diff options
| author | Mike Frysinger <vapier@chromium.org> | 2019-03-13 17:02:40 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@chromium.org> | 2019-03-13 21:30:42 +0000 |
| commit | 58c626a47675f1c8b2d85c3cc93b0b8473b9d683 (patch) | |
| tree | 31d0e12766291ee925240853dd558d1de4cf0990 | |
| parent | 304aa429c1a04cda3ab2ce37b9e31af84405bfca (diff) | |
| download | vboot-58c626a47675f1c8b2d85c3cc93b0b8473b9d683.tar.gz | |
image_signing: switch to loopdevs directly
Newer kernels seem to be buggy when using loop mounts with offsets.
Switch to using `losetup -P` everywhere as that doesn't seem to run
into the bug.
BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None
Change-Id: I3c35436708d0a4b2c5c1900406503e753f88a53c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1521065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
| -rwxr-xr-x | scripts/image_signing/ensure_no_nonrelease_files.sh | 3 | ||||
| -rwxr-xr-x | scripts/image_signing/ensure_no_password.sh | 5 | ||||
| -rwxr-xr-x | scripts/image_signing/ensure_not_ASAN.sh | 3 | ||||
| -rwxr-xr-x | scripts/image_signing/ensure_sane_lsb-release.sh | 5 | ||||
| -rwxr-xr-x | scripts/image_signing/ensure_update_verification.sh | 3 | ||||
| -rwxr-xr-x | scripts/image_signing/insert_au_publickey.sh | 3 | ||||
| -rwxr-xr-x | scripts/image_signing/insert_container_publickey.sh | 4 | ||||
| -rwxr-xr-x | scripts/image_signing/remove_test_label.sh | 3 | ||||
| -rwxr-xr-x | scripts/image_signing/set_channel.sh | 5 | ||||
| -rwxr-xr-x | scripts/image_signing/set_chronos_password.sh | 8 | ||||
| -rwxr-xr-x | scripts/image_signing/set_lsb_release.sh | 5 | ||||
| -rwxr-xr-x | scripts/image_signing/strip_boot_from_image.sh | 3 | ||||
| -rwxr-xr-x | scripts/image_signing/tag_image.sh | 12 |
13 files changed, 38 insertions, 24 deletions
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh index e83a2ba8..4426d840 100755 --- a/scripts/image_signing/ensure_no_nonrelease_files.sh +++ b/scripts/image_signing/ensure_no_nonrelease_files.sh @@ -37,8 +37,9 @@ main() { # Either way, load test-expectations data from config. . "${configfile}" || return 1 + local loopdev=$(loopback_partscan "${image}") local rootfs=$(make_temp_dir) - mount_image_partition_ro "${image}" 3 "${rootfs}" + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" # Pick the right set of test-expectation data to use. local boardvar=$(get_boardvar_from_lsb_release "${rootfs}") eval "release_file_blacklist=(\"\${RELEASE_FILE_BLACKLIST_${boardvar}[@]}\")" diff --git a/scripts/image_signing/ensure_no_password.sh b/scripts/image_signing/ensure_no_password.sh index de01f92a..5df68456 100755 --- a/scripts/image_signing/ensure_no_password.sh +++ b/scripts/image_signing/ensure_no_password.sh @@ -18,12 +18,13 @@ main() { local image="$1" - local rootfs + local loopdev rootfs if [[ -d "${image}" ]]; then rootfs="${image}" else rootfs=$(make_temp_dir) - mount_image_partition_ro "${image}" 3 "${rootfs}" + loopdev=$(loopback_partscan "${image}") + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" fi if ! no_chronos_password "${rootfs}"; then diff --git a/scripts/image_signing/ensure_not_ASAN.sh b/scripts/image_signing/ensure_not_ASAN.sh index 5ea51660..16cc88cd 100755 --- a/scripts/image_signing/ensure_not_ASAN.sh +++ b/scripts/image_signing/ensure_not_ASAN.sh @@ -22,8 +22,9 @@ main() { local image="$1" + local loopdev=$(loopback_partscan "${image}") local rootfs=$(make_temp_dir) - mount_image_partition_ro "$image" 3 "$rootfs" + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" # This mirrors the check performed in the platform_ToolchainOptions # autotest. diff --git a/scripts/image_signing/ensure_sane_lsb-release.sh b/scripts/image_signing/ensure_sane_lsb-release.sh index 9ff7c1c2..a42866a3 100755 --- a/scripts/image_signing/ensure_sane_lsb-release.sh +++ b/scripts/image_signing/ensure_sane_lsb-release.sh @@ -115,14 +115,15 @@ main() { info "Loading config from ${configfile}" . "$configfile" || return 1 - local rootfs + local loopdev rootfs if [[ -d "${image}" ]]; then # We're given a mounted rootfs. rootfs="${image}" else # Mount the disk image. + loopdev=$(loopback_partscan "${image}") rootfs=$(make_temp_dir) - mount_image_partition_ro "$image" 3 "$rootfs" + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" fi local lsb="$rootfs/$LSB_FILE" diff --git a/scripts/image_signing/ensure_update_verification.sh b/scripts/image_signing/ensure_update_verification.sh index 34fb2cb3..c72b0f6e 100755 --- a/scripts/image_signing/ensure_update_verification.sh +++ b/scripts/image_signing/ensure_update_verification.sh @@ -23,9 +23,10 @@ main() { fi local image=$1 + local loopdev=$(loopback_partscan "${image}") local rootfs=$(make_temp_dir) local key_location="/usr/share/update_engine/update-payload-key.pub.pem" - mount_image_partition_ro "$image" 3 "$rootfs" + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" if [ ! -e "$rootfs/$key_location" ]; then die "Update payload verification key not found at $key_location" fi diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh index d0ee9607..9d1597de 100755 --- a/scripts/image_signing/insert_au_publickey.sh +++ b/scripts/image_signing/insert_au_publickey.sh @@ -21,9 +21,10 @@ Installs the update verification public key <au_public_key.pem> to <image.bin>. EOF exit 1 fi + local loopdev=$(loopback_partscan "${image}") local rootfs=$(make_temp_dir) local key_location="/usr/share/update_engine/" - mount_image_partition "$image" 3 "$rootfs" + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" sudo mkdir -p "$rootfs/$key_location" sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem" sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem" diff --git a/scripts/image_signing/insert_container_publickey.sh b/scripts/image_signing/insert_container_publickey.sh index 0b9348e8..606a2911 100755 --- a/scripts/image_signing/insert_container_publickey.sh +++ b/scripts/image_signing/insert_container_publickey.sh @@ -29,14 +29,16 @@ main() { local image="$1" local pub_key="$2" + local loopdev local rootfs local key_location="/usr/share/misc/" if [[ -d "${image}" ]]; then rootfs="${image}" else + loopdev=$(loopback_partscan "${image}") rootfs=$(make_temp_dir) - mount_image_partition "${image}" 3 "${rootfs}" + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" fi # Imageloader likes DER as a runtime format as it's easier to read. diff --git a/scripts/image_signing/remove_test_label.sh b/scripts/image_signing/remove_test_label.sh index 6423e390..2df7c02d 100755 --- a/scripts/image_signing/remove_test_label.sh +++ b/scripts/image_signing/remove_test_label.sh @@ -13,6 +13,7 @@ set -e image=$1 +loopdev=$(loopback_partscan "${image}") rootfs=$(make_temp_dir) -mount_image_partition ${image} 3 ${rootfs} +mount_loop_image_partition "${loopdev}" 3 "${rootfs}" sed -i 's/test//' "${rootfs}/etc/lsb-release" diff --git a/scripts/image_signing/set_channel.sh b/scripts/image_signing/set_channel.sh index a3bd4f97..0ab4ef16 100755 --- a/scripts/image_signing/set_channel.sh +++ b/scripts/image_signing/set_channel.sh @@ -24,11 +24,12 @@ fi main() { local image=$1 local to=$2 - local rootfs lsb + local loopdev rootfs lsb + loopdev=$(loopback_partscan "${image}") rootfs=$(make_temp_dir) lsb="${rootfs}/etc/lsb-release" - mount_image_partition "${image}" 3 "${rootfs}" + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" # Get the current channel on the image. local from=$(lsbval "${lsb}" 'CHROMEOS_RELEASE_TRACK') from=${from%"-channel"} diff --git a/scripts/image_signing/set_chronos_password.sh b/scripts/image_signing/set_chronos_password.sh index a5742305..751f02b3 100755 --- a/scripts/image_signing/set_chronos_password.sh +++ b/scripts/image_signing/set_chronos_password.sh @@ -34,17 +34,19 @@ main() { exit 1 fi + local loopdev=$(loopback_partscan "${image}") local rootfs=$(make_temp_dir) if [ $# -eq 2 ]; then - mount_image_partition_ro "$image" 3 "$rootfs" + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" if ! no_chronos_password "$rootfs"; then echo "Password is already set [use --force if you'd like to update it]" exit 1 fi # Prepare for remounting read/write. - sudo umount $rootfs + sudo mount -o remount,rw "${rootfs}" + else + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" fi - mount_image_partition "$image" 3 "$rootfs" change_chronos_password "$rootfs" "$chronos_password" touch "$image" # Updates the image modification time. echo "Password Set." diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh index 9d0addd0..1e37624f 100755 --- a/scripts/image_signing/set_lsb_release.sh +++ b/scripts/image_signing/set_lsb_release.sh @@ -46,13 +46,14 @@ EOF local image=$1 shift + local loopdev=$(loopback_partscan "${image}") local rootfs=$(make_temp_dir) # If there are no key/value pairs to process, we don't need write access. if [[ $# -eq 0 ]]; then - mount_image_partition_ro "${image}" 3 "${rootfs}" + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" else - mount_image_partition "${image}" 3 "${rootfs}" + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" touch "${image}" # Updates the image modification time. fi diff --git a/scripts/image_signing/strip_boot_from_image.sh b/scripts/image_signing/strip_boot_from_image.sh index 1427d464..2971b087 100755 --- a/scripts/image_signing/strip_boot_from_image.sh +++ b/scripts/image_signing/strip_boot_from_image.sh @@ -41,7 +41,8 @@ strip_boot() { tag_as_needs_to_be_resigned "${rootfs_dir}" else # Mount image so we can modify it. - mount_image_partition ${image} 3 ${rootfs_dir} + local loopdev=$(loopback_partscan "${image}") + mount_loop_image_partition "${loopdev}" 3 "${rootfs_dir}" fi sudo rm -rf "${rootfs_dir}/boot" && diff --git a/scripts/image_signing/tag_image.sh b/scripts/image_signing/tag_image.sh index 655e132f..53afe788 100755 --- a/scripts/image_signing/tag_image.sh +++ b/scripts/image_signing/tag_image.sh @@ -194,26 +194,26 @@ if [[ -z "${IMAGE}" || ! -f "${IMAGE}" ]]; then fi # First round, mount as read-only and check if we need any modifications. +loopdev=$(loopback_partscan "${IMAGE}") rootfs=$(make_temp_dir) -mount_image_partition_ro "${IMAGE}" 3 "${rootfs}" +mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" # we don't have tags in stateful partition yet... # stateful_dir=$(make_temp_dir) -# mount_image_partition ${IMAGE} 1 ${stateful_dir} +# mount_loop_image_partition "${loopdev}" 1 "${stateful_dir}" process_all_tags "${rootfs}" ${FLAGS_FALSE} process_all_lsb_mods "${rootfs}" ${FLAGS_FALSE} if [ ${g_modified} = ${FLAGS_TRUE} ]; then - # remount as RW (we can't use mount -o rw,remount because of loop device) - sudo umount "${rootfs}" - mount_image_partition "${IMAGE}" 3 "${rootfs}" + # Remount as RW. + sudo mount -o rw,remount "${rootfs}" # second round, apply the modification to image. process_all_tags "${rootfs}" ${FLAGS_TRUE} process_all_lsb_mods "${rootfs}" ${FLAGS_TRUE} - # this is supposed to be automatically done in mount_image_partition, + # This is supposed to be automatically done in mount_loop_image_partition, # but it's no harm to explicitly make it again here. tag_as_needs_to_be_resigned "${rootfs}" echo "IMAGE IS MODIFIED. PLEASE REMEMBER TO RESIGN YOUR IMAGE." |