commit 2eed98d9763552563e2320f372dc7e790729518b
author Mike Frysinger <vapier@chromium.org> Fri May 28 03:49:34 2021 -0400
committer Commit Bot <commit-bot@chromium.org> Fri Jun 04 21:31:16 2021 +0000
tree df16939caed5f5a77a81c6038f20631da6cc8cfe
parent 85e5e9dcf2dca0f3589161ad231b0d4053102c05

image_signing: set_lsb_release: simplify file rewriting

Collapse the 4 sudo calls & temporary file into a single call.
This is a bit easier to read and is faster as a result.

We can also hoist the selinux restore to do it only once at the
end if we modified the file.

BUG=None
TEST=set_lsb_release.sh on an image still works
BRANCH=None

Change-Id: I300cf47d017d159d762a62fe2aab789ce391f89a
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923826
Reviewed-by: George Engelbrecht <engeg@google.com>

scripts/image_signing/set_lsb_release.sh

diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh
index e847abb..5b66912 100755
--- a/scripts/image_signing/set_lsb_release.sh
+++ b/scripts/image_signing/set_lsb_release.sh
@@ -11,15 +11,17 @@
 
 set_lsb_release_keyval() {
   local rootfs=$1
+  local lsb="${rootfs}/etc/lsb-release"
   local key=$2
   local value=$3
-  local temp_lsb_release="$rootfs/etc/temp-lsb-release"
-  echo "$key=$value" | sudo tee "$temp_lsb_release" > /dev/null
-  grep -Ev "^$key=" "$rootfs/etc/lsb-release" \
-    | sudo tee -a "$temp_lsb_release" > /dev/null
-  sudo sort -o "$rootfs/etc/lsb-release" "$temp_lsb_release"
-  sudo rm -f "$temp_lsb_release"
-  restore_lsb_selinux "$rootfs/etc/lsb-release"
+  local data
+  data=$(
+    (
+    grep -Ev "^${key}=" "${lsb}"
+    echo "${key}=${value}"
+    ) | sort
+  )
+  sudo tee "${lsb}" <<<"${data}" >/dev/null
 }
 
 main() {
@@ -45,13 +47,15 @@
     exit 1
   fi
 
+  # If there are no key/value pairs to process, we don't need write access.
+  local ro=$([[ $# -eq 0 ]] && echo true || echo false)
+
   local image=$1
   shift
   local loopdev=$(loopback_partscan "${image}")
   local rootfs=$(make_temp_dir)
 
-  # If there are no key/value pairs to process, we don't need write access.
-  if [[ $# -eq 0 ]]; then
+  if ${ro}; then
     mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
   else
     mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
@@ -65,6 +69,9 @@
     shift 2
     set_lsb_release_keyval "${rootfs}" "${key}" "${value}"
   done
+  if ! ${ro}; then
+    restore_lsb_selinux "${rootfs}/etc/lsb-release"
+  fi
 
   # Dump the final state.
   cat "${rootfs}/etc/lsb-release"