From 58c626a47675f1c8b2d85c3cc93b0b8473b9d683 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Wed, 13 Mar 2019 17:02:40 -0400
Subject: image_signing: switch to loopdevs directly

Newer kernels seem to be buggy when using loop mounts with offsets.
Switch to using `losetup -P` everywhere as that doesn't seem to run
into the bug.

BUG=chromium:938958
TEST=precq passes & signing unittests pass
BRANCH=None

Change-Id: I3c35436708d0a4b2c5c1900406503e753f88a53c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1521065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
---
 scripts/image_signing/ensure_no_nonrelease_files.sh |  3 ++-
 scripts/image_signing/ensure_no_password.sh         |  5 +++--
 scripts/image_signing/ensure_not_ASAN.sh            |  3 ++-
 scripts/image_signing/ensure_sane_lsb-release.sh    |  5 +++--
 scripts/image_signing/ensure_update_verification.sh |  3 ++-
 scripts/image_signing/insert_au_publickey.sh        |  3 ++-
 scripts/image_signing/insert_container_publickey.sh |  4 +++-
 scripts/image_signing/remove_test_label.sh          |  3 ++-
 scripts/image_signing/set_channel.sh                |  5 +++--
 scripts/image_signing/set_chronos_password.sh       |  8 +++++---
 scripts/image_signing/set_lsb_release.sh            |  5 +++--
 scripts/image_signing/strip_boot_from_image.sh      |  3 ++-
 scripts/image_signing/tag_image.sh                  | 12 ++++++------
 13 files changed, 38 insertions(+), 24 deletions(-)

diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index e83a2ba8..4426d840 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -37,8 +37,9 @@ main() {
     # Either way, load test-expectations data from config.
     . "${configfile}" || return 1
 
+    local loopdev=$(loopback_partscan "${image}")
     local rootfs=$(make_temp_dir)
-    mount_image_partition_ro "${image}" 3 "${rootfs}"
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
     # Pick the right set of test-expectation data to use.
     local boardvar=$(get_boardvar_from_lsb_release "${rootfs}")
     eval "release_file_blacklist=(\"\${RELEASE_FILE_BLACKLIST_${boardvar}[@]}\")"
diff --git a/scripts/image_signing/ensure_no_password.sh b/scripts/image_signing/ensure_no_password.sh
index de01f92a..5df68456 100755
--- a/scripts/image_signing/ensure_no_password.sh
+++ b/scripts/image_signing/ensure_no_password.sh
@@ -18,12 +18,13 @@ main() {
 
   local image="$1"
 
-  local rootfs
+  local loopdev rootfs
   if [[ -d "${image}" ]]; then
     rootfs="${image}"
   else
     rootfs=$(make_temp_dir)
-    mount_image_partition_ro "${image}" 3 "${rootfs}"
+    loopdev=$(loopback_partscan "${image}")
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
   fi
 
   if ! no_chronos_password "${rootfs}"; then
diff --git a/scripts/image_signing/ensure_not_ASAN.sh b/scripts/image_signing/ensure_not_ASAN.sh
index 5ea51660..16cc88cd 100755
--- a/scripts/image_signing/ensure_not_ASAN.sh
+++ b/scripts/image_signing/ensure_not_ASAN.sh
@@ -22,8 +22,9 @@ main() {
 
     local image="$1"
 
+    local loopdev=$(loopback_partscan "${image}")
     local rootfs=$(make_temp_dir)
-    mount_image_partition_ro "$image" 3 "$rootfs"
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
 
     # This mirrors the check performed in the platform_ToolchainOptions
     # autotest.
diff --git a/scripts/image_signing/ensure_sane_lsb-release.sh b/scripts/image_signing/ensure_sane_lsb-release.sh
index 9ff7c1c2..a42866a3 100755
--- a/scripts/image_signing/ensure_sane_lsb-release.sh
+++ b/scripts/image_signing/ensure_sane_lsb-release.sh
@@ -115,14 +115,15 @@ main() {
   info "Loading config from ${configfile}"
   . "$configfile" || return 1
 
-  local rootfs
+  local loopdev rootfs
   if [[ -d "${image}" ]]; then
     # We're given a mounted rootfs.
     rootfs="${image}"
   else
     # Mount the disk image.
+    loopdev=$(loopback_partscan "${image}")
     rootfs=$(make_temp_dir)
-    mount_image_partition_ro "$image" 3 "$rootfs"
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
   fi
   local lsb="$rootfs/$LSB_FILE"
 
diff --git a/scripts/image_signing/ensure_update_verification.sh b/scripts/image_signing/ensure_update_verification.sh
index 34fb2cb3..c72b0f6e 100755
--- a/scripts/image_signing/ensure_update_verification.sh
+++ b/scripts/image_signing/ensure_update_verification.sh
@@ -23,9 +23,10 @@ main() {
   fi
 
   local image=$1
+  local loopdev=$(loopback_partscan "${image}")
   local rootfs=$(make_temp_dir)
   local key_location="/usr/share/update_engine/update-payload-key.pub.pem"
-  mount_image_partition_ro "$image" 3 "$rootfs"
+  mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
   if [ ! -e "$rootfs/$key_location" ]; then
     die "Update payload verification key not found at $key_location"
   fi
diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh
index d0ee9607..9d1597de 100755
--- a/scripts/image_signing/insert_au_publickey.sh
+++ b/scripts/image_signing/insert_au_publickey.sh
@@ -21,9 +21,10 @@ Installs the update verification public key <au_public_key.pem> to <image.bin>.
 EOF
     exit 1
   fi
+  local loopdev=$(loopback_partscan "${image}")
   local rootfs=$(make_temp_dir)
   local key_location="/usr/share/update_engine/"
-  mount_image_partition "$image" 3 "$rootfs"
+  mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
   sudo mkdir -p "$rootfs/$key_location"
   sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem"
   sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem"
diff --git a/scripts/image_signing/insert_container_publickey.sh b/scripts/image_signing/insert_container_publickey.sh
index 0b9348e8..606a2911 100755
--- a/scripts/image_signing/insert_container_publickey.sh
+++ b/scripts/image_signing/insert_container_publickey.sh
@@ -29,14 +29,16 @@ main() {
 
   local image="$1"
   local pub_key="$2"
+  local loopdev
   local rootfs
   local key_location="/usr/share/misc/"
 
   if [[ -d "${image}" ]]; then
     rootfs="${image}"
   else
+    loopdev=$(loopback_partscan "${image}")
     rootfs=$(make_temp_dir)
-    mount_image_partition "${image}" 3 "${rootfs}"
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
   fi
 
   # Imageloader likes DER as a runtime format as it's easier to read.
diff --git a/scripts/image_signing/remove_test_label.sh b/scripts/image_signing/remove_test_label.sh
index 6423e390..2df7c02d 100755
--- a/scripts/image_signing/remove_test_label.sh
+++ b/scripts/image_signing/remove_test_label.sh
@@ -13,6 +13,7 @@
 set -e
 image=$1
 
+loopdev=$(loopback_partscan "${image}")
 rootfs=$(make_temp_dir)
-mount_image_partition ${image} 3 ${rootfs}
+mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
 sed -i 's/test//' "${rootfs}/etc/lsb-release"
diff --git a/scripts/image_signing/set_channel.sh b/scripts/image_signing/set_channel.sh
index a3bd4f97..0ab4ef16 100755
--- a/scripts/image_signing/set_channel.sh
+++ b/scripts/image_signing/set_channel.sh
@@ -24,11 +24,12 @@ fi
 main() {
   local image=$1
   local to=$2
-  local rootfs lsb
+  local loopdev rootfs lsb
 
+  loopdev=$(loopback_partscan "${image}")
   rootfs=$(make_temp_dir)
   lsb="${rootfs}/etc/lsb-release"
-  mount_image_partition "${image}" 3 "${rootfs}"
+  mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
   # Get the current channel on the image.
   local from=$(lsbval "${lsb}" 'CHROMEOS_RELEASE_TRACK')
   from=${from%"-channel"}
diff --git a/scripts/image_signing/set_chronos_password.sh b/scripts/image_signing/set_chronos_password.sh
index a5742305..751f02b3 100755
--- a/scripts/image_signing/set_chronos_password.sh
+++ b/scripts/image_signing/set_chronos_password.sh
@@ -34,17 +34,19 @@ main() {
     exit 1
   fi
 
+  local loopdev=$(loopback_partscan "${image}")
   local rootfs=$(make_temp_dir)
   if [ $# -eq 2 ]; then
-    mount_image_partition_ro "$image" 3 "$rootfs"
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
     if ! no_chronos_password "$rootfs"; then
       echo "Password is already set [use --force if you'd like to update it]"
       exit 1
     fi
     # Prepare for remounting read/write.
-    sudo umount $rootfs
+    sudo mount -o remount,rw "${rootfs}"
+  else
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
   fi
-  mount_image_partition "$image" 3 "$rootfs"
   change_chronos_password "$rootfs" "$chronos_password"
   touch "$image"  # Updates the image modification time.
   echo "Password Set."
diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh
index 9d0addd0..1e37624f 100755
--- a/scripts/image_signing/set_lsb_release.sh
+++ b/scripts/image_signing/set_lsb_release.sh
@@ -46,13 +46,14 @@ EOF
 
   local image=$1
   shift
+  local loopdev=$(loopback_partscan "${image}")
   local rootfs=$(make_temp_dir)
 
   # If there are no key/value pairs to process, we don't need write access.
   if [[ $# -eq 0 ]]; then
-    mount_image_partition_ro "${image}" 3 "${rootfs}"
+    mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
   else
-    mount_image_partition "${image}" 3 "${rootfs}"
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
     touch "${image}"  # Updates the image modification time.
   fi
 
diff --git a/scripts/image_signing/strip_boot_from_image.sh b/scripts/image_signing/strip_boot_from_image.sh
index 1427d464..2971b087 100755
--- a/scripts/image_signing/strip_boot_from_image.sh
+++ b/scripts/image_signing/strip_boot_from_image.sh
@@ -41,7 +41,8 @@ strip_boot() {
     tag_as_needs_to_be_resigned "${rootfs_dir}"
   else
     # Mount image so we can modify it.
-    mount_image_partition ${image} 3 ${rootfs_dir}
+    local loopdev=$(loopback_partscan "${image}")
+    mount_loop_image_partition "${loopdev}" 3 "${rootfs_dir}"
   fi
 
   sudo rm -rf "${rootfs_dir}/boot" &&
diff --git a/scripts/image_signing/tag_image.sh b/scripts/image_signing/tag_image.sh
index 655e132f..53afe788 100755
--- a/scripts/image_signing/tag_image.sh
+++ b/scripts/image_signing/tag_image.sh
@@ -194,26 +194,26 @@ if [[ -z "${IMAGE}" || ! -f "${IMAGE}" ]]; then
 fi
 
 # First round, mount as read-only and check if we need any modifications.
+loopdev=$(loopback_partscan "${IMAGE}")
 rootfs=$(make_temp_dir)
-mount_image_partition_ro "${IMAGE}" 3 "${rootfs}"
+mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
 
 # we don't have tags in stateful partition yet...
 # stateful_dir=$(make_temp_dir)
-# mount_image_partition ${IMAGE} 1 ${stateful_dir}
+# mount_loop_image_partition "${loopdev}" 1 "${stateful_dir}"
 
 process_all_tags "${rootfs}" ${FLAGS_FALSE}
 process_all_lsb_mods "${rootfs}" ${FLAGS_FALSE}
 
 if [ ${g_modified} = ${FLAGS_TRUE} ]; then
-  # remount as RW (we can't use mount -o rw,remount because of loop device)
-  sudo umount "${rootfs}"
-  mount_image_partition "${IMAGE}" 3 "${rootfs}"
+  # Remount as RW.
+  sudo mount -o rw,remount "${rootfs}"
 
   # second round, apply the modification to image.
   process_all_tags "${rootfs}" ${FLAGS_TRUE}
   process_all_lsb_mods "${rootfs}" ${FLAGS_TRUE}
 
-  # this is supposed to be automatically done in mount_image_partition,
+  # This is supposed to be automatically done in mount_loop_image_partition,
   # but it's no harm to explicitly make it again here.
   tag_as_needs_to_be_resigned "${rootfs}"
   echo "IMAGE IS MODIFIED. PLEASE REMEMBER TO RESIGN YOUR IMAGE."
-- 
cgit v1.2.1