diff options
author | Jim Hebert <jimhebert@chromium.org> | 2012-08-02 09:55:27 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-08-07 14:28:01 -0700 |
commit | 61ed188e9585db538f2686f3e62365156c8d7363 (patch) | |
tree | 05dacdecb303263212b85b6d72d5ff375112c0f6 /scripts/image_signing | |
parent | f217520215e7e3d2f5ca006992ab5002927c4f87 (diff) | |
download | vboot-61ed188e9585db538f2686f3e62365156c8d7363.tar.gz |
Extend "non-release" check to session manager use-flags.
Since we've moved away from flag-files in session manager to
enable certain dev/test-mode features, our strategy of checking
for those flag files on the signer fell behind. This test adopts
a scheme that any use flag starting with "test_" or "dangerous_"
is blacklisted from release signing.
BUG=chromium-os:32430
TEST=ran the script against both a 'base' and 'test' image
from the builder/ToT. Passes/fails as expected.
Change-Id: I54d6ef17d52371c7543d5705e0939e000db85e51
Reviewed-on: https://gerrit.chromium.org/gerrit/29034
Reviewed-by: Chris Masone <cmasone@chromium.org>
Tested-by: Jim Hebert <jimhebert@chromium.org>
Commit-Ready: Jim Hebert <jimhebert@chromium.org>
Diffstat (limited to 'scripts/image_signing')
-rwxr-xr-x | scripts/image_signing/ensure_no_nonrelease_files.sh | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh index bc38a57f..5a07248e 100755 --- a/scripts/image_signing/ensure_no_nonrelease_files.sh +++ b/scripts/image_signing/ensure_no_nonrelease_files.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. +# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. @@ -48,6 +48,18 @@ main() { fi done + # Some things which used to be flag-files, checked-for by this + # test, are now tracked as use-flags. + local useflag_path="$rootfs/etc/session_manager_use_flags.txt" + for prefix in dangerous_ test_; do + local matches=$(grep "^$prefix" "$useflag_path") + if [ -n "$matches" ]; then + echo "FAIL: Found non-release use flags in $useflag_path:" + echo "$matches" + testfail=1 + fi + done + exit $testfail } main "$@" |