mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-10 06:26:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

add(prod_image_util): Rename what remains of cros_make_image_bootable

Browse Source 
cros_make_image_bootable now only is relevant for prod images, so move
the remaining code to prod_image_util in a similar scheme that base and
dev images use.
This commit is contained in:
Michael Marineau 2013-12-28 19:20:00 -08:00
parent 306a2f6cbc
commit 213472652c
6 changed files with 50 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
bin/cros_make_image_bootable
View File

@ -1,186 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# Script which ensures that a given image has an up-to-date
# kernel partition, rootfs integrity hashes, and legacy bootloader configs.
# --- BEGIN COMMON.SH BOILERPLATE ---
# Load common CrOS utilities. Inside the chroot this file is installed in
# /usr/lib/crosutils. Outside the chroot we find it relative to the script's
# location.
find_common_sh() {
local common_paths=("$(dirname "$(readlink -f "$0")")/.." /usr/lib/crosutils)
local path
SCRIPT_ROOT="${common_paths[0]}"
for path in "${common_paths[@]}"; do
if [ -r "${path}/common.sh" ]; then
SCRIPT_ROOT="${path}"
break
fi
done
}
find_common_sh
. "${SCRIPT_ROOT}/common.sh" || exit 1
# --- END COMMON.SH BOILERPLATE ---
# Need to be inside the chroot to load chromeos-common.sh
assert_inside_chroot
# Load functions and constants for chromeos-install
. /usr/lib/installer/chromeos-common.sh || exit 1
. "${BUILD_LIBRARY_DIR}/toolchain_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
switch_to_strict_mode
if [ $# -lt 2 ]; then
echo "Usage: ${0} /PATH/TO/IMAGE IMAGE.BIN [shflags overrides]"
exit 1
fi
IMAGE_DIR="$(readlink -f "${1}")"
BOOT_DESC_FILE="${IMAGE_DIR}/boot.desc"
IMAGE="${IMAGE_DIR}/${2}"
shift
shift
FLAG_OVERRIDES="${@}"
if [ ! -r "${BOOT_DESC_FILE}" ]; then
warn "${BOOT_DESC_FILE} cannot be read!"
warn "Falling back to command line parsing"
BOOT_DESC="${@}"
else
BOOT_DESC="$(cat ${BOOT_DESC_FILE} | tr -s '\n' ' ')"
info "Boot-time configuration for $(dirname "${IMAGE}"): "
cat ${BOOT_DESC_FILE} | while read line; do
info " ${line}"
done
fi
if [ ! -r "${IMAGE}" ]; then
die "${IMAGE} cannot be read!"
fi
locate_gpt
set +e
# Now parse the build settings from ${OUTPUT_DIR}/boot.desc
DEFINE_string board "${DEFAULT_BOARD}" \
"Board we're building for."
DEFINE_string image "coreos_base.img" \
"Full path to the coreos image to make bootable."
DEFINE_string arch "x86" \
"Architecture to make bootable for: arm, x86, or amd64"
DEFINE_string disk_layout "base" \
"The disk layout type to use for this image."
DEFINE_boolean enable_rootfs_verification ${FLAGS_FALSE} \
"Default all bootloaders to NOT use kernel-based root fs integrity checking."
DEFINE_string au_key "" \
"Filename of the au_key to install"
DEFINE_string production_track "" \
"Use production values and a given track for update service."
DEFINE_boolean fsck_rootfs ${FLAGS_FALSE} \
"Check integrity of the rootfs on the modified image."
# Parse the boot.desc and any overrides
eval set -- "${BOOT_DESC} ${FLAG_OVERRIDES}"
FLAGS "${@}" || exit 1
. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
# Only now can we die on error. shflags functions leak non-zero error codes,
# so will die prematurely if 'switch_to_strict_mode' is specified before now.
switch_to_strict_mode -u
mount_gpt_cleanup() {
"${BUILD_LIBRARY_DIR}/disk_util" umount "${rootfs_mountpoint}" || true
}
make_image_bootable() {
local image="$1"
# Default to non-verified
local enable_rootfs_verification_flag=--noenable_rootfs_verification
if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
enable_rootfs_verification_flag=--enable_rootfs_verification
fi
"${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${FLAGS_disk_layout}" \
mount "${image}" "${rootfs_mountpoint}"
trap "mount_gpt_cleanup" EXIT
if [ -n "${FLAGS_production_track}" ]; then
# Replace /etc/lsb-release on the image.
"${BUILD_LIBRARY_DIR}/set_lsb_release" \
--production_track="${FLAGS_production_track}" \
--root="${rootfs_mountpoint}" \
--board="${BOARD}"
fi
# Install an auto update key on the root before sealing it off
if [ ! -z "${FLAGS_au_key}" ]; then
local key_location=${rootfs_mountpoint}"/usr/share/update_engine/"
sudo mkdir -p "${key_location}"
sudo cp "${FLAGS_au_key}" "$key_location/update-payload-key.pub.pem"
sudo chown root:root "$key_location/update-payload-key.pub.pem"
sudo chmod 644 "$key_location/update-payload-key.pub.pem"
echo "AU verification key was installed. Do not forget to resign the image!"
fi
# The rootfs should never be mounted rw again after this point without
# re-calling make_image_bootable.
sudo mount -o remount,ro "${rootfs_mountpoint}"
# Newer `mount` will decode the filename backing the loop device,
# so we need to dig deeper and find the answer ourselves.
root_dev=$(awk -v mnt="${rootfs_mountpoint}" \
'$2 == mnt { print $1 }' /proc/mounts)
# Make the filesystem un-mountable as read-write.
# TODO(wad) make sure there is parity in the signing scripts.
if [ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]; then
# TODO(wad) this would be a good place to reset any other ext2 metadata.
warn "Disabling r/w mount of the root filesystem"
disable_rw_mount "$root_dev"
fi
trap - EXIT
"${BUILD_LIBRARY_DIR}/disk_util" umount "${rootfs_mountpoint}"
}
verify_image_rootfs() {
local image=$1
local rootfs_offset="$(partoffset ${image} 3)"
local rootfs_tmp_file=$(mktemp)
trap "rm ${rootfs_tmp_file}" EXIT
sudo dd if="${image}" of="${rootfs_tmp_file}" bs=512 skip="${rootfs_offset}" \
status=none
# This flips the read-only compatibility flag, so that
# e2fsck does not complain about unknown file system capabilities.
enable_rw_mount "${rootfs_tmp_file}"
info "Running e2fsck to check root file system for errors"
sudo e2fsck -fn "${rootfs_tmp_file}" ||
die "Root file system has errors, please ensure boot.desc and/or \
command line parameters are correct"
}
# Store output and temporary files next to image.
rootfs_mountpoint="${IMAGE_DIR}/rootfs_dir"
# Create the directories if they don't exist.
mkdir -p ${rootfs_mountpoint}
make_image_bootable "${IMAGE}"
if [ ${FLAGS_fsck_rootfs} -eq ${FLAGS_TRUE} ]; then
verify_image_rootfs "${IMAGE}"
fi
rmdir ${rootfs_mountpoint}

9
build_image
View File

@ -76,6 +76,7 @@ check_gsutil_opts
. "${BUILD_LIBRARY_DIR}/disk_layout_util.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/disk_layout_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/base_image_util.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/base_image_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/prod_image_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/dev_image_util.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/dev_image_util.sh" || exit 1
. "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1 . "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
@ -145,12 +146,8 @@ fi
if should_build_image ${COREOS_PRODUCTION_IMAGE_NAME}; then if should_build_image ${COREOS_PRODUCTION_IMAGE_NAME}; then
copy_image ${CHROMEOS_BASE_IMAGE_NAME} ${COREOS_PRODUCTION_IMAGE_NAME} copy_image ${CHROMEOS_BASE_IMAGE_NAME} ${COREOS_PRODUCTION_IMAGE_NAME}
${SCRIPTS_DIR}/bin/cros_make_image_bootable \ setup_prod_image ${COREOS_PRODUCTION_IMAGE_NAME} "dev-channel" \
"${BUILD_DIR}" \ ${SRC_ROOT}/third_party/coreos-overlay/coreos-base/coreos-au-key/files/update-payload-key.pub.pem
${COREOS_PRODUCTION_IMAGE_NAME} \
--production_track="dev-channel" \
--disk_layout="${FLAGS_disk_layout}" \
--au_key=${SRC_ROOT}/third_party/coreos-overlay/coreos-base/coreos-au-key/files/update-payload-key.pub.pem
upload_image "${BUILD_DIR}/${COREOS_PRODUCTION_IMAGE_NAME}" upload_image "${BUILD_DIR}/${COREOS_PRODUCTION_IMAGE_NAME}"
fi fi

9
build_library/base_image_util.sh
View File

@ -51,11 +51,6 @@ create_base_image() {
--root="${root_fs_dir}" \ --root="${root_fs_dir}" \
--board="${BOARD}" --board="${BOARD}"
# Create the boot.desc file which stores the build-time configuration
# information needed for making the image bootable after creation with
# cros_make_image_bootable.
create_boot_desc
${BUILD_LIBRARY_DIR}/create_legacy_bootloader_templates.sh \ ${BUILD_LIBRARY_DIR}/create_legacy_bootloader_templates.sh \
--arch=${ARCH} \ --arch=${ARCH} \
--boot_dir="${root_fs_dir}"/boot \ --boot_dir="${root_fs_dir}"/boot \
@ -75,9 +70,5 @@ create_base_image() {
# Emit helpful scripts for testers, etc. # Emit helpful scripts for testers, etc.
emit_gpt_scripts "${BUILD_DIR}/${image_name}" "${BUILD_DIR}" emit_gpt_scripts "${BUILD_DIR}/${image_name}" "${BUILD_DIR}"
${SCRIPTS_DIR}/bin/cros_make_image_bootable "${BUILD_DIR}" \
"${image_name}" --disk_layout="${disk_layout}" \
--noenable_rootfs_verification
trap - EXIT trap - EXIT
} }

13
build_library/build_image_util.sh
View File

@ -80,19 +80,6 @@ make_salt() {
xxd -l 32 -p -c 32 /dev/urandom xxd -l 32 -p -c 32 /dev/urandom
} }
create_boot_desc() {
local enable_rootfs_verification_flag=""
if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
enable_rootfs_verification_flag="--enable_rootfs_verification"
fi
cat <<EOF > ${BUILD_DIR}/boot.desc
--board=${BOARD}
--arch="${ARCH}"
${enable_rootfs_verification_flag}
EOF
}
cleanup_mounts() { cleanup_mounts() {
echo "Cleaning up mounts" echo "Cleaning up mounts"
"${BUILD_LIBRARY_DIR}/disk_util" umount "$1" || true "${BUILD_LIBRARY_DIR}/disk_util" umount "$1" || true

8
build_library/dev_image_util.sh
View File

@ -45,13 +45,5 @@ install_dev_packages() {
info "Developer image built and stored at ${image_name}" info "Developer image built and stored at ${image_name}"
cleanup_mounts "${root_fs_dir}" cleanup_mounts "${root_fs_dir}"
trap "delete_prompt" EXIT
if should_build_image ${image_name}; then
${SCRIPTS_DIR}/bin/cros_make_image_bootable "${BUILD_DIR}" \
"${image_name}" --disk_layout="${disk_layout}" \
--noenable_rootfs_verification
fi
trap - EXIT trap - EXIT
} }

47
build_library/prod_image_util.sh Executable file
View File

@ -0,0 +1,47 @@
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Copyright (c) 2013 The CoreOS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
setup_prod_image() {
local image_name="$1"
local update_track="$2"
local au_key="$3"
info "Configuring production image ${image_name}"
local disk_layout="${FLAGS_disk_layout:-base}"
local root_fs_dir="${BUILD_DIR}/rootfs"
local enable_rootfs_verification_flag=--noenable_rootfs_verification
if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
enable_rootfs_verification_flag=--enable_rootfs_verification
fi
"${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
mount "${BUILD_DIR}/${image_name}" "${root_fs_dir}"
trap "cleanup_mounts '${root_fs_dir}' && delete_prompt" EXIT
# Replace /etc/lsb-release on the image.
"${BUILD_LIBRARY_DIR}/set_lsb_release" \
--production_track="${update_track}" \
--root="${root_fs_dir}" \
--board="${BOARD}"
# Install an auto update key on the root before sealing it off
local key_location=${root_fs_dir}"/usr/share/update_engine/"
sudo mkdir -p "${key_location}"
sudo cp "${au_key}" "$key_location/update-payload-key.pub.pem"
sudo chown root:root "$key_location/update-payload-key.pub.pem"
sudo chmod 644 "$key_location/update-payload-key.pub.pem"
# Make the filesystem un-mountable as read-write.
if [ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]; then
warn "Disabling r/w mount of the root filesystem"
sudo mount -o remount,ro "${root_fs_dir}"
root_dev=$(awk -v mnt="${root_fs_dir}" \
'$2 == mnt { print $1 }' /proc/mounts)
disable_rw_mount "$root_dev"
fi
cleanup_mounts "${root_fs_dir}"
trap - EXIT
}