Move cross toolchain library install code out of setup_board to a
separate script, and have setup_board use it.
The install_toolchain script will be used by the builders to set up
a separate sysroot (distinct from the /build/<board> root), as part of
the Simplified Chrome Workflow (goto/simple-chrome).
BUG=chromium-os:36299
TEST=locally, trybots.
Change-Id: I88c355f1798da71ead9370a82365304dbf311504
Reviewed-on: https://gerrit.chromium.org/gerrit/38156
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Ryan Cui <rcui@chromium.org>
Tested-by: Ryan Cui <rcui@chromium.org>
This unforks the autoupdate protocol logic used by cros_image_to_target to
have it use common code from the devserver.
BUG=chromium-os:36418
TEST=Pylint + pyflaes, running test now.
CQ-DEPENDS=I73cf6343
Change-Id: I199d5f2989d361c3427058fd6e900c8ec623c88a
Reviewed-on: https://gerrit.chromium.org/gerrit/38158
Tested-by: Chris Sosa <sosa@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Chris Sosa <sosa@chromium.org>
A rootfs built with verification cannot be mounted rw, so have the
mount script try to mount things ro if the rw mount failed.
BUG=None
TEST=`./build_image && ./mount.sh` work
Change-Id: I291ece366e03e218b3cd9ff8f30bd9a6e9cf879d
Reviewed-on: https://gerrit.chromium.org/gerrit/35065
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Add -n to remote_sh calls in set_up_remote_access and learn_board.
Otherwise the ssh's they start will consume some stdin, making these
functions incompatible with a script which needs its stdin.
BUG=none
TEST=add -n to first remote_sh in cros_adopt_device then "echo y | cros_adopt_device" will work
Change-Id: Ic01f69b0a86581c8650f59056d52766e76de1799
Reviewed-on: https://gerrit.chromium.org/gerrit/37251
Tested-by: Frank Henigman <fjhenigman@chromium.org>
Reviewed-by: Chris Wolfe <cwolfe@chromium.org>
Commit-Ready: Frank Henigman <fjhenigman@chromium.org>
Added 200Meg to the root partitions where needed.
BUG=chromium-os:25441
TEST=secuity_test_image for stumpy and daisy. Installed stumpy, parrot, daisy.
Change-Id: Iaa049968f02b4d262ca5997b0844793f8acf999b
Reviewed-on: https://gerrit.chromium.org/gerrit/37905
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
These packages used to be installed into the chroot, but no longer.
Punt them to avoid random upgrade errors due to them no longer existing.
BUG=None
TEST=`./update_chroot` worked and cleaned out these pkgs
Change-Id: I9b7f7d0f8f9106d2a580393ec428876d332ac701
Reviewed-on: https://gerrit.chromium.org/gerrit/37763
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
When we stopped installing binutils into package.provided, we stopped
needing to check its version at all. While CL:30287 updated the file,
it left the latter in place. Scrub it now.
BUG=chromium-os:21330
TEST=`./setup_board --board=x86-generic` setup gcc/glibc in package.provided and worked
Change-Id: I5c5d7175f17fd2d4ad5231ed3f9f5ddee592aa63
Reviewed-on: https://gerrit.chromium.org/gerrit/37517
Reviewed-by: asharif <asharif@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Changed update_kernel.sh to use /dev/dm* to mean verity
is being used instead of /dev/dm-0.
BUG=chromium-os:25441
TEST=Used update_kernel.sh to update kernel on stumpy
Change-Id: I187fe0b43c65a6bfa7a689d31ae2cfd86fda558f
Reviewed-on: https://gerrit.chromium.org/gerrit/33797
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
This allows you to build a VM image using the 4gb-rootfs layout
BUG=none
TEST=Build iamge using 4gb-rootfs and build VM image
Change-Id: I1efa45d1448b22a9905dae764f0e4cdc0538be68
Reviewed-on: https://gerrit.chromium.org/gerrit/37489
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Currently, build_packages has a typo that causes it to only include "chromeos"
in dependency checks. This means that if a package outside of chromeos needs
to be updated in order to fix a conflict, build_packages will refuse to do that
and break. This caused a build break on keybuk's machine.
BUG=none
TEST=Try it on keybuk's machine and verify build_packages works again.
TEST=Remote trybot run.
Change-Id: I1acca0be47152ba93c30ba07c0bf643650906199
Reviewed-on: https://gerrit.chromium.org/gerrit/37452
Reviewed-by: Scott James Remnant <keybuk@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Tested-by: David James <davidjames@chromium.org>
This makes a follow up commit easier to document excludes.
BUG=chromium-os:22939
TEST=build_image for daisy installs same set of files
Change-Id: I09a9b3fe6f8c1d1fd9dd4d094f2fb7c81ce24880
Reviewed-on: https://gerrit.chromium.org/gerrit/37377
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
BUG=None
TEST=build_image for daisy worked
Change-Id: If2343bc1f13a23bc1b6bc0eae9a4ed8938b53eb4
Reviewed-on: https://gerrit.chromium.org/gerrit/37361
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
This removes some spurious noise from the build_image output.
BUG=None
TEST=`./build_image` still worked and is quieter
Change-Id: Ic5d89a462dc137a1a710f77dc16cee401e0083b2
Reviewed-on: https://gerrit.chromium.org/gerrit/35426
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
As part of the efforts to support HTTP-based downloads for autoupdate,
we are upgrading update_engine from Omaha v2 to v3. So, we need to
update cros_image_to_target.py to also understand the v3 XML.
BUG=chromium-os:35930
TEST=Successfully updated my ZGB which was running the v3 update_engine.
Change-Id: I2b4831c1e87ccf064e79cd6d34205f19aedc9d57
Reviewed-on: https://gerrit.chromium.org/gerrit/37065
Reviewed-by: Chris Sosa <sosa@chromium.org>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Commit-Ready: Chris Sosa <sosa@chromium.org>
Tested-by: Chris Sosa <sosa@chromium.org>
Explicitly build curl/openssl/git since the toolchain itself tries to
fetch over http with git.
BUG=None
TEST=`cros_sdk --bootstrap` works
TEST=`cbuildbot chromiumos-sdk` works
Change-Id: I50b3145732f8345d6ad6ada41325648cbea31b84
Reviewed-on: https://gerrit.chromium.org/gerrit/36995
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Han Shen <shenhan@chromium.org>
Tested-by: Han Shen <shenhan@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
No need to setup these hooks in their own set of sudo commands,
so merge with the existing block to avoid another sudo.
Also install all hooks that are available in case we want to add
more in the future (we probably do).
BUG=None
TEST=`./setup_board --board=daisy --skip_chroot_upgrade --regen_configs` created install hooks
Change-Id: Idcd64afc32c81fcc2b4a712992c5ee0edf5ae0d4
Reviewed-on: https://gerrit.chromium.org/gerrit/36474
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Collapse the modifications done in 150setupVirtualWiFi into
100setupTestingInterface.
BUG=chromium-os:35909
TEST=Run run script manually by setting ROOT_FS_DIR
Change-Id: I817ef7fcd30ba7c8e9f0883547124ab314101b5f
Reviewed-on: https://gerrit.chromium.org/gerrit/37057
Reviewed-by: Christopher Wiley <wiley@chromium.org>
Commit-Ready: Paul Stewart <pstew@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
BUG=chromium-os:35909
TEST=None
Change-Id: I055068435812043eb1c31fd8a6fd2ca0b5b8017f
Reviewed-on: https://gerrit.chromium.org/gerrit/37022
Reviewed-by: Christopher Wiley <wiley@chromium.org>
Commit-Ready: Paul Stewart <pstew@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
sudo takes 150ms per invocation on Goobuntu, and with 10 invocations in
enter_chroot.sh, this means that we're wasting a lot of time, every time
cros_sdk is invoked. Cutting these unnecessary invocations reduces the time
required to run enter_chroot.sh from 2.3s to 0.8s.
CL:36618 is the companion change that updates cros_sdk to invoke
sudo unshare -m prior to calling enter_chroot.sh.
Summary of changes:
1. Remove all calls to sudo and just run the commands directly.
- Remove the mount queue and any sudo_multi optimizations.
- Rename sudo_chroot -> bare_chroot because we don't run sudo anymore there.
- Remove code for validating sudo timestamp.
2. Allow the scripts to work as root:
- Ensure that files created by cros_sdk that previously were owned by the
user still are owned by the user (either using chown or cp -p).
- Use $SUDO_USER to find the user's account.
- Use $SUDO_HOME instead of $HOME to find the user's home dir.
- Remove outdated code for disabling automount on Lucid, which doesn't work
when run as root.
- Update code for calculating the user's git username to use sudo to switch
to the user. Also move it to make_chroot.sh so that this change doesn't
impact performance.
3. Cleanup
- Remove environment syncer process in favor of just syncing once when chroot
is entered.
- Remove teardown and instead rely on unshare to unmount the mounts. To make
sure that outside processes never notice the mounts, we use mount -n. This
also ensures that /etc/mtab never contains stale mounts.
- Remove path-overrides, since it is no longer needed.
BUG=chromium-os:35714, chromium-os:35679
TEST=Trybot runs.
CQ-DEPEND=CL:36618
Change-Id: I919a8aadb08fafde97348e8511573c28fdd47186
Reviewed-on: https://gerrit.chromium.org/gerrit/36619
Tested-by: David James <davidjames@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Mounts can sometimes be unmounted from under our feet. I'm not sure
what's causing this problem, but I can reproduce it both on gPrecise
and on our builders (chromiumos-sdk). I've confirmed this patch fixes
the problem.
BUG=chromium-os:35679
TEST=20 chromiumos-sdk trybot runs. Confirmed this code is executing
and catching a race condition in the trybot runs.
Change-Id: Iff019e672e9124053ac62cf3017dba485a4989cb
Reviewed-on: https://gerrit.chromium.org/gerrit/36698
Tested-by: David James <davidjames@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Install shim images are broken when booting from legacy x86 BIOS. The
install shim relies upon "cros_factory_install" being passed as a boot
flag. This flag is never passed to create_legacy_bootloader_templates,
so the install shim flow is broken.
This change passes the boot args flags to create_legacy_bootloader... so
the install shim will function normally.
TEST=Create factory_install image, verify correct boot w/ x86 BIOS.
BUG=chrome-os-partner:15661
Change-Id: I46b2be188f48b7626bfd3235d5788410c7488c42
Reviewed-on: https://gerrit.chromium.org/gerrit/36590
Tested-by: Shawn Nematbakhsh <shawnn@google.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Shawn Nematbakhsh <shawnn@google.com>
BUG=None
TEST=build_image
Change-Id: Ib1ff8ac57b48402d2353d33413b936e5a6627176
Reviewed-on: https://gerrit.chromium.org/gerrit/28120
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
BUG=chromium-os:35605
TEST=emerge-$board chromeos-kernel does not show hardened warnings on debug
files.
Change-Id: I0396ef9f964ad435602f65db6192429521906de1
Reviewed-on: https://gerrit.chromium.org/gerrit/36397
Tested-by: asharif <asharif@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: asharif <asharif@chromium.org>
BUG=none
TEST=Build image for board that requires hybrid MBR without this flag and
verify it boots
Change-Id: Idfb7886c28bb887f5fca4607824a5bbf5255fb98
Reviewed-on: https://gerrit.chromium.org/gerrit/36248
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Users sometimes want to run gclient inside the chroot, so we shouldn't
tell users that using it is a bad idea.
The original reason why this message was added is historical: Originally,
users had a newer version of SVN inside the chroot compared to on their
workstation, so if you ran SVN inside the chroot it would permanently upgrade
your working copy such that the version of SVN outside the chroot did not work
with it anymore. This isn't a problem anymore, so we can remove the message.
BUG=none
TEST=Run remote trybot runs of chromiumos-sdk
Change-Id: I7b82a5c94e29d5928f4bb296ae2d99cef397d365
Reviewed-on: https://gerrit.chromium.org/gerrit/36346
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Tested-by: David James <davidjames@chromium.org>
This CL adjusts all scripts to use cros_list_overlays from chromite
instead of cros_overlay_list.
BUG=chromium-os:35514
TEST=Trybot runs with all callers adjusted to use
cros_list_overlays instead of cros_overlay_list.
CQ-DEPEND=CL:36191
Change-Id: I6b147a64744015f6b199b2a00493e6f1e030376b
Reviewed-on: https://gerrit.chromium.org/gerrit/36167
Tested-by: David James <davidjames@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
We are coming close to filling the rootfs size, so just make it bigger.
TEST=build_image, image_to_live, recovery, USB install, trybot
BUG=chromium-os:35086
CQ-DEPEND=CL:*27626
CQ-DEPEND=CL:*27627
CQ-DEPEND=CL:*27628
CQ-DEPEND=CL:*27632
Change-Id: Ida27761dbcf59e5553b10789a068e9cd6c1887ee
Reviewed-on: https://gerrit.chromium.org/gerrit/35477
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Don Garrett <dgarrett@chromium.org>
If the image happens to be full but didn't run out of space,
then don't dump the filesystem debug output. Only do it when
we're erroring out.
BUG=chromium-os:35083
TEST=`./build_image --board=x86-alex` still worked
Change-Id: Ia585b43273cc891aaaebe0fe08aedec78c91055e
Reviewed-on: https://gerrit.chromium.org/gerrit/35885
Reviewed-by: David James <davidjames@chromium.org>
Reviewed-by: Peter Mayo <petermayo@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Right now, archive_hwqual extracts the test image from image.zip.
This dependency between archive_hwqual and the image zipfile is
a bit of a landmine because it's currently undocumented and not
tested by unit tests or the commit queue. Fortunately, we can
remove this dependency, as the test image already lives in the
image dir. This simplification also speeds up the archive stage
by removing unnecessary unzipping.
This CL teaches archive_hwqual to look in the image dir instead
of re-extracting the test image from the image.zip file. This
will allow me to later decouple the image.zip creation from
the creation of the hwqual tarball.
BUG=chromium-os:35331
CQ-DEPEND=CL:35590
TEST=canary remote trybot run.
Change-Id: I5930f06f58a9b63afa9ab3445823ed9fd0c2a2e2
Reviewed-on: https://gerrit.chromium.org/gerrit/35588
Tested-by: David James <davidjames@chromium.org>
Reviewed-by: Chris Sosa <sosa@chromium.org>
Reviewed-by: Ryan Cui <rcui@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
The process of bootstrapping the chroot from sources was
failing for several reasons when run from behind a firewall
with proxies. The llvm build was failing due to inability
to checkout sources through subversion using the
subversion.eclass wrapper (the "normal" way to do this in
the ebuild environment). This was because the user's
subversion configuration (including proxy settings) was not
inherited from $HOME/.subversion into the in-chroot sandbox
used by subversion.eclass.
This change creates symbolic links in the subversion.eclass
sandboxes for host and target builds in the chroot to fix
any build that uses the normal subversion.eclass for
checkouts. The operation is done at enter_chroot time so
that it applies to both ordinary builds and chroot creation
(via early_enter_chroot).
BUG=none
TEST='cros_sdk --replace --enter' behind proxied firewall
Change-Id: I0af2128866bb95799dc07c728c75cf3f2a0af7a3
Reviewed-on: https://gerrit.chromium.org/gerrit/34291
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: paul drews <paul.drews@intel.com>
Tested-by: paul drews <paul.drews@intel.com>
Building the chroot environment from sources using
"--bootstrap" currently runs into a circular dependency:
curl->openssl->git->curl
The openssl->git dependency comes indirectly from the fact
that the current version of openssl uses the "cros-workon"
ebuild package to assist in applying packages. The ebuild
system automatically and silently resolves this circular
dependency by reverting the openssl library to an earlier
version that does not use cros-workon based patching.
Unfortunately this older version of openssl has a bug that
causes it not to work when doing builds in a firewalled
environment: When curl (using this older version of openssl
library) attempts to fetch an "https" url, it authenticates
the target server against a bundle of certificate-authority
certificates it maintains. Finding the certificate fails
(although the validation succeeds if curl is told explicitly
what certificate to use). With the certificate not-found,
server authentication fails, the curl download fails, and
the build ultimately fails.
This patch breaks the circular dependency, allowing a
more-current version of openssl to be used in curl, making
the above build scenario work in a firewalled environment.
The circularity is broken by first building git without curl
support (and webdav that depends on curl). Then early
toolchain components up through and including curl are
built. This build of curl then uses a more up-to-date
version of openssl with the desired bug-fix. Once curl is
built, then git is re-built and re-installed with the
now-installed version of curl (re-)enabled.
BUG=None
TEST=create chroot with --bootstrap ; build_packages (behind firewall)
Change-Id: Iaa560fdb6623fcb73cde066a3b2bc2a342169c62
Reviewed-on: https://gerrit.chromium.org/gerrit/34292
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: paul drews <paul.drews@intel.com>
Tested-by: paul drews <paul.drews@intel.com>
CL:33868 (7b6f377c58) introduced a
breakage in the "cros_sdk --replace --bootstrap" scenario.
The make_chroot.sh script invokes early_enter_chroot before
invoking init_setup. The chroot/etc/profiles.d directory is
created in init_setup, but the referenced change was
expecting to create a file in that directory in the context
of early_enter_chroot before the directory was created.
This led to a "no such file or directory" error when trying
to create the file.
This change does a "mkdir -p" of the referenced directory
before putting things in it in the context of
early_enter_chroot. The filename is also fixed to the name
expected elsewhere in the scripts.
BUG=none
TEST=cros_sdk --replace --bootstrap
Change-Id: I6ac0467117d7b0dd413695153469b367d56c256c
Reviewed-on: https://gerrit.chromium.org/gerrit/34958
Commit-Ready: Brian Harring <ferringb@chromium.org>
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>
Add more sanity checks to the input .json file to catch when people
make typos or other random mistakes.
BUG=None
TEST=loaded all .json files we have
Change-Id: Ibc2439684628225da43639c2fac25958b5fa794e
Reviewed-on: https://gerrit.chromium.org/gerrit/34708
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
There is no need to call .close() ourself in a with block.
We can also use a with block in the WritePartitionScript func.
BUG=None
TEST=build_image still works
Change-Id: I53b31ba96c94e885b1d4415889b5d2a9691ccda1
Reviewed-on: https://gerrit.chromium.org/gerrit/34707
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
The "update_partition_table" routine is used by mod_image_for_recovery.sh
and ~/trunk/src/platform/dev/host/tests/mod_recovery_for_decryption.sh.
This moves the routine into a common location so future changes will not
break things. Additional removes the duplicate okboat/failboat
definitions from mod_image_for_recovery.sh since those are in a common
place already.
This change does not fix the stateful resize logic part of the bug, but
does move the code into a single place so mod_recovery_for_decryption.sh
can use it once it has been fixed.
BUG=chromium-os:35003
TEST=created working recovery image
Change-Id: Ibcd5289389dcadf58ccf0678ecfb29095848b247
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34678
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Add a script so devs can run signer security tests themselves to
make sure they don't break them.
BUG=chromium-os:19543
TEST=`cbuildbot lumpy-release` passed and ran signer tests
Change-Id: I68cc3ec19616be3c91a1a14550cb38c2e6f2503d
Reviewed-on: https://gerrit.chromium.org/gerrit/34326
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
The factory test image uses third party kernel modules from /usr/local.
Since it builds with verity enabled, the module restrictions must be
disabled in the command line instead of via run-time sysctl values
(which are not available if verity is enabled).
BUG=chromium-os:34134
TEST=parrot build, manual testing
Change-Id: Ibfc3332eac88e3748f2c81d6dce1a595dd16c055
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34321
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Reviewed-by: Joseph Shyh-In Hwang <josephsih@chromium.org>
This reverts commit acff376525
This broke the signing process due to changed kernel params.
Please update ensure_secure_kernelparams.config under the
cros-signing/ tree before relanding this.
Change-Id: I3be62e16299eb69bbfef9f1530d92200a2e309d7
Reviewed-on: https://gerrit.chromium.org/gerrit/34320
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This is forced by cros_sdk; in conjunction w/ this,
drop --distfiles and mangle the chroot on during entrance
dropping a symlink in the old /var/cache/distfiles location
pointing to the new mounted cache_dir location.
Additionally, thread CHROMEOS_CACHEDIR down through the end.
Do this without relying on a version upgrade script- we can't
require they be run before entering, thus we exploit the fact
that cros_sdk explicitly forces a write lock to do the upgrade,
if we see the old form we know we can do the upgrade w/out
worrying about collisions.
CQ-DEPEND=CL:33871
BUG=chromium-os:34457
TEST=manual testing.
Change-Id: I6805266e3ec683f05d3ba615f9e8840642a28e48
Reviewed-on: https://gerrit.chromium.org/gerrit/33868
Commit-Ready: Brian Harring <ferringb@chromium.org>
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>
Added a new flag for enabling the boot cache.
BUG=chromium-os:25441
TEST=built and ran amd64 and arm
Change-Id: Ia151d40c4b02f4353981affd321763521d972ee6
Reviewed-on: https://gerrit.chromium.org/gerrit/33617
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
enter_chroot.sh was not updating /etc/hosts from the out-of-chroot
environment. Make it do that.
BUG=None
TEST=locally
Change-Id: Ieaa337ae90dbc0700c42fa7e4b96faf12d3968cb
Reviewed-on: https://gerrit.chromium.org/gerrit/34226
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Ryan Cui <rcui@chromium.org>
Tested-by: Ryan Cui <rcui@chromium.org>
Looks like the func was copy & pasted, so delete the first one (which
doesn't get used). Then expand on the existing func to also generate
a mount and an umount script.
BUG=None
TEST=ran build_image, then tested the mount/umount and unpack/pack scripts
Change-Id: I34a372c7b4858b8e9057a29b2eb58c38d547eadd
Reviewed-on: https://gerrit.chromium.org/gerrit/33929
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
