diff options
author | Nicholas Bishop <nicholasbishop@google.com> | 2023-03-21 18:24:09 -0400 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-03-23 16:43:02 +0000 |
commit | d5b59cc7ec723ae10161cfffd1c3a70a8caabe08 (patch) | |
tree | 4162ee03d0fb77e68385c9922cd694be0c5f1d81 | |
parent | 4976c1a60ca660d530e6dcaeb6dbd6fe4403fed7 (diff) | |
download | vboot-d5b59cc7ec723ae10161cfffd1c3a70a8caabe08.tar.gz |
sign_official_build: Fix is-reven checkstabilize-15395.B
The `get_is_reven` function added in https://crrev.com/c/4206907 was too
restrictive. When run by the signer, the board name has been modified
from "reven" to "reven-signed-mp-v2keys". Change the condition to accept
either `reven` or `reven-signed*` (note the glob). Allowing plain
"reven" is not strictly necessary, but useful for local testing.
Tested the updated function by building a reven base image, then making
variants with different CHROMEOS_RELEASE_BOARD values: "reven",
"reven-signed-mp-v2keys", and "revenator". Running
`sign_official_build.sh` on them shows that the first two are identified
as reven, and the last one is not. This can be seen by checking if
boot*.efi is signed or not, since that should not happen for reven.
BRANCH=none
BUG=b:274648121
TEST=See above
TEST=FEATURES=test emerge-reven vboot_reference
Change-Id: I099abf372b71ea3e064e91a57c5e8888de298028
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4358400
Reviewed-by: Mike Frysinger <vapier@chromium.org>
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index 896f2b13..fbc844ce 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -782,7 +782,10 @@ get_is_reven() { sudo umount "${rootfs_dir}" - if [[ "${board}" == "reven" ]]; then + # When run by the signer, the board name will look like + # "reven-signed-mp-v2keys". Also accept plain "reven" for local + # testing. + if [[ "${board}" == "reven-signed"* || "${board}" == "reven" ]]; then echo "true" else echo "false" |