From e630a36e50799ec72305b03a6d6fe354d2b8b059 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 2 Feb 2017 15:01:47 -0800 Subject: [PATCH] Revert "build_image: Remove disable_read_write variable" This reverts commit a7ffba9a9f5c18bdc8ab5495b81855bc5ba76c19. The build_image script can build multiple formats. When our releases and automated builds are creating developer containers and production images from the same command, the verity flag would be disabled while building the container and remain disabled when building the production image. This resulted in no verity in all our builds. --- build_library/build_image_util.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index dd524387d3..480fc0b5f0 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -320,8 +320,9 @@ finish_image() { local disk_img="${BUILD_DIR}/${image_name}" # Only enable rootfs verification on prod builds. - if [[ "${IMAGE_BUILD_TYPE}" != "prod" ]]; then - FLAGS_enable_rootfs_verification=${FLAGS_FALSE} + local disable_read_write="${FLAGS_FALSE}" + if [[ "${IMAGE_BUILD_TYPE}" == "prod" ]]; then + disable_read_write="${FLAGS_enable_rootfs_verification}" fi # Only enable rootfs verification on supported boards. @@ -377,7 +378,7 @@ finish_image() { fi # Make the filesystem un-mountable as read-write and setup verity. - if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then + if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then # Unmount /usr partition sudo umount --recursive "${root_fs_dir}/usr" || exit 1 @@ -430,7 +431,7 @@ finish_image() { target_list="arm64-efi" fi for target in ${target_list}; do - if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then + if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then ${BUILD_LIBRARY_DIR}/grub_install.sh \ --board="${BOARD}" \ --target="${target}" \