diff options
author | Gaurav Shah <gauravsh@chromium.org> | 2010-11-24 14:49:52 -0800 |
---|---|---|
committer | Gaurav Shah <gauravsh@chromium.org> | 2010-11-24 14:49:52 -0800 |
commit | 5f500b19ba0cdc174a47a68e40f939a4ed69861c (patch) | |
tree | 69f27f73b811a9a8fd93a7012d14df4339eaf056 /scripts | |
parent | 44f34b51951eaf90be5d5d87f43c459b8b4e3094 (diff) | |
download | vboot-5f500b19ba0cdc174a47a68e40f939a4ed69861c.tar.gz |
Make sign_official_build.sh verify perform an additional rootfs sanity check using e2fsck.
This mirrors the change made for cros_make_image_bootable.
BUG=chromium-os:9578
TEST=manually ran verify on signed images including those with known rootfs corruptions.
Change-Id: I5dfdf1bfa975fbbbb4e010cd2adc6a3a7f08da15
Review URL: http://codereview.chromium.org/5367004
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index f8bf23c7..eb071273 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -45,7 +45,7 @@ set -e # Make sure the tools we need are available. for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \ - load_kernel_test dumpe2fs sha1sum; + load_kernel_test dumpe2fs sha1sum e2fsck; do type -P "${prereqs}" &>/dev/null || \ { echo "${prereqs} tool not found."; exit 1; } @@ -178,6 +178,20 @@ update_rootfs_hash() { replace_image_partition ${image} 3 ${rootfs_image} } +# Do a sanity check on the image's rootfs +# ARGS: Image +verify_image_rootfs() { + local image=$1 + local rootfs_image=$(make_temp_file) + extract_image_partition ${image} 3 ${rootfs_image} + # This flips the read-only compatibility flag, so that e2fsck does not + # complain about unknown file system capabilities. + enable_rw_mount ${rootfs_image} + echo "Running e2fsck to check root file system for errors" + sudo e2fsck -fn "${rootfs_image}" || + { echo "Root file system has errors!" && exit 1;} +} + # Extracts the firmware update binaries from the a firmware update # shell ball (generated by src/platform/firmware/pack_firmware.sh) # Args: INPUT_SCRIPT OUTPUT_DIR @@ -306,6 +320,8 @@ EOF echo "YES"; } || echo "NO" set -e + verify_image_rootfs "${INPUT_IMAGE}" + # TODO(gauravsh): Check embedded firmware AU signatures. } |