summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/image_signing/sign_official_build.sh18
1 files changed, 17 insertions, 1 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index f8bf23c7..eb071273 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -45,7 +45,7 @@ set -e
# Make sure the tools we need are available.
for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \
- load_kernel_test dumpe2fs sha1sum;
+ load_kernel_test dumpe2fs sha1sum e2fsck;
do
type -P "${prereqs}" &>/dev/null || \
{ echo "${prereqs} tool not found."; exit 1; }
@@ -178,6 +178,20 @@ update_rootfs_hash() {
replace_image_partition ${image} 3 ${rootfs_image}
}
+# Do a sanity check on the image's rootfs
+# ARGS: Image
+verify_image_rootfs() {
+ local image=$1
+ local rootfs_image=$(make_temp_file)
+ extract_image_partition ${image} 3 ${rootfs_image}
+ # This flips the read-only compatibility flag, so that e2fsck does not
+ # complain about unknown file system capabilities.
+ enable_rw_mount ${rootfs_image}
+ echo "Running e2fsck to check root file system for errors"
+ sudo e2fsck -fn "${rootfs_image}" ||
+ { echo "Root file system has errors!" && exit 1;}
+}
+
# Extracts the firmware update binaries from the a firmware update
# shell ball (generated by src/platform/firmware/pack_firmware.sh)
# Args: INPUT_SCRIPT OUTPUT_DIR
@@ -306,6 +320,8 @@ EOF
echo "YES"; } || echo "NO"
set -e
+ verify_image_rootfs "${INPUT_IMAGE}"
+
# TODO(gauravsh): Check embedded firmware AU signatures.
}