mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-22 22:21:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

update_kernel: use $TMP for generated outputs

Browse Source 
"new_kern.bin" was being generated in the current directory and not
being cleaned up. Additionally, without this change, it is not safe to
run update_kernel.sh concurrently to separate devices.

BUG=None
TEST=Updated a kernel on a running VM, verified /tmp/update_kernel.* was
 created and used for generated outputs.

Change-Id: I27cd236ee9d38263dcca361ce063078a13b11864
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/10240
Reviewed-by: Olof Johansson <olofj@chromium.org>
This commit is contained in:
Kees Cook 2011-10-18 13:17:11 -07:00 committed by Gerrit
parent 8b1328b17c
commit 43a3213f33
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
update_kernel.sh
View File

@ -94,7 +94,7 @@ function make_kernelimage() {
bootloader_path="/lib64/bootstub/bootstub.efi" bootloader_path="/lib64/bootstub/bootstub.efi"
kernel_image="/build/${FLAGS_board}/boot/vmlinuz" kernel_image="/build/${FLAGS_board}/boot/vmlinuz"
fi fi
vbutil_kernel --pack new_kern.bin \ vbutil_kernel --pack $TMP/new_kern.bin \
--keyblock /usr/share/vboot/devkeys/kernel.keyblock \ --keyblock /usr/share/vboot/devkeys/kernel.keyblock \
--signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \ --signprivate /usr/share/vboot/devkeys/kernel_data_key.vbprivk \
--version 1 \ --version 1 \
@ -109,7 +109,7 @@ function copy_kernelimage() {
remote_cp_to /build/${FLAGS_board}/boot/vmlinux.uimg /boot remote_cp_to /build/${FLAGS_board}/boot/vmlinux.uimg /boot
fi fi
remote_cp_to new_kern.bin /tmp remote_cp_to $TMP/new_kern.bin /tmp
remote_sh dd if=/tmp/new_kern.bin of="${FLAGS_partition}" remote_sh dd if=/tmp/new_kern.bin of="${FLAGS_partition}"
} }
@ -117,7 +117,7 @@ function copy_kernelimage() {
function main() { function main() {
trap cleanup EXIT trap cleanup EXIT
TMP=$(mktemp -d /tmp/image_to_live.XXXX) TMP=$(mktemp -d /tmp/update_kernel.XXXXXX)
remote_access_init remote_access_init
@ -136,24 +136,21 @@ function main() {
make_kernelimage make_kernelimage
if [[ ${REMOTE_VERITY} -eq ${FLAGS_FALSE} ]]; then if [[ ${REMOTE_VERITY} -eq ${FLAGS_FALSE} ]]; then
tar -C /build/"${FLAGS_board}"/lib/modules -cjf /tmp/new_modules.tar . tar -C /build/"${FLAGS_board}"/lib/modules -cjf $TMP/new_modules.tar .
tar -C /build/"${FLAGS_board}"/lib/firmware -cjf /tmp/new_firmware.tar . tar -C /build/"${FLAGS_board}"/lib/firmware -cjf $TMP/new_firmware.tar .
tar -C /build/"${FLAGS_board}"/boot -cjf /tmp/new_boot.tar . tar -C /build/"${FLAGS_board}"/boot -cjf $TMP/new_boot.tar .
remote_sh mount -o remount,rw / remote_sh mount -o remount,rw /
echo "copying modules" echo "copying modules"
remote_cp_to /tmp/new_modules.tar /tmp/ remote_cp_to $TMP/new_modules.tar /tmp/
remote_sh tar -C /lib/modules -xjf /tmp/new_modules.tar remote_sh tar -C /lib/modules -xjf /tmp/new_modules.tar
echo "copying firmware" echo "copying firmware"
remote_cp_to /tmp/new_firmware.tar /tmp/ remote_cp_to $TMP/new_firmware.tar /tmp/
remote_sh tar -C /lib/firmware -xjf /tmp/new_firmware.tar remote_sh tar -C /lib/firmware -xjf /tmp/new_firmware.tar
echo "copying kernel" echo "copying kernel"
remote_cp_to /tmp/new_boot.tar /tmp/ remote_cp_to $TMP/new_boot.tar /tmp/
remote_sh tar -C /boot -xjf /tmp/new_boot.tar remote_sh tar -C /boot -xjf /tmp/new_boot.tar
# ARM does not have the syslinux directory, so skip it when the # ARM does not have the syslinux directory, so skip it when the