image_signing: unify board extraction logic from lsb-releasefirmware-servo-9040.Bfirmware-reef-9042.87.B

We had two places extracting the board value from lsb-release and parsing
the output by hand.  Unify them to use the same parsing logic to avoid
desynchronized behavior.

We also create a new get_boardvar_from_lsb_release helper to unify the
board name -> variable name mangling logic.

BUG=chromium:667192
TEST=`./security_test_image --board samus` still detects the correct board
BRANCH=None

Change-Id: If88a8ae59b9c9fd45ddd796653a0173ed0186d2d
Reviewed-on: https://chromium-review.googlesource.com/414224
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>

4 files changed, 33 insertions, 29 deletions

diff --git a/scripts/image_signing/common.sh b/scripts/image_signing/common.sh
index 62dc362a..657b5be2 100644
--- a/scripts/image_signing/common.sh
+++ b/scripts/image_signing/common.sh
@@ -75,14 +75,28 @@ die() {
   exit 1
 }
 
-# Extract and return board name from /etc/lsb-release.
-# Args: rootfs
+# Usage: lsbval path-to-lsb-file key
+# Returns the value for the given lsb-release file variable.
+lsbval() {
+  local lsbfile="$1"
+  local key="$2"
+  grep "^${key}=" "${lsbfile}" | sed "s/^${key}=//"
+}
+
+# Usage: get_board_from_lsb_release rootfs
+# Returns the exact board name from /etc/lsb-release.  This may contain
+# dashes or other characters not suitable for variable names.  See the
+# next function for that.
 get_board_from_lsb_release() {
-  local rootfs=$1
-  # The cuts turn e.g. x86-foo as a well as x86-foo-pvtkeys into x86_foo.
-  local board=$(grep CHROMEOS_RELEASE_BOARD= "${rootfs}/etc/lsb-release" | \
-                cut -d = -f 2 | cut -d - -f 1,2 --output-delimiter=_)
-  echo "${board}"
+  local rootfs="$1"
+  lsbval "${rootfs}/etc/lsb-release" CHROMEOS_RELEASE_BOARD
+}
+
+# Usage: get_boardvar_from_lsb_release rootfs
+# Returns the board name from /etc/lsb-release in a mangled form that can
+# be used in variable names.  e.g. dashes are turned into underscores.
+get_boardvar_from_lsb_release() {
+  get_board_from_lsb_release "$@" | sed 's:[-]:_:g'
 }
 
 # This will override the trap set in common_minmal.sh
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index a912c449..a3612cea 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -40,8 +40,8 @@ main() {
     local rootfs=$(make_temp_dir)
     mount_image_partition_ro "${image}" 3 "${rootfs}"
     # Pick the right set of test-expectation data to use.
-    local board=$(get_board_from_lsb_release "${rootfs}")
-    eval "release_file_blacklist=(\"\${RELEASE_FILE_BLACKLIST_${board}[@]}\")"
+    local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
+    eval "release_file_blacklist=(\"\${RELEASE_FILE_BLACKLIST_${boardvar}[@]}\")"
 
     for file in ${release_file_blacklist}; do
         if [ -e "${rootfs}/${file}" ]; then
diff --git a/scripts/image_signing/ensure_sane_lsb-release.sh b/scripts/image_signing/ensure_sane_lsb-release.sh
index ded87fdb..3fd1bae7 100755
--- a/scripts/image_signing/ensure_sane_lsb-release.sh
+++ b/scripts/image_signing/ensure_sane_lsb-release.sh
@@ -16,14 +16,6 @@ usage() {
   echo "Usage $PROG image [config]"
 }
 
-# Usage: lsbval path-to-lsb-file key
-# Returns the value for the given lsb-release file variable.
-lsbval() {
-  local lsbfile="$1"
-  local key="$2"
-  grep ^$key= "$lsbfile" | sed s/^$key=//
-}
-
 # Usage: lsbequals path-to-lsb-file key expected-value
 # Returns 0 if they match, 1 otherwise.
 # Also outputs a warning message if they don't match.
@@ -140,13 +132,10 @@ main() {
   check_keyval_in_list $lsb CHROMEOS_RELEASE_TRACK \
     "${expected_release_tracks[@]}" || testfail=1
 
+  local board=$(get_board_from_lsb_release "${rootfs}")
   if check_keyval_in_list $lsb CHROMEOS_RELEASE_BOARD \
     "${expected_boards[@]}"; then
-    # Pick the right set of test-expectation data to use.
-    local board=$(lsbval $lsb CHROMEOS_RELEASE_BOARD |
-                  cut -d = -f 2)
-    # a copy of the board string with '-' squished to variable-name-safe '_'.
-    local boardvar=${board//-/_}
+    local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
     channel=$(lsbval $lsb CHROMEOS_RELEASE_TRACK)
     # For a canary or dogfood channel, appid maybe a different default value.
     if [ $channel = 'canary-channel' ] || [ $channel = 'dogfood-channel' ]; then
@@ -157,6 +146,7 @@ main() {
     lsbequals $lsb CHROMEOS_RELEASE_APPID "$expected_appid" || testfail=1
   else # unrecognized board
     testfail=1
+    error "Unknown board: ${board}"
   fi
 
   exit $testfail
diff --git a/scripts/image_signing/ensure_secure_kernelparams.sh b/scripts/image_signing/ensure_secure_kernelparams.sh
index 044b441e..57e10362 100755
--- a/scripts/image_signing/ensure_secure_kernelparams.sh
+++ b/scripts/image_signing/ensure_secure_kernelparams.sh
@@ -99,13 +99,13 @@ main() {
     mount_image_partition_ro "$image" 3 "$rootfs"
 
     # Pick the right set of test-expectation data to use.
-    local board=$(get_board_from_lsb_release "${rootfs}")
-    eval "required_kparams=(\"\${required_kparams_$board[@]}\")"
-    eval "required_kparams_regex=(\"\${required_kparams_regex_$board[@]}\")"
-    eval "optional_kparams=(\"\${optional_kparams_$board[@]}\")"
-    eval "optional_kparams_regex=(\"\${optional_kparams_regex_$board[@]}\")"
-    eval "required_dmparams=(\"\${required_dmparams_$board[@]}\")"
-    eval "required_dmparams_regex=(\"\${required_dmparams_regex_$board[@]}\")"
+    local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
+    eval "required_kparams=(\"\${required_kparams_${boardvar}[@]}\")"
+    eval "required_kparams_regex=(\"\${required_kparams_regex_${boardvar}[@]}\")"
+    eval "optional_kparams=(\"\${optional_kparams_${boardvar}[@]}\")"
+    eval "optional_kparams_regex=(\"\${optional_kparams_regex_${boardvar}[@]}\")"
+    eval "required_dmparams=(\"\${required_dmparams_${boardvar}[@]}\")"
+    eval "required_dmparams_regex=(\"\${required_dmparams_regex_${boardvar}[@]}\")"
     output+="required_kparams=(\n"
     output+="$(printf "\t'%s'\n" "${required_kparams[@]}")\n)\n"
     output+="required_kparams_regex=(\n"