Install shim images are broken when booting from legacy x86 BIOS. The
install shim relies upon "cros_factory_install" being passed as a boot
flag. This flag is never passed to create_legacy_bootloader_templates,
so the install shim flow is broken.
This change passes the boot args flags to create_legacy_bootloader... so
the install shim will function normally.
TEST=Create factory_install image, verify correct boot w/ x86 BIOS.
BUG=chrome-os-partner:15661
Change-Id: I46b2be188f48b7626bfd3235d5788410c7488c42
Reviewed-on: https://gerrit.chromium.org/gerrit/36590
Tested-by: Shawn Nematbakhsh <shawnn@google.com>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Shawn Nematbakhsh <shawnn@google.com>
BUG=None
TEST=build_image
Change-Id: Ib1ff8ac57b48402d2353d33413b936e5a6627176
Reviewed-on: https://gerrit.chromium.org/gerrit/28120
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
BUG=chromium-os:35605
TEST=emerge-$board chromeos-kernel does not show hardened warnings on debug
files.
Change-Id: I0396ef9f964ad435602f65db6192429521906de1
Reviewed-on: https://gerrit.chromium.org/gerrit/36397
Tested-by: asharif <asharif@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: asharif <asharif@chromium.org>
BUG=none
TEST=Build image for board that requires hybrid MBR without this flag and
verify it boots
Change-Id: Idfb7886c28bb887f5fca4607824a5bbf5255fb98
Reviewed-on: https://gerrit.chromium.org/gerrit/36248
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Users sometimes want to run gclient inside the chroot, so we shouldn't
tell users that using it is a bad idea.
The original reason why this message was added is historical: Originally,
users had a newer version of SVN inside the chroot compared to on their
workstation, so if you ran SVN inside the chroot it would permanently upgrade
your working copy such that the version of SVN outside the chroot did not work
with it anymore. This isn't a problem anymore, so we can remove the message.
BUG=none
TEST=Run remote trybot runs of chromiumos-sdk
Change-Id: I7b82a5c94e29d5928f4bb296ae2d99cef397d365
Reviewed-on: https://gerrit.chromium.org/gerrit/36346
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Tested-by: David James <davidjames@chromium.org>
This CL adjusts all scripts to use cros_list_overlays from chromite
instead of cros_overlay_list.
BUG=chromium-os:35514
TEST=Trybot runs with all callers adjusted to use
cros_list_overlays instead of cros_overlay_list.
CQ-DEPEND=CL:36191
Change-Id: I6b147a64744015f6b199b2a00493e6f1e030376b
Reviewed-on: https://gerrit.chromium.org/gerrit/36167
Tested-by: David James <davidjames@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
Upgraded media-fonts/dejavu to version 2.33 from 2.29 on amd64, arm, x86
The change list is available at http://dejavu-fonts.org/wiki/Changelog
BUG=chromium-os:18766
TEST=1. Build works fine and the following data url shows playing card
characters:
data:text/html,🂠🂡🂢🂣🂤
2. Go to the terminal with a full shell and run the following:
$ fc-match -v 'DejaVu Sans' | grep fontversion
The version in integer should be 152698 (= 2.33)
Change-Id: I74ba44dc5b5108add74088ef726d9581e62c08e9
Reviewed-on: https://gerrit.chromium.org/gerrit/34842
Commit-Ready: Jungshik Shin (jungshik at google) <jshin@chromium.org>
Reviewed-by: Jungshik Shin (jungshik at google) <jshin@chromium.org>
Tested-by: Jungshik Shin (jungshik at google) <jshin@chromium.org>
We are coming close to filling the rootfs size, so just make it bigger.
TEST=build_image, image_to_live, recovery, USB install, trybot
BUG=chromium-os:35086
CQ-DEPEND=CL:*27626
CQ-DEPEND=CL:*27627
CQ-DEPEND=CL:*27628
CQ-DEPEND=CL:*27632
Change-Id: Ida27761dbcf59e5553b10789a068e9cd6c1887ee
Reviewed-on: https://gerrit.chromium.org/gerrit/35477
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Don Garrett <dgarrett@chromium.org>
If the image happens to be full but didn't run out of space,
then don't dump the filesystem debug output. Only do it when
we're erroring out.
BUG=chromium-os:35083
TEST=`./build_image --board=x86-alex` still worked
Change-Id: Ia585b43273cc891aaaebe0fe08aedec78c91055e
Reviewed-on: https://gerrit.chromium.org/gerrit/35885
Reviewed-by: David James <davidjames@chromium.org>
Reviewed-by: Peter Mayo <petermayo@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Upgraded net-dialup/minicom to version 2.6.
Compared to our former version 2.3, version 2.6 includes "-D" which is
useful when minicom to connect to a board serial port with servo.
BUG=None
TEST=emerge-link minicom and run "minicom -D /dev/pts/X" on link
trybot build on x86 and arm :
cbuildbot --remote -g 'I0e32686f93c7f4472e6d9c5251fce3b2236680b3'
x86-generic-paladin amd64-generic-paladin daisy-paladin
Change-Id: I0e32686f93c7f4472e6d9c5251fce3b2236680b3
Reviewed-on: https://gerrit.chromium.org/gerrit/35610
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Right now, archive_hwqual extracts the test image from image.zip.
This dependency between archive_hwqual and the image zipfile is
a bit of a landmine because it's currently undocumented and not
tested by unit tests or the commit queue. Fortunately, we can
remove this dependency, as the test image already lives in the
image dir. This simplification also speeds up the archive stage
by removing unnecessary unzipping.
This CL teaches archive_hwqual to look in the image dir instead
of re-extracting the test image from the image.zip file. This
will allow me to later decouple the image.zip creation from
the creation of the hwqual tarball.
BUG=chromium-os:35331
CQ-DEPEND=CL:35590
TEST=canary remote trybot run.
Change-Id: I5930f06f58a9b63afa9ab3445823ed9fd0c2a2e2
Reviewed-on: https://gerrit.chromium.org/gerrit/35588
Tested-by: David James <davidjames@chromium.org>
Reviewed-by: Chris Sosa <sosa@chromium.org>
Reviewed-by: Ryan Cui <rcui@chromium.org>
Commit-Ready: David James <davidjames@chromium.org>
The process of bootstrapping the chroot from sources was
failing for several reasons when run from behind a firewall
with proxies. The llvm build was failing due to inability
to checkout sources through subversion using the
subversion.eclass wrapper (the "normal" way to do this in
the ebuild environment). This was because the user's
subversion configuration (including proxy settings) was not
inherited from $HOME/.subversion into the in-chroot sandbox
used by subversion.eclass.
This change creates symbolic links in the subversion.eclass
sandboxes for host and target builds in the chroot to fix
any build that uses the normal subversion.eclass for
checkouts. The operation is done at enter_chroot time so
that it applies to both ordinary builds and chroot creation
(via early_enter_chroot).
BUG=none
TEST='cros_sdk --replace --enter' behind proxied firewall
Change-Id: I0af2128866bb95799dc07c728c75cf3f2a0af7a3
Reviewed-on: https://gerrit.chromium.org/gerrit/34291
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: paul drews <paul.drews@intel.com>
Tested-by: paul drews <paul.drews@intel.com>
Building the chroot environment from sources using
"--bootstrap" currently runs into a circular dependency:
curl->openssl->git->curl
The openssl->git dependency comes indirectly from the fact
that the current version of openssl uses the "cros-workon"
ebuild package to assist in applying packages. The ebuild
system automatically and silently resolves this circular
dependency by reverting the openssl library to an earlier
version that does not use cros-workon based patching.
Unfortunately this older version of openssl has a bug that
causes it not to work when doing builds in a firewalled
environment: When curl (using this older version of openssl
library) attempts to fetch an "https" url, it authenticates
the target server against a bundle of certificate-authority
certificates it maintains. Finding the certificate fails
(although the validation succeeds if curl is told explicitly
what certificate to use). With the certificate not-found,
server authentication fails, the curl download fails, and
the build ultimately fails.
This patch breaks the circular dependency, allowing a
more-current version of openssl to be used in curl, making
the above build scenario work in a firewalled environment.
The circularity is broken by first building git without curl
support (and webdav that depends on curl). Then early
toolchain components up through and including curl are
built. This build of curl then uses a more up-to-date
version of openssl with the desired bug-fix. Once curl is
built, then git is re-built and re-installed with the
now-installed version of curl (re-)enabled.
BUG=None
TEST=create chroot with --bootstrap ; build_packages (behind firewall)
Change-Id: Iaa560fdb6623fcb73cde066a3b2bc2a342169c62
Reviewed-on: https://gerrit.chromium.org/gerrit/34292
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: paul drews <paul.drews@intel.com>
Tested-by: paul drews <paul.drews@intel.com>
Changed KEYWORDS to enable x86, amd64, and arm.
BUG=chromium-os:34103
TEST=remote trybot runs for x86, amd64, arm targets.
Change-Id: I10545517231e0aeb48dd75bbf1c007c67fd32682
Reviewed-on: https://gerrit.chromium.org/gerrit/32410
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
CL:33868 (7b6f377c58) introduced a
breakage in the "cros_sdk --replace --bootstrap" scenario.
The make_chroot.sh script invokes early_enter_chroot before
invoking init_setup. The chroot/etc/profiles.d directory is
created in init_setup, but the referenced change was
expecting to create a file in that directory in the context
of early_enter_chroot before the directory was created.
This led to a "no such file or directory" error when trying
to create the file.
This change does a "mkdir -p" of the referenced directory
before putting things in it in the context of
early_enter_chroot. The filename is also fixed to the name
expected elsewhere in the scripts.
BUG=none
TEST=cros_sdk --replace --bootstrap
Change-Id: I6ac0467117d7b0dd413695153469b367d56c256c
Reviewed-on: https://gerrit.chromium.org/gerrit/34958
Commit-Ready: Brian Harring <ferringb@chromium.org>
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>
Copied from Gentoo, unmasked on our archs.
BUG=chromium-os:21369
TEST=emerge-${BOARD} sbc
Change-Id: Ib90efef0f9edee20dbaee02001e5b1cbc046006c
Reviewed-on: https://gerrit.chromium.org/gerrit/34936
Reviewed-by: David James <davidjames@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Scott James Remnant <keybuk@chromium.org>
Commit-Ready: Scott James Remnant <keybuk@chromium.org>
Add more sanity checks to the input .json file to catch when people
make typos or other random mistakes.
BUG=None
TEST=loaded all .json files we have
Change-Id: Ibc2439684628225da43639c2fac25958b5fa794e
Reviewed-on: https://gerrit.chromium.org/gerrit/34708
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
There is no need to call .close() ourself in a with block.
We can also use a with block in the WritePartitionScript func.
BUG=None
TEST=build_image still works
Change-Id: I53b31ba96c94e885b1d4415889b5d2a9691ccda1
Reviewed-on: https://gerrit.chromium.org/gerrit/34707
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
When this was pulled in originally, it was marked as 1.1.0; the tarball
we were using wasn't 1.1.0, it was a release candidate. As such,
rename the tarball on our mirrors, and rename it locally.
BUG=chromium-os:35116
TEST=manual; manifest run, same checksums == things are back to normal.
Change-Id: I98f86796e477ad82bc861c225b7560b4d41a076b
Reviewed-on: https://gerrit.chromium.org/gerrit/34905
Commit-Ready: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>
The "update_partition_table" routine is used by mod_image_for_recovery.sh
and ~/trunk/src/platform/dev/host/tests/mod_recovery_for_decryption.sh.
This moves the routine into a common location so future changes will not
break things. Additional removes the duplicate okboat/failboat
definitions from mod_image_for_recovery.sh since those are in a common
place already.
This change does not fix the stateful resize logic part of the bug, but
does move the code into a single place so mod_recovery_for_decryption.sh
can use it once it has been fixed.
BUG=chromium-os:35003
TEST=created working recovery image
Change-Id: Ibcd5289389dcadf58ccf0678ecfb29095848b247
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34678
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Add a script so devs can run signer security tests themselves to
make sure they don't break them.
BUG=chromium-os:19543
TEST=`cbuildbot lumpy-release` passed and ran signer tests
Change-Id: I68cc3ec19616be3c91a1a14550cb38c2e6f2503d
Reviewed-on: https://gerrit.chromium.org/gerrit/34326
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Last time I did this, it introduced <http://crosbug.com/34622>, but I think the
root cause of that bug was fixed by
<https://gerrit.chromium.org/gerrit/#/c/34215/>, so let's give this another go.
BUG=chromium-os:30525
TEST=trybot
Change-Id: I464badc602926ee99073f0deb5f4f7d66c6a9fc0
Signed-off-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34370
Reviewed-by: Mike Frysinger <vapier@chromium.org>
The factory test image uses third party kernel modules from /usr/local.
Since it builds with verity enabled, the module restrictions must be
disabled in the command line instead of via run-time sysctl values
(which are not available if verity is enabled).
BUG=chromium-os:34134
TEST=parrot build, manual testing
Change-Id: Ibfc3332eac88e3748f2c81d6dce1a595dd16c055
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/34321
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Reviewed-by: Joseph Shyh-In Hwang <josephsih@chromium.org>
This reverts commit acff376525
This broke the signing process due to changed kernel params.
Please update ensure_secure_kernelparams.config under the
cros-signing/ tree before relanding this.
Change-Id: I3be62e16299eb69bbfef9f1530d92200a2e309d7
Reviewed-on: https://gerrit.chromium.org/gerrit/34320
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This is forced by cros_sdk; in conjunction w/ this,
drop --distfiles and mangle the chroot on during entrance
dropping a symlink in the old /var/cache/distfiles location
pointing to the new mounted cache_dir location.
Additionally, thread CHROMEOS_CACHEDIR down through the end.
Do this without relying on a version upgrade script- we can't
require they be run before entering, thus we exploit the fact
that cros_sdk explicitly forces a write lock to do the upgrade,
if we see the old form we know we can do the upgrade w/out
worrying about collisions.
CQ-DEPEND=CL:33871
BUG=chromium-os:34457
TEST=manual testing.
Change-Id: I6805266e3ec683f05d3ba615f9e8840642a28e48
Reviewed-on: https://gerrit.chromium.org/gerrit/33868
Commit-Ready: Brian Harring <ferringb@chromium.org>
Reviewed-by: Brian Harring <ferringb@chromium.org>
Tested-by: Brian Harring <ferringb@chromium.org>
Added a new flag for enabling the boot cache.
BUG=chromium-os:25441
TEST=built and ran amd64 and arm
Change-Id: Ia151d40c4b02f4353981affd321763521d972ee6
Reviewed-on: https://gerrit.chromium.org/gerrit/33617
Tested-by: Paul Taysom <taysom@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Commit-Ready: Paul Taysom <taysom@chromium.org>
enter_chroot.sh was not updating /etc/hosts from the out-of-chroot
environment. Make it do that.
BUG=None
TEST=locally
Change-Id: Ieaa337ae90dbc0700c42fa7e4b96faf12d3968cb
Reviewed-on: https://gerrit.chromium.org/gerrit/34226
Reviewed-by: David James <davidjames@chromium.org>
Commit-Ready: Ryan Cui <rcui@chromium.org>
Tested-by: Ryan Cui <rcui@chromium.org>
Looks like the func was copy & pasted, so delete the first one (which
doesn't get used). Then expand on the existing func to also generate
a mount and an umount script.
BUG=None
TEST=ran build_image, then tested the mount/umount and unpack/pack scripts
Change-Id: I34a372c7b4858b8e9057a29b2eb58c38d547eadd
Reviewed-on: https://gerrit.chromium.org/gerrit/33929
Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org>
Tested-by: Liam McLoughlin <lmcloughlin@chromium.org>
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Make it possible to run chromeos-install without root
BUG=none
TEST=Build image, chromeos-install, verify ROOT-B is full size
Change-Id: Id506f1e5a6f8b8ee03ea1bdd621aaab1239bca2c
Reviewed-on: https://gerrit.chromium.org/gerrit/34081
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Chris Masone <cmasone@chromium.org>
Tested-by: Chris Masone <cmasone@chromium.org>
Chromium OS images use xf86-input-cmt for the multitouch trackpads in
official Chromebooks.
For the trackpads on non-chromebooks, the X.org maintained
xf86-input-synaptics driver is also included in the chromium os image.
Currently, this uses a (stock) out-of-date pre-release ebuild maintanied
in the chromiumos-overlay.
It is more appropriate to store unmodified ebuilds in the portage-stable
overlay.
As a bonus, uprev to latest stable[*].
[*] This patch also marks the upstream version as stable for arm.
A separate commit removes the xf86-input-synaptics ebuild from the
chromiumos-overlay.
BUG=chromium-os:31764
TEST=cbuildbot --remote -g <gerrit ID> {x86,amd64,arm}-generic-full
Change-Id: I6e8fd3d6c35f06c677b8839700e0c7bdb224201f
Reviewed-on: https://gerrit.chromium.org/gerrit/33759
Commit-Ready: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Daniel Kurtz <djkurtz@chromium.org>
Tested-by: Daniel Kurtz <djkurtz@chromium.org>
The CURR counter wasn't being correctly incremented for the stateful
partition resulting in an invalid layout
BUG=chromium-os:34715
TEST=Build image and verify it can be installed
Change-Id: Ie2f90d2e51e34e2056414363d7b2b42413018322
Reviewed-on: https://gerrit.chromium.org/gerrit/33928
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>
Tested-by: Olof Johansson <olofj@chromium.org>
