From 7a3a4676672525231c38612e6c8a820305d99de5 Mon Sep 17 00:00:00 2001
From: Don Garrett <dgarrett@google.com>
Date: Tue, 2 Jul 2013 17:17:51 -0700
Subject: Add a script to remove /boot and its contents from an image.

This is a helper script intended for the signing servers to use to strip
out the /boot directory from images just before signing.

BUG=chromium:210352
TEST=Manually used to strip and image and validated the results.
BRANCH=None

Change-Id: I814522284143d8f90651e13000d428718aeca1e4
Reviewed-on: https://gerrit.chromium.org/gerrit/60828
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Don Garrett <dgarrett@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
---
 scripts/image_signing/sign_official_build.sh   |  5 ++
 scripts/image_signing/strip_boot_from_image.sh | 65 ++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100755 scripts/image_signing/strip_boot_from_image.sh

diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index 53b94832..d7bc4d02 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -692,6 +692,7 @@ echo "Using kernel version: ${KERNEL_VERSION}"
 if [ "${TYPE}" == "ssd" ]; then
   cp ${INPUT_IMAGE} ${OUTPUT_IMAGE}
   resign_firmware_payload ${OUTPUT_IMAGE}
+  "${SCRIPT_DIR}/strip_boot_from_image.sh" --image "${OUTPUT_IMAGE}"
   update_rootfs_hash ${OUTPUT_IMAGE} \
     ${KEY_DIR}/kernel.keyblock \
     ${KEY_DIR}/kernel_data_key.vbprivk \
@@ -700,6 +701,7 @@ if [ "${TYPE}" == "ssd" ]; then
 elif [ "${TYPE}" == "usb" ]; then
   cp ${INPUT_IMAGE} ${OUTPUT_IMAGE}
   resign_firmware_payload ${OUTPUT_IMAGE}
+  "${SCRIPT_DIR}/strip_boot_from_image.sh" --image "${OUTPUT_IMAGE}"
   update_rootfs_hash ${OUTPUT_IMAGE} \
     ${KEY_DIR}/recovery_kernel.keyblock \
     ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
@@ -708,6 +710,7 @@ elif [ "${TYPE}" == "usb" ]; then
 elif [ "${TYPE}" == "recovery" ]; then
   cp ${INPUT_IMAGE} ${OUTPUT_IMAGE}
   resign_firmware_payload ${OUTPUT_IMAGE}
+  "${SCRIPT_DIR}/strip_boot_from_image.sh" --image "${OUTPUT_IMAGE}"
   # Both kernel command lines must have the correct rootfs hash
   update_rootfs_hash ${OUTPUT_IMAGE} \
     ${KEY_DIR}/recovery_kernel.keyblock \
@@ -721,6 +724,8 @@ elif [ "${TYPE}" == "recovery" ]; then
 elif [ "${TYPE}" == "factory" ] || [ "${TYPE}" == "install" ]; then
   cp ${INPUT_IMAGE} ${OUTPUT_IMAGE}
   resign_firmware_payload ${OUTPUT_IMAGE}
+  # We do NOT strip /boot for factory, since some factory images need it
+  # to boot EFI. crosbug.com/260512 would obsolete this requirement.
   update_rootfs_hash ${OUTPUT_IMAGE} \
     ${KEY_DIR}/installer_kernel.keyblock \
     ${KEY_DIR}/installer_kernel_data_key.vbprivk \
diff --git a/scripts/image_signing/strip_boot_from_image.sh b/scripts/image_signing/strip_boot_from_image.sh
new file mode 100755
index 00000000..dcbdf05d
--- /dev/null
+++ b/scripts/image_signing/strip_boot_from_image.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Script to remove /boot directory from an image.
+
+# Load common constants.  This should be the first executable line.
+# The path to common.sh should be relative to your script's location.
+. "$(dirname "$0")/common.sh"
+
+load_shflags
+
+DEFINE_string image "chromiumos_image.bin" \
+  "Input file name of Chrome OS image to strip /boot from."
+
+# Parse command line.
+FLAGS "$@" || exit 1
+eval set -- "${FLAGS_ARGV}"
+
+# Abort on error.
+set -e
+
+if [ -z "${FLAGS_image}" ] || [ ! -s "${FLAGS_image}" ] ; then
+  die "Error: need a valid file by --image"
+fi
+
+# Swiped/modifed from $SRC/src/scripts/base_library/base_image_util.sh.
+zero_free_space() {
+  local rootfs="$1"
+
+  echo "Zeroing freespace in ${rootfs}"
+  # dd is a silly thing and will produce a "No space left on device" message
+  # that cannot be turned off and is confusing to unsuspecting victims.
+  ( sudo dd if=/dev/zero of="${rootfs}/filler" bs=4096 conv=fdatasync \
+      status=noxfer || true ) 2>&1 | grep -v "No space left on device"
+  sudo rm "${rootfs}/filler"
+}
+
+
+strip_boot() {
+  local image=$1
+
+  # Mount image so we can modify it.
+  local rootfs_dir=$(make_temp_dir)
+  mount_image_partition ${image} 3 ${rootfs_dir}
+
+  sudo rm -rf "${rootfs_dir}/boot" &&
+    echo "/boot directory was removed."
+
+  # To prevent the files we just removed from the FS from remaining as non-
+  # zero trash blocks that bloat payload sizes, need to zero them. This was
+  # done when the image was built, but needs to be repeated now that we've
+  # modified it in a non-trivial way.
+  zero_free_space "${rootfs_dir}"
+}
+
+
+IMAGE=$(readlink -f "${FLAGS_image}")
+if [[ -z "${IMAGE}" || ! -f "${IMAGE}" ]]; then
+  die "Missing required argument: --from (image to update)"
+fi
+
+strip_boot "${IMAGE}"
-- 
cgit v1.2.1