Remove --verity_*: Unused, we don't support verity
Remove --usb_disk: Unused, we use PARTUUID now.
Remove --enable_serial: Unused, and serial is enabled for syslinux
Add --production_track argument to set_lsb_release and
cros_make_image_bootable to support using the production update service
on developer builds of the 'prod' image. This replaces the previous hack
of setting COREOS_OFFICIAL=1 in the middle of the build.
Since lsb-release doesn't exist prior to the first call to
set_lsb_release switch to sudo_clobber instead of append. That way if it
is called a second time later the contents aren't duplicated.
Write the info to gentoo-release and os-release as well so everything
gets the same information.
This adds the boot_kernel to the build boot partiton and updates the
relevant config files. Mission accomplished.
TODO: Update the installer to not worry about moving files around
anymore
As outlined here we need a new partition layout, this patch makes the
necessary changes:
https://groups.google.com/forum/#!topic/coreos-dev/bA7gwGGoTng
The first big change is making all of the scripts obey partition numbers
based on labels in the disk_layout.json. This makes it much easier to
change later on.
The second big change is in the layout itself. The json file was updated
to reflect the document above.
And finally the grub boot configuration needed for pv-grub and pygrub
were added to the create_legacy_bootloader_templates.sh library utlity.
Everything seems to work and boot now.
The latest coreutils introduces a status=none option which suppresses
all information which is more than the current status=noxfer.
BUG=None
TEST=`./build_image` no longer spews any dd info
Change-Id: I3cfefed1d38e7e5ff52342c98e6a306d9a48950a
Reviewed-on: https://gerrit.chromium.org/gerrit/41930
Reviewed-by: David James <davidjames@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Enable the serial port from the build_image command line.
Currenly, you have to edit build_kernel_image.sh to enable
the serial port for kernel debugging. Now:
./build_image --board=${BOARD} --enable_serial=ttyS0
Will enable sending printks to the specified serial port.
BUG=chromium-os:38026
TEST=built images with and without serial enabled
Change-Id: I9ef4f2a20f0d451e132371339c4eba1faf4c94de
Reviewed-on: https://gerrit.chromium.org/gerrit/41638
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
Changes to build_image to allow enabling of bootcache.
./build_image --board=$BOARD --enable_bootcache
A board can be configured to use the bootcache by
the following lines in private-overlays/overlay-<board>-private/scripts
if [[ ${FLAGS_bootcache_use_board_default} -eq ${FLAGS_TRUE} ]]; then
FLAGS_enable_bootcache=${FLAGS_TRUE}
fi
Setting --noenable_bootcache or --enable_bootcache on the comand
line will override the default.
BUG=chromium-os:25441
TEST=built and installed snow, amd-64(latitude), stumpy
Change-Id: Ie081ef94f4799b0071b53e0587d89f1247b4a11f
Reviewed-on: https://gerrit.chromium.org/gerrit/38414
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
This removes some spurious noise from the build_image output.
BUG=None
TEST=`./build_image` still worked and is quieter
Change-Id: Ic5d89a462dc137a1a710f77dc16cee401e0083b2
Reviewed-on: https://gerrit.chromium.org/gerrit/35426
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
This reverts commit acff37652582e2abcba4295515d99d5869e34826
This broke the signing process due to changed kernel params.
Please update ensure_secure_kernelparams.config under the
cros-signing/ tree before relanding this.
Change-Id: I3be62e16299eb69bbfef9f1530d92200a2e309d7
Reviewed-on: https://gerrit.chromium.org/gerrit/34320
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Added a new flag for enabling the boot cache.
BUG=chromium-os:25441
TEST=built and ran amd64 and arm
Change-Id: Ia151d40c4b02f4353981affd321763521d972ee6
Reviewed-on: https://gerrit.chromium.org/gerrit/33617
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
BUG=chromium-os:34696
TEST=Run ensure_secure_kernelparams.sh on an image built with this change
Change-Id: I16a6f5127bdfae958f9cd0d9ce1b0c55a0f68c67
Reviewed-on: https://gerrit.chromium.org/gerrit/33888
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
This change adds support for building the disk layout from a
configuration file. It also cleans up much of the image creation
code.
install_gpt no longer exists, and has been replaced by cgpt.py's
write action. This spits out a file that has two functions that can
be called to write a partition layout to a disk/file. This gets rid
of the gigantic nest of calculations that built the layout previously.
All instances of partition/filesystem sizes in build scripts should now
be gone in favour of calls to the cgpt.py tool.
create_boot_desc has moved inside the base image creation, in an effort
to simplify build_image.
load_kernel_test is gone since it's apparently not supposed to be called
here anyway (asked wfrichar/rspangler about this one).
Base image creation now uses files rather than loop devices when
building an image. This means we can simply umount them once we're
done and not worry about cleaning up the loop device, since it's
been done for us.
Hash pad calculation has been removed. This is now set manually inside
the partition config file.
Hybrid MBR creation is gone, since it's now possible to do that in a board
specific hook (see overlay-beaglebone/scripts/board_specific_setup.sh).
OEM partition now has a filesystem, which is mounted at /usr/share/oem
during emerge so that packages can stash files here.
root_fs_dir and friends are still globals, but the long-term idea
is to make this not the case.
BUG=chromium-os:33817
TEST=All types of images and their respective flows
(VM, recovery, test, factory etc)
Change-Id: I8a596728a4d1845c930e837bea627f5b6a11c098
Reviewed-on: https://gerrit.chromium.org/gerrit/29931
Commit-Ready: Liam McLoughlin <lmcloughlin@chromium.org>
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
This CL centralizes the setting of which root device to use
in a single place. A boolean flag, --verity_is_enabled, indicates
if the the verity device should be used.
This is the first of about a half-dozen CLs to fix all the references
to dm-0.
BUG=chromium-os:25441
TEST=built images with and without verity enabled.
cbuildbot --remote -g Id6c6e766 amd64-generic-paladin daisy-paladin
Change-Id: Id6c6e766bfde3651266323f7bc94c0e1f87cea38
Reviewed-on: https://gerrit.chromium.org/gerrit/32239
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
Tested-by: Paul Taysom <taysom@chromium.org>
Currently, the scripts in src/scripts have multiple implementations
for handling when common.sh fails to load, some of which are buggy.
To simplify the boilerplate, these scripts now just exit if common.sh
fails to load. The shell itself will print the following message if
common.sh is not found:
/usr/lib/crosutils/common.sh: No such file or directory
BUG=chromium-os:32442
TEST=Run these scripts with and without common.sh installed.
Change-Id: Ie54420b6c649774f9cb039c14c80f4cf6c6ebc07
Reviewed-on: https://gerrit.chromium.org/gerrit/27058
Reviewed-by: David James <davidjames@chromium.org>
Tested-by: David James <davidjames@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Kernel and ramdisk image together are copied into a 16MB partition.
This CL logs their size when building image. If they are larger than
14MB, warning message is emitted. If they reached 16MB, building fails.
BUG=chromium-os:27739
TEST=Build success on x86 and arm.
Check log and see kernel image size logged.
Lower the size limit to 6MB and build x86 factory install shim and
see build fail.
Change-Id: I4c4895c2989b302aa0c3624127518468566d1148
Reviewed-on: https://gerrit.chromium.org/gerrit/22543
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Vic Yang <victoryang@chromium.org>
Tested-by: Vic Yang <victoryang@chromium.org>
Currently, if set -e spots a nonzero exit we basically have
no real debug information- it just stops immediately without stating
where or why. This forces our scripts to be stupidly verbose so
we can track roughly where they were, thus when they fail we can
use that information to localize the rough exit point.
Instead we should be traping that set -e induced exit and
outputing necessary debug information to run it down. This includes
outputing the relevant stack trace, or at least what we can get of
it.
The 'die' function is now enhanced to automatically dump the trace
that lead to it. For most consumers this is desired- however for
commandline parsing induced dies ("--board is missing" for example),
the trace is noise. For those cases, a 'die_notrace' function was
added that retains the original non-backtrace behaviour.
Example output via instrumenting cros_generate_breakpad_symbols
w/ the failing command '/bin/false' (nonzero exit code).
Before:
./cros_generate_breakpad_symbols monkeys --board=x86-alex
<no output at all, just exit code 1>
With this CL:
./cros_generate_breakpad_symbols monkeys --board=x86-alex
ERROR : script called: ./cros_generate_breakpad_symbols 'monkeys' '--board=x86-alex'
ERROR : Backtrace: (most recent call is last)
ERROR : file cros_generate_breakpad_symbols, line 207, called: main 'monkeys' '--board=x86-alex'
ERROR : file cros_generate_breakpad_symbols, line 163, called: die_err_trap '/bin/false' '1'
ERROR :
ERROR : Command failed:
ERROR : Command '/bin/false' exited with nonzero code: 1
BUG=chromium-os:30598
TEST=inject a failing command into a script, verify the output.
TEST=inject a 'command not found', verify the output
TEST=cbuildbot x86-generic-full --remote
TEST=cbuildbot arm-tegra2-full --remote
TEST=cbuildbot chromiumos-sdk --remote
Change-Id: I517ffde4d1bb7e2310a74f5a6455b53ba2dea86c
Reviewed-on: https://gerrit.chromium.org/gerrit/17225
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>
Commit-Ready: Brian Harring <ferringb@chromium.org>
Newer versions of util-linux's mount utility will not show:
/dev/loop0 on /some/path type ext3 (mount,opts)
Instead, it finds out the file backing /dev/loop0 and outputs:
/some/file on /some/path type ext3 (mount,opts)
This breaks the make_image_bootable helper that attempts to look up the
loop device that mount_gpt_image.sh happened to pick.
Let's scuttle the idea of parsing `mount` and move directly to what the
kernel has to say via /proc/mounts. Hopefully the ABI there should be
quite a bit more stable.
BUG=None
TEST=build_image works with mount from util-linux-2.16
TEST=build_image (before change) fails with mount from util-linux-2.19
TEST=build_image works with mount from util-linux-2.19
Change-Id: I66908800e82ff2e106face9d57773721e400dc2a
Reviewed-on: https://gerrit.chromium.org/gerrit/11869
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
This will prevent the recovery kernel from having a different salt from the
rootfs it corresponds to.
BUG=chromium-os:20766
TESTED_ON=kaen
TEST=Adhoc
Build a recovery image and do recovery from it.
Change-Id: I96f735e527d807247e09e17aac1ed5b51367f0ef
Signed-off-by: Elly Jones <ellyjones@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/8288
Right now, output directories are hardcoded in boot.desc. This means that
cros_make_image_bootable will still write to the directories mentioned in
build_image, even if it's working on a different directory. This can
mess with the buildbot, because it can cause cros_make_image_bootable
to mess with the files created for existing images.
This change fixes flaky failures where the buildbot fails with warnings
stating that vmlinuz_hd.vblock does not exist. See bug 19956.
BUG=chromium-os:19956
TEST=Run full canary trybot run and verify cros_make_image_bootable uses
files from the right directory now.
Change-Id: Ib390aa84570b077cbc8b69b757998056acc091ea
Reviewed-on: http://gerrit.chromium.org/gerrit/7282
Reviewed-by: Will Drewry <wad@chromium.org>
Tested-by: David James <davidjames@chromium.org>
This give users the choice to have rootfs formatted with squashfs.
When --squash_image is specified, the rootfs will be formatted to squashfs.
Users can also use --squash_sort_file to specify the file priority when
squashfs is created.
BUG=None
TEST=Manually tested "--squash_image", and the image can be installed
from USB stick. Also tried "--squash_sort_file=sort-prio.list", and files
in squashfs are sorted.
Change-Id: I5fd818ac9d1203598926efa82e94fa105cd86ebc
Reviewed-on: http://gerrit.chromium.org/gerrit/5664
Tested-by: Da Zheng <zhengda@chromium.org>
Reviewed-by: Da Zheng <zhengda@chromium.org>
When first creating an image, vmlinuz was extracted from /boot, and
installed in its place in the kernel partition. However, none of
that was necessary, because cros_make_image_bootable walks over the
same ground later in the build process.
BUG=chromium-os:17390
TEST=build_image, boot base and dev images on ZGB and legacy device
TEST=inspect build output directory, to confirm no stray artifacts
Change-Id: Iaf332b6603e0bcb17585adbc95a7b65bb8bfe790
Reviewed-on: http://gerrit.chromium.org/gerrit/5107
Tested-by: Richard Barnette <jrbarnette@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
When first creating an image, vmlinuz was extracted from /boot, and
installed in its place in the kernel partition. However, none of
that was necessary, because cros_make_image_bootable walks over the
same ground later in the build process.
BUG=chromium-os:17390
TEST=build_image, boot base and dev images on ZGB and legacy device
TEST=inspect build output directory, to confirm no stray artifacts
Change-Id: Icd4902f5a823241f24eb64f68f80c8e5e5198341
Reviewed-on: http://gerrit.chromium.org/gerrit/4928
Reviewed-by: Richard Barnette <jrbarnette@chromium.org>
Tested-by: Richard Barnette <jrbarnette@chromium.org>
This is being done so that the image parser run by the bots
can still parse images built with this flag
BUG=chromium-os:18299
TEST=Wait for bots to cycle green with old images
Change-Id: Ibebe62f0db60ab3a57e04964f872398028ee48c8
Reviewed-on: http://gerrit.chromium.org/gerrit/4824
Reviewed-by: David James <davidjames@chromium.org>
Tested-by: Puneet Kumar <puneetster@chromium.org>
Reviewed-by: Puneet Kumar <puneetster@chromium.org>
This reverts commit 451f36e4a8635672cc3c6e555806a895def52608.
Last time I removed the --crosbug12352_arm_kernel_signing flag, buildbot
failed. The reason seemed to be that buildbot still passing this flag to
build_image. However, I cannot find anywhere in the log that indicates
buildbot did pass this flag to build_image. So I think the last failure
should be transient and it is good to obsolete this flag.
BUG=chromium-os:12352
TEST=build_image
TEST=load_kernel_test -b 2 /path/to/image /path/to/recovery_key.vbpubk
Change-Id: Ic757eb2dc4304e7205b483063335f8816b536433
Reviewed-on: http://gerrit.chromium.org/gerrit/4794
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Since now the arm firmware can parse %U as x86 bios, and kernel can
parse PARTNROFF=%d, we are able to generate kernel command line with
such construct.
BUG=chromium-os:14022,15683
TEST=manual
1. Build image with root filesystem verification turns off
2. Boot successfully
3. Run 'cat /proc/cmdline' and validate its output
4. Run 'rootdev' and validate its output
Change-Id: I11de0a30928efe9d9b0149feb3389a2f30063516
Reviewed-on: http://gerrit.chromium.org/gerrit/1104
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: <nsanders@google.com>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Every developer image (and test images based on the developer image) should
include "cros_debug" in the kernel commandline. This flag is used by the
crossystem application to determine if the image being run is a developer
image. cros_make_image_bootable receives a new flag, --force_developer_mode
that appends "cros_debug" to the boot args.
BUG=chromium-os:16951
TEST=build images. Flash a base image and confirm the absence of "cros_debug"
in /proc/cmdline. Flash the developer image and confirm the existence of the
string.
Change-Id: I9f748638b5dac384be991908239e8b447ddf3b5e
Reviewed-on: http://gerrit.chromium.org/gerrit/3169
Tested-by: Arkaitz Ruiz Alvarez <arkaitzr@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
cros_make_image_bootable is called up to 4 times in a typical workflow. The fsck
check can take up to a minute or more because it first copies 2G of the image to
run the fsck on. It adds several minutes to the build.
The check itself is just a sanity check that shouldn't trigger in normal builds.
BUG=none
TEST=build_image
Change-Id: I86512f7efc67027fe687f0c0ad8f6df32579dbe2
Reviewed-on: http://gerrit.chromium.org/gerrit/2250
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Reviewed-by: David James <davidjames@chromium.org>
Tested-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
This commit is a part of transition to enable ARM kernel signing. It is
at first an option that is enabled manually, and then (in this commit)
enabled by default. After more tests, the scripts that generate unsigned
ARM kernel partition will probably be removed.
BUG=chromium-os:12352
TEST=./build_image && load_kernel_test -b 2 /path/to/chromiumos_image.bin /usr/share/vboot/devkeys/recovery_key.vbpubk
Change-Id: I7d4ecc566f9c5cc0106a7af59255fc63fdfe017a
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Rong Chang <rongchang@chromium.org>
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>
Reviewed-on: http://gerrit.chromium.org/gerrit/1319
Tested-by: Nick Sanders <nsanders@chromium.org>
This commit is a part of transition to enable ARM kernel signing. It is
at first an option that is enabled manually, and then (in this commit)
enabled by default. After more tests, the scripts that generate unsigned
ARM kernel partition will probably be removed.
BUG=chromium-os:12352
TEST=./build_image && load_kernel_test -b 2 /path/to/chromiumos_image.bin /usr/share/vboot/devkeys/recovery_key.vbpubk
Change-Id: I6d48d1603cd7c96514892bcbbf8994b2d4cc2a08
Reviewed-on: http://gerrit.chromium.org/gerrit/512
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Verity only supports a depth of 0. Passing anything other than 0 will
cause a verity failure.
BUG=14314
TEST=Verified that verity does not fail when do depth is passed.
Before this change, verity would fail with the error message
reported in the bug.
Change-Id: I68495c4486284744ee0779b6c9cdc0ef214519c7
R=gauravsh@google.com,scottz@google.com,drewry@google.com
Review URL: http://codereview.chromium.org/6873134
For now arm kernel partitions are not signed. This CL is a transitionsl.
That is, the added flag should be removed after arm verified boot is stable.
To properly create an arm kernel partition, we also need another CL for
vbutil_kernel utility that turns off x86-only modifications on kernel
image. See CL:6538015.
BUG=chromium-os:3790,chromium-os:12352
TEST=see below
Build images for x86 and arm successfully, and notice that load_kernel_test
passes for x86 and signed arm image.
$ build_image --board=tegra2_seaboard --crosbug12352_arm_kernel_signing
$ build_image --board=tegra2_seaboard --nocrosbug12352_arm_kernel_signing
$ build_image --board=x86-generic
Review URL: http://codereview.chromium.org/6538014
Change-Id: I1be381bae2fc367a0603ac2ec67ee70fc9a257e4
