image_signing: support mounted rootfs in more scripts
Update these scripts to accept a rootfs dir as input so we don't have
to loopback+mount+umount with every invocation. This speeds up the
overall runs.
BUG=None
TEST=scripts still work against image & rootfs dirs
BRANCH=None
Change-Id: I23050faebefd0a19e8ad44cdb76d7cc49c28e570
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2923827
Reviewed-by: George Engelbrecht <engeg@google.com>
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index 48c75af..9e549ed 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -37,9 +37,14 @@
# Either way, load test-expectations data from config.
. "${configfile}" || return 1
- local loopdev=$(loopback_partscan "${image}")
- local rootfs=$(make_temp_dir)
- mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+ local loopdev rootfs
+ if [[ -d "${image}" ]]; then
+ rootfs="${image}"
+ else
+ rootfs=$(make_temp_dir)
+ loopdev=$(loopback_partscan "${image}")
+ mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+ fi
# Pick the right set of test-expectation data to use.
local brdvar=$(get_boardvar_from_lsb_release "${rootfs}")
eval "release_file_blocklist=(\"\${RELEASE_FILE_BLOCKLIST_${brdvar}[@]}\")"
diff --git a/scripts/image_signing/ensure_not_ASAN.sh b/scripts/image_signing/ensure_not_ASAN.sh
index 16cc88c..f19b1dd 100755
--- a/scripts/image_signing/ensure_not_ASAN.sh
+++ b/scripts/image_signing/ensure_not_ASAN.sh
@@ -11,26 +11,31 @@
. "$(dirname "$0")/common.sh"
usage() {
- echo "Usage $PROG image"
+ echo "Usage $PROG image"
}
main() {
- if [ $# -ne 1 ]; then
- usage
- exit 1
- fi
+ if [[ $# -ne 1 ]]; then
+ usage
+ exit 1
+ fi
- local image="$1"
+ local image="$1"
- local loopdev=$(loopback_partscan "${image}")
- local rootfs=$(make_temp_dir)
+ local loopdev rootfs
+ if [[ -d "${image}" ]]; then
+ rootfs="${image}"
+ else
+ rootfs=$(make_temp_dir)
+ loopdev=$(loopback_partscan "${image}")
mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+ fi
- # This mirrors the check performed in the platform_ToolchainOptions
- # autotest.
- if readelf -s "$rootfs/opt/google/chrome/chrome" | \
- grep -q __asan_init; then
- exit 1
- fi
+ # This mirrors the check performed in the platform_ToolchainOptions
+ # autotest.
+ if readelf -s "$rootfs/opt/google/chrome/chrome" | \
+ grep -q __asan_init; then
+ exit 1
+ fi
}
main "$@"
diff --git a/scripts/image_signing/ensure_update_verification.sh b/scripts/image_signing/ensure_update_verification.sh
index c72b0f6..e3929c5 100755
--- a/scripts/image_signing/ensure_update_verification.sh
+++ b/scripts/image_signing/ensure_update_verification.sh
@@ -23,10 +23,16 @@
fi
local image=$1
- local loopdev=$(loopback_partscan "${image}")
- local rootfs=$(make_temp_dir)
+
+ local loopdev rootfs
+ if [[ -d "${image}" ]]; then
+ rootfs="${image}"
+ else
+ rootfs=$(make_temp_dir)
+ loopdev=$(loopback_partscan "${image}")
+ mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+ fi
local key_location="/usr/share/update_engine/update-payload-key.pub.pem"
- mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
if [ ! -e "$rootfs/$key_location" ]; then
die "Update payload verification key not found at $key_location"
fi
diff --git a/scripts/image_signing/insert_au_publickey.sh b/scripts/image_signing/insert_au_publickey.sh
index 9d1597d..fe0dbcc 100755
--- a/scripts/image_signing/insert_au_publickey.sh
+++ b/scripts/image_signing/insert_au_publickey.sh
@@ -21,10 +21,17 @@
EOF
exit 1
fi
- local loopdev=$(loopback_partscan "${image}")
- local rootfs=$(make_temp_dir)
+
+ local loopdev rootfs
+ if [[ -d "${image}" ]]; then
+ rootfs="${image}"
+ else
+ rootfs=$(make_temp_dir)
+ loopdev=$(loopback_partscan "${image}")
+ mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+ fi
+
local key_location="/usr/share/update_engine/"
- mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
sudo mkdir -p "$rootfs/$key_location"
sudo cp "$pub_key" "$rootfs/$key_location/update-payload-key.pub.pem"
sudo chown root:root "$rootfs/$key_location/update-payload-key.pub.pem"
diff --git a/scripts/image_signing/set_channel.sh b/scripts/image_signing/set_channel.sh
index dc21246..d4e64ad 100755
--- a/scripts/image_signing/set_channel.sh
+++ b/scripts/image_signing/set_channel.sh
@@ -26,10 +26,14 @@
local to=$2
local loopdev rootfs lsb
- loopdev=$(loopback_partscan "${image}")
- rootfs=$(make_temp_dir)
+ if [[ -d "${image}" ]]; then
+ rootfs="${image}"
+ else
+ rootfs=$(make_temp_dir)
+ loopdev=$(loopback_partscan "${image}")
+ mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+ fi
lsb="${rootfs}/etc/lsb-release"
- mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
# Get the current channel on the image.
local from=$(lsbval "${lsb}" 'CHROMEOS_RELEASE_TRACK')
from=${from%"-channel"}
diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh
index 5b66912..55c1653 100755
--- a/scripts/image_signing/set_lsb_release.sh
+++ b/scripts/image_signing/set_lsb_release.sh
@@ -52,14 +52,20 @@
local image=$1
shift
- local loopdev=$(loopback_partscan "${image}")
- local rootfs=$(make_temp_dir)
+ local loopdev rootfs
- if ${ro}; then
- mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+ if [[ -d "${image}" ]]; then
+ rootfs="${image}"
else
- mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
- touch "${image}" # Updates the image modification time.
+ rootfs=$(make_temp_dir)
+ loopdev=$(loopback_partscan "${image}")
+
+ if ${ro}; then
+ mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+ else
+ mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+ touch "${image}" # Updates the image modification time.
+ fi
fi
# Process all the key/value pairs.
diff --git a/scripts/image_signing/tag_image.sh b/scripts/image_signing/tag_image.sh
index 8a01012..fb9492e 100755
--- a/scripts/image_signing/tag_image.sh
+++ b/scripts/image_signing/tag_image.sh
@@ -196,9 +196,13 @@
fi
# First round, mount as read-only and check if we need any modifications.
-loopdev=$(loopback_partscan "${IMAGE}")
-rootfs=$(make_temp_dir)
-mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+if [[ -d "${IMAGE}" ]]; then
+ rootfs="${IMAGE}"
+else
+ loopdev=$(loopback_partscan "${IMAGE}")
+ rootfs=$(make_temp_dir)
+ mount_loop_image_partition_ro "${loopdev}" 3 "${rootfs}"
+fi
# we don't have tags in stateful partition yet...
# stateful_dir=$(make_temp_dir)
@@ -210,8 +214,10 @@
if [ ${g_modified} = ${FLAGS_TRUE} ]; then
# Remount as RW. We can't use `mount -o rw,remount` because of the bits in
# the ext4 header we've set to block that. See enable_rw_mount for details.
- sudo umount "${rootfs}"
- mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+ if [[ ! -d "${IMAGE}" ]]; then
+ sudo umount "${rootfs}"
+ mount_loop_image_partition "${loopdev}" 3 "${rootfs}"
+ fi
# second round, apply the modification to image.
process_all_tags "${rootfs}" ${FLAGS_TRUE}
