diff options
author | Mike Frysinger <vapier@chromium.org> | 2021-05-28 03:55:09 -0400 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-06-05 09:08:22 +0000 |
commit | e1b08d4312a514b2d29ae0db51a699c1a1d96fba (patch) | |
tree | 270c78ac6300619f69954a70096c925f8c7cf8e7 /scripts | |
parent | 2eed98d9763552563e2320f372dc7e790729518b (diff) | |
download | vboot-e1b08d4312a514b2d29ae0db51a699c1a1d96fba.tar.gz |
image_signing: support mounted rootfs in more scripts
Update these scripts to accept a rootfs dir as input so we don't have
to loopback+mount+umount with every invocation. This speeds up the
overall runs.
BUG=None
TEST=scripts still work against image & rootfs dirs
BRANCH=None
Change-Id: I23050faebefd0a19e8ad44cdb76d7cc49c28e570
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923827
Reviewed-by: George Engelbrecht <engeg@google.com>
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/image_signing/ensure_no_nonrelease_files.sh | 11 | ||||
-rwxr-xr-x | scripts/image_signing/ensure_not_ASAN.sh | 39 | ||||
-rwxr-xr-x | scripts/image_signing/ensure_update_verification.sh | 12 | ||||
-rwxr-xr-x | scripts/image_signing/insert_au_publickey.sh | 13 | ||||
-rwxr-xr-x | scripts/image_signing/set_channel.sh | 10 | ||||
-rwxr-xr-x | scripts/image_signing/set_lsb_release.sh | 18 | ||||
-rwxr-xr-x | scripts/image_signing/tag_image.sh | 16 |
7 files changed, 79 insertions, 40 deletions
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh index 48c75af6..9e549edc 100755 --- a/scripts/image_signing/ensure_no_nonrelease_files.sh +++ b/scripts/image_signing/ensure_no_nonrelease_files.sh @@ -37,9 +37,14 @@ main() { # Either way, load test-expectations data from config. . "${configfile}" || return 1 - local loopdev=$(loopback_partscan "${image}") - local rootfs=$(make_temp_dir) - mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" + local loopdev rootfs + if [[ -d "${image}" ]]; then + rootfs="${image}" + else + rootfs=$(make_temp_dir) + loopdev=$(loopback_partscan "${image}") + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" + fi # Pick the right set of test-expectation data to use. local brdvar=$(get_boardvar_from_lsb_release "${rootfs}") eval "release_file_blocklist=(\"\${RELEASE_FILE_BLOCKLIST_${brdvar}[@]}\")" diff --git a/scripts/image_signing/ensure_not_ASAN.sh b/scripts/image_signing/ensure_not_ASAN.sh index 16cc88cd..f19b1ddf 100755 --- a/scripts/image_signing/ensure_not_ASAN.sh +++ b/scripts/image_signing/ensure_not_ASAN.sh @@ -11,26 +11,31 @@ set -e . "$(dirname "$0")/common.sh" usage() { - echo "Usage $PROG image" + echo "Usage $PROG image" } main() { - if [ $# -ne 1 ]; then - usage - exit 1 - fi - - local image="$1" - - local loopdev=$(loopback_partscan "${image}") - local rootfs=$(make_temp_dir) + if [[ $# -ne 1 ]]; then + usage + exit 1 + fi + + local image="$1" + + local loopdev rootfs + if [[ -d "${image}" ]]; then + rootfs="${image}" + else + rootfs=$(make_temp_dir) + loopdev=$(loopback_partscan "${image}") mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" - - # This mirrors the check performed in the platform_ToolchainOptions - # autotest. - if readelf -s "$rootfs/opt/google/chrome/chrome" | \ - grep -q __asan_init; then - exit 1 - fi + fi + + # This mirrors the check performed in the platform_ToolchainOptions + # autotest. + if readelf -s "$rootfs/opt/google/chrome/chrome" | \ + grep -q __asan_init; then + exit 1 + fi } main "$@" diff --git a/scripts/image_signing/ensure_update_verification.sh b/scripts/image_signing/ensure_update_verification.sh index c72b0f6e..e3929c50 100755 --- a/scripts/image_signing/ensure_update_verification.sh +++ b/scripts/image_signing/ensure_update_verification.sh @@ -23,10 +23,16 @@ main() { fi local image=$1 - local loopdev=$(loopback_partscan "${image}") - local rootfs=$(make_temp_dir) + + local loopdev rootfs + if [[ -d "${image}" ]]; then + rootfs="${image}" + else + rootfs=$(make_temp_dir) + loopdev=$(loopback_partscan "${image}") + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" + fi local key_location="/usr/share/update_engine/update-payload-key.pub.pem" - mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" if [ ! -e "$rootfs/$key_location" ]; then die "Update payload verification key not found at $key_location" fi diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh index 9d1597de..fe0dbcc3 100755 --- a/scripts/image_signing/insert_au_publickey.sh +++ b/scripts/image_signing/insert_au_publickey.sh @@ -21,10 +21,17 @@ Installs the update verification public key <au_public_key.pem> to <image.bin>. EOF exit 1 fi - local loopdev=$(loopback_partscan "${image}") - local rootfs=$(make_temp_dir) + + local loopdev rootfs + if [[ -d "${image}" ]]; then + rootfs="${image}" + else + rootfs=$(make_temp_dir) + loopdev=$(loopback_partscan "${image}") + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" + fi + local key_location="/usr/share/update_engine/" - mount_loop_image_partition "${loopdev}" 3 "${rootfs}" sudo mkdir -p "$rootfs/$key_location" sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem" sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem" diff --git a/scripts/image_signing/set_channel.sh b/scripts/image_signing/set_channel.sh index dc212465..d4e64ad3 100755 --- a/scripts/image_signing/set_channel.sh +++ b/scripts/image_signing/set_channel.sh @@ -26,10 +26,14 @@ main() { local to=$2 local loopdev rootfs lsb - loopdev=$(loopback_partscan "${image}") - rootfs=$(make_temp_dir) + if [[ -d "${image}" ]]; then + rootfs="${image}" + else + rootfs=$(make_temp_dir) + loopdev=$(loopback_partscan "${image}") + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" + fi lsb="${rootfs}/etc/lsb-release" - mount_loop_image_partition "${loopdev}" 3 "${rootfs}" # Get the current channel on the image. local from=$(lsbval "${lsb}" 'CHROMEOS_RELEASE_TRACK') from=${from%"-channel"} diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh index 5b669120..55c16537 100755 --- a/scripts/image_signing/set_lsb_release.sh +++ b/scripts/image_signing/set_lsb_release.sh @@ -52,14 +52,20 @@ EOF local image=$1 shift - local loopdev=$(loopback_partscan "${image}") - local rootfs=$(make_temp_dir) + local loopdev rootfs - if ${ro}; then - mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" + if [[ -d "${image}" ]]; then + rootfs="${image}" else - mount_loop_image_partition "${loopdev}" 3 "${rootfs}" - touch "${image}" # Updates the image modification time. + rootfs=$(make_temp_dir) + loopdev=$(loopback_partscan "${image}") + + if ${ro}; then + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" + else + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" + touch "${image}" # Updates the image modification time. + fi fi # Process all the key/value pairs. diff --git a/scripts/image_signing/tag_image.sh b/scripts/image_signing/tag_image.sh index 8a010121..fb9492e7 100755 --- a/scripts/image_signing/tag_image.sh +++ b/scripts/image_signing/tag_image.sh @@ -196,9 +196,13 @@ if [[ -z "${IMAGE}" || ! -f "${IMAGE}" ]]; then fi # First round, mount as read-only and check if we need any modifications. -loopdev=$(loopback_partscan "${IMAGE}") -rootfs=$(make_temp_dir) -mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" +if [[ -d "${IMAGE}" ]]; then + rootfs="${IMAGE}" +else + loopdev=$(loopback_partscan "${IMAGE}") + rootfs=$(make_temp_dir) + mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}" +fi # we don't have tags in stateful partition yet... # stateful_dir=$(make_temp_dir) @@ -210,8 +214,10 @@ process_all_lsb_mods "${rootfs}" ${FLAGS_FALSE} if [ ${g_modified} = ${FLAGS_TRUE} ]; then # Remount as RW. We can't use `mount -o rw,remount` because of the bits in # the ext4 header we've set to block that. See enable_rw_mount for details. - sudo umount "${rootfs}" - mount_loop_image_partition "${loopdev}" 3 "${rootfs}" + if [[ ! -d "${IMAGE}" ]]; then + sudo umount "${rootfs}" + mount_loop_image_partition "${loopdev}" 3 "${rootfs}" + fi # second round, apply the modification to image. process_all_tags "${rootfs}" ${FLAGS_TRUE} |