build_image: clean up PCR policy generation

Pass as an argument to finish_image like most other things.
2025-08-07 21:16:57 +02:00 · 2016-09-19 12:09:27 -07:00 · 2016-09-19 12:09:27 -07:00 · 1092afd240
commit 1092afd240
parent 300722d7cb
2 changed files with 26 additions and 10 deletions
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@ -287,12 +287,10 @@ finish_image() {
  local root_fs_dir="$3"
  local image_contents="$4"
  local image_kernel="$5"
-  local install_grub=0
+  local pcr_policy="$6"

+  local install_grub=0
  local disk_img="${BUILD_DIR}/${image_name}"
-  local pcr_policy="${image_name%.bin}_pcr_policy.zip"
-  local pcr_dir="${BUILD_DIR}/pcrs"
-  mkdir -p "${pcr_dir}"

  # Copy kernel to support dm-verity boots
  sudo mkdir -p "${root_fs_dir}/boot/coreos"
@ -376,7 +374,13 @@ finish_image() {
        "${BUILD_DIR}/${image_kernel}"
  fi

-  ${BUILD_LIBRARY_DIR}/generate_kernel_hash.sh "${root_fs_dir}/boot/coreos/vmlinuz-a" ${COREOS_VERSION} >${pcr_dir}/kernel.config
+  if [[ -n "${pcr_policy}" ]]; then
+    mkdir -p "${BUILD_DIR}/pcrs"
+    ${BUILD_LIBRARY_DIR}/generate_kernel_hash.sh \
+        "${root_fs_dir}/boot/coreos/vmlinuz-a" ${COREOS_VERSION} \
+        >"${BUILD_DIR}/pcrs/kernel.config"
+  fi
+
  rm -rf "${BUILD_DIR}"/configroot
  cleanup_mounts "${root_fs_dir}"
  trap - EXIT
@ -403,9 +407,15 @@ finish_image() {
            --noverity
      fi
    done
-    ${BUILD_LIBRARY_DIR}/generate_grub_hashes.py ${disk_img} /usr/lib/grub/ ${pcr_dir} ${COREOS_VERSION}
  fi
-  pushd ${BUILD_DIR}
-  zip -r -9 $pcr_policy pcrs
-  popd
+
+  if [[ -n "${pcr_policy}" ]]; then
+    ${BUILD_LIBRARY_DIR}/generate_grub_hashes.py \
+        "${disk_img}" /usr/lib/grub/ "${BUILD_DIR}/pcrs" ${COREOS_VERSION}
+
+    info "Generating $pcr_policy"
+    pushd "${BUILD_DIR}" >/dev/null
+    zip --quiet -r -9 "${BUILD_DIR}/${pcr_policy}" pcrs
+    popd >/dev/null
+  fi
 }
--- a/build_library/prod_image_util.sh
+++ b/build_library/prod_image_util.sh
@ -113,7 +113,13 @@ EOF
  sudo mv -n ${root_fs_dir}/etc/pam.d/* ${root_fs_dir}/usr/lib/pam.d/
  sudo rmdir ${root_fs_dir}/etc/pam.d

-  finish_image "${image_name}" "${disk_layout}" "${root_fs_dir}" "${image_contents}" "${image_kernel}"
+  finish_image \
+      "${image_name}" \
+      "${disk_layout}" \
+      "${root_fs_dir}" \
+      "${image_contents}" \
+      "${image_kernel}" \
+      "${image_pcr_policy}"

  upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" \
      "${BUILD_DIR}/${image_contents}" \