image_signing: support mounted rootfs in more scripts

Update these scripts to accept a rootfs dir as input so we don't have
to loopback+mount+umount with every invocation.  This speeds up the
overall runs.

BUG=None
TEST=scripts still work against image & rootfs dirs
BRANCH=None

Change-Id: I23050faebefd0a19e8ad44cdb76d7cc49c28e570
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923827
Reviewed-by: George Engelbrecht <engeg@google.com>

7 files changed, 79 insertions, 40 deletions

diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index 48c75af6..9e549edc 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -37,9 +37,14 @@ main() {
     # Either way, load test-expectations data from config.
     . "${configfile}" || return 1
 
-    local loopdev=$(loopback_partscan "${image}")
-    local rootfs=$(make_temp_dir)
-    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+    local loopdev rootfs
+    if [[ -d "${image}" ]]; then
+        rootfs="${image}"
+    else
+        rootfs=$(make_temp_dir)
+        loopdev=$(loopback_partscan "${image}")
+        mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+    fi
     # Pick the right set of test-expectation data to use.
     local brdvar=$(get_boardvar_from_lsb_release "${rootfs}")
     eval "release_file_blocklist=(\"\${RELEASE_FILE_BLOCKLIST_${brdvar}[@]}\")"
diff --git a/scripts/image_signing/ensure_not_ASAN.sh b/scripts/image_signing/ensure_not_ASAN.sh
index 16cc88cd..f19b1ddf 100755
--- a/scripts/image_signing/ensure_not_ASAN.sh
+++ b/scripts/image_signing/ensure_not_ASAN.sh
@@ -11,26 +11,31 @@ set -e
 . "$(dirname "$0")/common.sh"
 
 usage() {
-    echo "Usage $PROG image"
+  echo "Usage $PROG image"
 }
 
 main() {
-    if [ $# -ne 1 ]; then
-        usage
-        exit 1
-    fi
-
-    local image="$1"
-
-    local loopdev=$(loopback_partscan "${image}")
-    local rootfs=$(make_temp_dir)
+  if [[ $# -ne 1 ]]; then
+    usage
+    exit 1
+  fi
+
+  local image="$1"
+
+  local loopdev rootfs
+  if [[ -d "${image}" ]]; then
+    rootfs="${image}"
+  else
+    rootfs=$(make_temp_dir)
+    loopdev=$(loopback_partscan "${image}")
     mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
-
-    # This mirrors the check performed in the platform_ToolchainOptions
-    # autotest.
-    if readelf -s "$rootfs/opt/google/chrome/chrome" | \
-       grep -q __asan_init; then
-        exit 1
-    fi
+  fi
+
+  # This mirrors the check performed in the platform_ToolchainOptions
+  # autotest.
+  if readelf -s "$rootfs/opt/google/chrome/chrome" | \
+     grep -q __asan_init; then
+    exit 1
+  fi
 }
 main "$@"
diff --git a/scripts/image_signing/ensure_update_verification.sh b/scripts/image_signing/ensure_update_verification.sh
index c72b0f6e..e3929c50 100755
--- a/scripts/image_signing/ensure_update_verification.sh
+++ b/scripts/image_signing/ensure_update_verification.sh
@@ -23,10 +23,16 @@ main() {
   fi
 
   local image=$1
-  local loopdev=$(loopback_partscan "${image}")
-  local rootfs=$(make_temp_dir)
+
+  local loopdev rootfs
+  if [[ -d "${image}" ]]; then
+    rootfs="${image}"
+  else
+    rootfs=$(make_temp_dir)
+    loopdev=$(loopback_partscan "${image}")
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+  fi
   local key_location="/usr/share/update_engine/update-payload-key.pub.pem"
-  mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
   if [ ! -e "$rootfs/$key_location" ]; then
     die "Update payload verification key not found at $key_location"
   fi
diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh
index 9d1597de..fe0dbcc3 100755
--- a/scripts/image_signing/insert_au_publickey.sh
+++ b/scripts/image_signing/insert_au_publickey.sh
@@ -21,10 +21,17 @@ Installs the update verification public key <au_public_key.pem> to <image.bin>.
 EOF
     exit 1
   fi
-  local loopdev=$(loopback_partscan "${image}")
-  local rootfs=$(make_temp_dir)
+
+  local loopdev rootfs
+  if [[ -d "${image}" ]]; then
+    rootfs="${image}"
+  else
+    rootfs=$(make_temp_dir)
+    loopdev=$(loopback_partscan "${image}")
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+  fi
+
   local key_location="/usr/share/update_engine/"
-  mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
   sudo mkdir -p "$rootfs/$key_location"
   sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem"
   sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem"
diff --git a/scripts/image_signing/set_channel.sh b/scripts/image_signing/set_channel.sh
index dc212465..d4e64ad3 100755
--- a/scripts/image_signing/set_channel.sh
+++ b/scripts/image_signing/set_channel.sh
@@ -26,10 +26,14 @@ main() {
   local to=$2
   local loopdev rootfs lsb
 
-  loopdev=$(loopback_partscan "${image}")
-  rootfs=$(make_temp_dir)
+  if [[ -d "${image}" ]]; then
+    rootfs="${image}"
+  else
+    rootfs=$(make_temp_dir)
+    loopdev=$(loopback_partscan "${image}")
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+  fi
   lsb="${rootfs}/etc/lsb-release"
-  mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
   # Get the current channel on the image.
   local from=$(lsbval "${lsb}" 'CHROMEOS_RELEASE_TRACK')
   from=${from%"-channel"}
diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh
index 5b669120..55c16537 100755
--- a/scripts/image_signing/set_lsb_release.sh
+++ b/scripts/image_signing/set_lsb_release.sh
@@ -52,14 +52,20 @@ EOF
 
   local image=$1
   shift
-  local loopdev=$(loopback_partscan "${image}")
-  local rootfs=$(make_temp_dir)
+  local loopdev rootfs
 
-  if ${ro}; then
-    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+  if [[ -d "${image}" ]]; then
+    rootfs="${image}"
   else
-    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
-    touch "${image}"  # Updates the image modification time.
+    rootfs=$(make_temp_dir)
+    loopdev=$(loopback_partscan "${image}")
+
+    if ${ro}; then
+      mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+    else
+      mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+      touch "${image}"  # Updates the image modification time.
+    fi
   fi
 
   # Process all the key/value pairs.
diff --git a/scripts/image_signing/tag_image.sh b/scripts/image_signing/tag_image.sh
index 8a010121..fb9492e7 100755
--- a/scripts/image_signing/tag_image.sh
+++ b/scripts/image_signing/tag_image.sh
@@ -196,9 +196,13 @@ if [[ -z "${IMAGE}" || ! -f "${IMAGE}" ]]; then
 fi
 
 # First round, mount as read-only and check if we need any modifications.
-loopdev=$(loopback_partscan "${IMAGE}")
-rootfs=$(make_temp_dir)
-mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+if [[ -d "${IMAGE}" ]]; then
+  rootfs="${IMAGE}"
+else
+  loopdev=$(loopback_partscan "${IMAGE}")
+  rootfs=$(make_temp_dir)
+  mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+fi
 
 # we don't have tags in stateful partition yet...
 # stateful_dir=$(make_temp_dir)
@@ -210,8 +214,10 @@ process_all_lsb_mods "${rootfs}" ${FLAGS_FALSE}
 if [ ${g_modified} = ${FLAGS_TRUE} ]; then
   # Remount as RW.  We can't use `mount -o rw,remount` because of the bits in
   # the ext4 header we've set to block that.  See enable_rw_mount for details.
-  sudo umount "${rootfs}"
-  mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+  if [[ ! -d "${IMAGE}" ]]; then
+    sudo umount "${rootfs}"
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+  fi
 
   # second round, apply the modification to image.
   process_all_tags "${rootfs}" ${FLAGS_TRUE}