commit | dc1538b017687d9f0ccb0059ffbfa83f58d12121 | [log] [tgz] |
---|---|---|
author | Robert Kolchmeyer <rkolchmeyer@google.com> | Thu Oct 07 17:33:52 2021 -0700 |
committer | Robert Kolchmeyer <rkolchmeyer@google.com> | Mon Oct 11 17:43:52 2021 +0000 |
tree | 77a84c7e5572fca14c56ed1c5df5ff7d2693da08 | |
parent | 3539c943aacc6de5b80caa4d5c1c0e1d9fab560a [diff] |
Make sure to not run the installer twice if the first time succeeds The following sequence of events is invalid: - installer runs and succeeds - we sign the drivers - installer runs again This is because, during the second run, the installer will detect that the drivers have been modified (because of the signatures), and will consider the whole install invalid. It will then try to uninstall the drivers. (aside: the error message this produces is a little confusing because of how our code uses overlayfs, but the signed drivers get uninstalled no matter what) We solve this in the code by only calling the "install libs" function when we either aren't doing legacy linking (which doesn't run the installer), or the installer failed when doing legacy linking. Typically, the installer won't run and succeed when doing legacy linking. But when module signature enforcement is disabled (like in GKE), it will succeed. TEST=Run on cos-85 with module signature enforcement disabled. Run on cos-85 with module signature enforcement enabled. Run on cos-93 with module signature enforcement enabled. Run on cos-93 with module signature enforcement disabled. Change-Id: Ideeb71377404632d645d89bb417c60b73d41c3b5 Reviewed-on: https://cos-review.googlesource.com/c/cos/tools/+/23533 Tested-by: Robert Kolchmeyer <rkolchmeyer@google.com> Cloud-Build: GCB Service account <228075978874@cloudbuild.gserviceaccount.com> Reviewed-by: Arnav Kansal <rnv@google.com>
This is a repository of various tools developed for Container-Optimized OS. Examples include cos-gpu-installer, cos-toolbox, etc.
See CONTRIBUTING.md for how to contribute.