Merge pull request #283 from marineam/version2

updates: Add script for enabling the official update signing key.
2025-08-12 07:26:58 +02:00 · 2014-06-23 17:31:21 -07:00 · 2014-06-23 17:31:21 -07:00 · bc9d87c9fa
commit bc9d87c9fa
parent 9562e5e768 d4c1c0b867
5 changed files with 63 additions and 1 deletions
--- a/7
+++ b/7
@ -34,6 +34,8 @@ DEFINE_string group "${DEFAULT_GROUP}" \
  "The update group."
 DEFINE_boolean generate_update "${FLAGS_FALSE}" \
  "Generate update payload. (prod only)"
+DEFINE_boolean extract_update "${FLAGS_TRUE}" \
+  "Extract the /usr partition for generating updates."
 DEFINE_string developer_data "" \
  "Insert a custom cloudinit file into the image."

@ -151,6 +153,9 @@ fi

 if [[ "${DEV_IMAGE}" -eq 1 ]]; then
  create_dev_image ${COREOS_DEVELOPER_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group}
+  if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
+    extract_update "${COREOS_DEVELOPER_IMAGE_NAME}" "${DISK_LAYOUT}"
+  fi
 fi

 if [[ "${CONTAINER}" -eq 1 ]]; then
@ -161,6 +166,8 @@ if [[ "${PROD_IMAGE}" -eq 1 ]]; then
  create_prod_image ${COREOS_PRODUCTION_IMAGE_NAME} ${DISK_LAYOUT} ${FLAGS_group}
  if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
    generate_update "${COREOS_PRODUCTION_IMAGE_NAME}" ${DISK_LAYOUT}
+  elif [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
+    extract_update "${COREOS_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
  fi
 fi

--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@ -54,6 +54,16 @@ delete_prompt() {
  fi
 }

+extract_update() {
+  local image_name="$1"
+  local disk_layout="$2"
+  local update_path="${BUILD_DIR}/${image_name%_image.bin}_update.bin"
+
+  "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
+    extract "${BUILD_DIR}/${image_name}" "USR-A" "${update_path}"
+  upload_image "${update_path}"
+}
+
 generate_update() {
  local image_name="$1"
  local disk_layout="$2"
--- a/build_library/prod_image_util.sh
+++ b/build_library/prod_image_util.sh
@ -42,6 +42,14 @@ create_prod_image() {
  emerge_to_image "${root_fs_dir}" coreos-base/coreos
  write_packages "${root_fs_dir}" "${BUILD_DIR}/${image_packages}"

+  # Assert that if this is supposed to be an official build that the
+  # official update keys have been used.
+  if [[ ${COREOS_OFFICIAL:-0} -eq 1 ]]; then
+      grep -q official \
+          "${root_fs_dir}"/var/db/pkg/coreos-base/coreos-au-key-*/USE \
+          || die_notrace "coreos-au-key is missing the 'official' use flag"
+  fi
+
  # clean-ups of things we do not need
  sudo rm ${root_fs_dir}/etc/csh.env
  sudo rm -rf ${root_fs_dir}/var/db/pkg
--- a/2
+++ b/2
@ -50,7 +50,7 @@ switch_to_strict_mode
 FLAGS_storage="${FLAGS_storage%%/}"

 GS_URL="${FLAGS_storage}/${FLAGS_board}/${FLAGS_version}/update.gz"
-HTTP_URL="http://${GS_URL#gs://}"
+HTTP_URL="https://commondatastorage.googleapis.com/${GS_URL#gs://}"
 gsutil cp "${FLAGS_payload}" "${GS_URL}"

 rollerctl \
--- a/37
+++ b/37
@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Copyright (c) 2014 The CoreOS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
+. "${SCRIPT_ROOT}/common.sh" || exit 1
+
+# Script must run inside the chroot
+restart_in_chroot_if_needed "$@"
+
+assert_not_root_user
+
+DEFINE_string board "${DEFAULT_BOARD}" \
+  "The board to update."
+DEFINE_boolean official ${FLAGS_TRUE} \
+    "Enable (or disable) official key."
+
+# Parse flags
+FLAGS "$@" || exit 1
+eval set -- "${FLAGS_ARGV}"
+switch_to_strict_mode
+
+# set BOARD and BOARD_ROOT
+. "${BUILD_LIBRARY_DIR}/toolchain_util.sh"
+. "${BUILD_LIBRARY_DIR}/board_options.sh"
+
+if [[ ${FLAGS_official} -eq ${FLAGS_TRUE} ]]; then
+    sudo mkdir -p "${BOARD_ROOT}/etc/portage/package.use"
+    sudo_clobber "${BOARD_ROOT}/etc/portage/package.use/official" \
+        <<<"coreos-base/coreos-au-key official"
+else
+    sudo rm -f "${BOARD_ROOT}/etc/portage/package.use/official"
+fi
+
+emerge-${BOARD} -v --quiet-build=y --nospinner coreos-base/coreos-au-key