diff options
| -rwxr-xr-x | scripts/image_signing/sign_official_build.sh | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh index f8bf23c7..eb071273 100755 --- a/scripts/image_signing/sign_official_build.sh +++ b/scripts/image_signing/sign_official_build.sh @@ -45,7 +45,7 @@ set -e # Make sure the tools we need are available. for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \ - load_kernel_test dumpe2fs sha1sum; + load_kernel_test dumpe2fs sha1sum e2fsck; do type -P "${prereqs}" &>/dev/null || \ { echo "${prereqs} tool not found."; exit 1; } @@ -178,6 +178,20 @@ update_rootfs_hash() { replace_image_partition ${image} 3 ${rootfs_image} } +# Do a sanity check on the image's rootfs +# ARGS: Image +verify_image_rootfs() { + local image=$1 + local rootfs_image=$(make_temp_file) + extract_image_partition ${image} 3 ${rootfs_image} + # This flips the read-only compatibility flag, so that e2fsck does not + # complain about unknown file system capabilities. + enable_rw_mount ${rootfs_image} + echo "Running e2fsck to check root file system for errors" + sudo e2fsck -fn "${rootfs_image}" || + { echo "Root file system has errors!" && exit 1;} +} + # Extracts the firmware update binaries from the a firmware update # shell ball (generated by src/platform/firmware/pack_firmware.sh) # Args: INPUT_SCRIPT OUTPUT_DIR @@ -306,6 +320,8 @@ EOF echo "YES"; } || echo "NO" set -e + verify_image_rootfs "${INPUT_IMAGE}" + # TODO(gauravsh): Check embedded firmware AU signatures. } |