_$board[@]}\")"
- eval "required_kparams_regex=(\"\${required_kparams_regex_$board[@]}\")"
- eval "optional_kparams=(\"\${optional_kparams_$board[@]}\")"
- eval "optional_kparams_regex=(\"\${optional_kparams_regex_$board[@]}\")"
- eval "required_dmparams=(\"\${required_dmparams_$board[@]}\")"
- eval "required_dmparams_regex=(\"\${required_dmparams_regex_$board[@]}\")"
+ local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
+ eval "required_kparams=(\"\${required_kparams_${boardvar}[@]}\")"
+ eval "required_kparams_regex=(\"\${required_kparams_regex_${boardvar}[@]}\")"
+ eval "optional_kparams=(\"\${optional_kparams_${boardvar}[@]}\")"
+ eval "optional_kparams_regex=(\"\${optional_kparams_regex_${boardvar}[@]}\")"
+ eval "required_dmparams=(\"\${required_dmparams_${boardvar}[@]}\")"
+ eval "required_dmparams_regex=(\"\${required_dmparams_regex_${boardvar}[@]}\")"
output+="required_kparams=(\n"
output+="$(printf "\t'%s'\n" "${required_kparams[@]}")\n)\n"
output+="required_kparams_regex=(\n"