mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-09 22:16:58 +02:00
9ca3e4c0fe
This will prevent the recovery kernel from having a different salt from the rootfs it corresponds to. BUG=chromium-os:20766 TESTED_ON=kaen TEST=Adhoc Build a recovery image and do recovery from it. Change-Id: I96f735e527d807247e09e17aac1ed5b51367f0ef Signed-off-by: Elly Jones <ellyjones@chromium.org> Reviewed-on: http://gerrit.chromium.org/gerrit/8288
271 lines
10 KiB
Bash
Executable File
271 lines
10 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Script to build a bootable keyfob-based chromeos system image from within
|
|
# a chromiumos setup. This assumes that all needed packages have been built into
|
|
# the given target's root with binary packages turned on. This script will
|
|
# build the Chrome OS image using only pre-built binary packages.
|
|
|
|
SCRIPT_ROOT=$(dirname "$0")
|
|
. "${SCRIPT_ROOT}/build_library/build_common.sh" || exit 1
|
|
|
|
|
|
DEFINE_string board "${DEFAULT_BOARD}" \
|
|
"The board to build an image for."
|
|
DEFINE_string build_root "/build" \
|
|
"The root location for board sysroots."
|
|
DEFINE_integer build_attempt 1 \
|
|
"The build attempt for this image build."
|
|
DEFINE_string output_root "${DEFAULT_BUILD_ROOT}/images" \
|
|
"Directory in which to place image result directories (named by version)"
|
|
DEFINE_boolean replace ${FLAGS_FALSE} \
|
|
"Overwrite existing output, if any."
|
|
DEFINE_boolean withdev ${FLAGS_TRUE} \
|
|
"Include useful developer friendly utilities in the image."
|
|
DEFINE_integer jobs -1 \
|
|
"How many packages to build in parallel at maximum."
|
|
DEFINE_boolean statefuldev ${FLAGS_TRUE} \
|
|
"Install development packages on stateful partition rather than the rootfs"
|
|
DEFINE_boolean test ${FLAGS_FALSE} \
|
|
"Modify the image for automated testing"
|
|
DEFINE_boolean factory ${FLAGS_FALSE} \
|
|
"Modify the image for manufacturing testing"
|
|
DEFINE_boolean factory_install ${FLAGS_FALSE} \
|
|
"Build a smaller image to overlay the factory install shim on; this argument \
|
|
is also required in image_to_usb."
|
|
DEFINE_integer rootfs_partition_size 1024 \
|
|
"rootfs partition size in MiBs."
|
|
DEFINE_integer rootfs_size 850 \
|
|
"rootfs filesystem size in MiBs."
|
|
# ceil(0.1 * rootfs_size) is a good minimum.
|
|
DEFINE_integer rootfs_hash_pad 8 \
|
|
"MiBs reserved at the end of the rootfs image."
|
|
DEFINE_integer statefulfs_size 1024 \
|
|
"stateful filesystem size in MiBs."
|
|
DEFINE_boolean fast ${DEFAULT_FAST} \
|
|
"Call many emerges in parallel"
|
|
DEFINE_string boot_args "noinitrd" \
|
|
"Additional boot arguments to pass to the commandline"
|
|
|
|
DEFINE_string usb_disk /dev/sdb3 \
|
|
"Path syslinux should use to do a usb boot. Default: /dev/sdb3"
|
|
|
|
DEFINE_boolean enable_rootfs_verification ${FLAGS_TRUE} \
|
|
"Default all bootloaders to use kernel-based root fs integrity checking."
|
|
DEFINE_integer verity_error_behavior 3 \
|
|
"Kernel verified boot error behavior (0: I/O errors, 1: panic, 2: nothing, \
|
|
3: cros) Default: 3"
|
|
DEFINE_integer verity_max_ios -1 \
|
|
"Number of outstanding I/O operations dm-verity caps at. Default: -1"
|
|
DEFINE_string verity_algorithm "sha1" \
|
|
"Cryptographic hash algorithm used for kernel vboot. Default : sha1"
|
|
DEFINE_string verity_salt "" \
|
|
"Root filesystem salt. Default: randomly generated."
|
|
DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \
|
|
"Install standard backdoor credentials for testing"
|
|
DEFINE_string symlink "latest" \
|
|
"Symlink name to use for this image."
|
|
|
|
# TODO(clchiou): Remove this flag after buildbot is fixed
|
|
DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
|
|
"A dummy this flag for preventing buildbot fail"
|
|
|
|
# Parse command line.
|
|
FLAGS "$@" || exit 1
|
|
eval set -- "${FLAGS_ARGV}"
|
|
|
|
# Only now can we die on error. shflags functions leak non-zero error codes,
|
|
# so will die prematurely if 'set -e' is specified before now.
|
|
set -e
|
|
|
|
# Determine build version.
|
|
OVERLAY_CHROMEOS_DIR="${SRC_ROOT}/third_party/chromiumos-overlay/chromeos"
|
|
. "${OVERLAY_CHROMEOS_DIR}/config/chromeos_version.sh" || exit 1
|
|
|
|
# N.B. Ordering matters for some of the libraries below, because
|
|
# some of the files contain initialization used by later files.
|
|
. "${BUILD_LIBRARY_DIR}/board_options.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/build_gpt.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/mount_gpt_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/build_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/base_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/dev_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/test_image_util.sh" || exit 1
|
|
. "${BUILD_LIBRARY_DIR}/test_image_content.sh" || exit 1
|
|
|
|
# Look at flags to determine which image types we should build
|
|
if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then
|
|
if [ ${FLAGS_factory} -eq ${FLAGS_TRUE} ]; then
|
|
info "Incompatible flags: --factory and --factory_install cannot both be \
|
|
set to True. Resetting --factory to False."
|
|
FLAGS_factory=${FLAGS_FALSE}
|
|
fi
|
|
if [ ${FLAGS_test} -eq ${FLAGS_TRUE} ]; then
|
|
info "Incompatible flags: --test and --factory_install cannot both be \
|
|
set to True. Resetting --test to False."
|
|
FLAGS_test=${FLAGS_FALSE}
|
|
fi
|
|
# Disable --withdev flag when --factory_install is set to True. Otherwise, the
|
|
# dev image produced will be based on install shim, rather than a pristine
|
|
# image
|
|
if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ]; then
|
|
info "Incompatible flags: --withdev and --factory_install cannot both be \
|
|
set to True. Resetting --withdev to False."
|
|
FLAGS_withdev=${FLAGS_FALSE}
|
|
fi
|
|
fi
|
|
if [ ${FLAGS_factory} -eq ${FLAGS_TRUE} ]; then
|
|
if [ ${FLAGS_test} -eq ${FLAGS_FALSE} ]; then
|
|
info "Incompatible flags: --factory implies --test. Resetting --test to \
|
|
True."
|
|
FLAGS_test=${FLAGS_TRUE}
|
|
fi
|
|
fi
|
|
if [ ${FLAGS_test} -eq ${FLAGS_TRUE} ]; then
|
|
if [ ${FLAGS_withdev} -eq ${FLAGS_FALSE} ]; then
|
|
info "Incompatible flags: --test implies --withdev. Resetting --withdev \
|
|
to True."
|
|
FLAGS_withdev=${FLAGS_TRUE}
|
|
fi
|
|
fi
|
|
|
|
# Reduce the size of factory install shim.
|
|
if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then
|
|
# TODO: Build a separated ebuild for the install shim to reduce size.
|
|
INSTALL_MASK="${INSTALL_MASK} ${FACTORY_INSTALL_MASK}"
|
|
|
|
info "Fixing the rootfs size at 300 MiB for install shim"
|
|
FLAGS_rootfs_size=280
|
|
FLAGS_rootfs_partition_size=300
|
|
info "Fixing the statefulfs size at 140 MiB for install shim"
|
|
FLAGS_statefulfs_size=140
|
|
fi
|
|
|
|
if [ $((FLAGS_rootfs_size + FLAGS_rootfs_hash_pad)) -gt \
|
|
${FLAGS_rootfs_partition_size} ] ; then
|
|
die "rootfs ($((FLAGS_rootfs_size + FLAGS_rootfs_hash_pad)) MiB) is \
|
|
bigger than partition (${FLAGS_rootfs_partition_size} MiB)."
|
|
fi
|
|
|
|
# If we are creating a developer image, also create a pristine image with a
|
|
# different name.
|
|
# TODO(vlaviano): fix all image names to match those in uploaded archive
|
|
DEVELOPER_IMAGE_NAME=
|
|
PRISTINE_IMAGE_NAME=chromiumos_image.bin
|
|
if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ]; then
|
|
PRISTINE_IMAGE_NAME=chromiumos_base_image.bin
|
|
DEVELOPER_IMAGE_NAME=chromiumos_image.bin
|
|
# Rename pristine image for factory install shim
|
|
elif [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then
|
|
PRISTINE_IMAGE_NAME=factory_install_shim.bin
|
|
fi
|
|
|
|
PRISTINE_IMG="${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}"
|
|
DEVELOPER_IMG="${OUTPUT_DIR}/${DEVELOPER_IMAGE_NAME}"
|
|
TEST_IMG="${OUTPUT_DIR}/${CHROMEOS_TEST_IMAGE_NAME}"
|
|
FACTORY_IMG="${OUTPUT_DIR}/${CHROMEOS_FACTORY_TEST_IMAGE_NAME}"
|
|
|
|
ROOT_FS_DIR="${OUTPUT_DIR}/rootfs"
|
|
STATEFUL_FS_DIR="${OUTPUT_DIR}/stateful_partition"
|
|
ESP_FS_DIR=${OUTPUT_DIR}/esp
|
|
|
|
DEVKEYSDIR="/usr/share/vboot/devkeys"
|
|
|
|
# ${DEV_IMAGE_ROOT} specifies the location of where developer packages will
|
|
# be installed on the stateful dir. On a Chromium OS system, this will
|
|
# translate to /usr/local.
|
|
DEV_IMAGE_ROOT="${STATEFUL_FS_DIR}/dev_image"
|
|
|
|
eclean-$BOARD -d packages
|
|
|
|
check_blacklist
|
|
|
|
# Check that the build root is sane.
|
|
"${BUILD_LIBRARY_DIR}/test_build_root" --root="${BOARD_ROOT}"
|
|
|
|
# Hack to fix bug where x86_64 CHOST line gets incorrectly added.
|
|
# ToDo(msb): remove this hack.
|
|
PACKAGES_FILE="${BOARD_ROOT}/packages/Packages"
|
|
sudo sed -e "s/CHOST: x86_64-pc-linux-gnu//" -i "${PACKAGES_FILE}"
|
|
|
|
# Handle existing directory.
|
|
if [[ -e "${OUTPUT_DIR}" ]]; then
|
|
if [[ ${FLAGS_replace} -eq ${FLAGS_TRUE} ]]; then
|
|
sudo rm -rf "${OUTPUT_DIR}"
|
|
else
|
|
echo "Directory ${OUTPUT_DIR} already exists."
|
|
echo "Use --build_attempt option to specify an unused attempt."
|
|
echo "Or use --replace if you want to overwrite this directory."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Create the output directory and temporary mount points.
|
|
mkdir -p "${OUTPUT_DIR}"
|
|
mkdir -p "${ROOT_FS_DIR}" "${STATEFUL_FS_DIR}" "${ESP_FS_DIR}"
|
|
|
|
# Create the boot.desc file which stores the build-time configuration
|
|
# information needed for making the image bootable after creation with
|
|
# cros_make_image_bootable.
|
|
create_boot_desc
|
|
|
|
create_base_image "$PRISTINE_IMAGE_NAME"
|
|
|
|
|
|
BOOT_FLAG=
|
|
if [ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]; then
|
|
BOOT_FLAG="-b 1" # BOOT_FLAG_DEVELOPER value defined in load_kernel_fw.h
|
|
info "--factory_install set, pass BOOT_FLAG_DEVELOPER flag to \
|
|
load_kernel_test"
|
|
fi
|
|
|
|
# Verify the final image.
|
|
load_kernel_test "${OUTPUT_DIR}/${PRISTINE_IMAGE_NAME}" \
|
|
"${DEVKEYSDIR}/recovery_key.vbpubk" ${BOOT_FLAG}
|
|
|
|
# Create a developer image based on the chromium os base image.
|
|
if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ]; then
|
|
copy_image "$PRISTINE_IMG" "$DEVELOPER_IMG"
|
|
install_dev_packages "$DEVELOPER_IMAGE_NAME"
|
|
fi
|
|
|
|
# Create a test or factory test image if desired
|
|
if [ ${FLAGS_factory} -eq ${FLAGS_TRUE} ]; then
|
|
copy_image "$DEVELOPER_IMG" "$FACTORY_IMG"
|
|
mod_image_for_test "${FACTORY_IMG}"
|
|
elif [ ${FLAGS_test} -eq ${FLAGS_TRUE} ]; then
|
|
copy_image "$DEVELOPER_IMG" "$TEST_IMG"
|
|
mod_image_for_test "${TEST_IMG}"
|
|
fi
|
|
|
|
rmdir "${ROOT_FS_DIR}" "${STATEFUL_FS_DIR}" "${ESP_FS_DIR}"
|
|
|
|
# Generating AU generator zip file to run outside chroot
|
|
generate_au_zip || echo "Failed generating AU zip file - ignoring Error..."
|
|
|
|
# Create a named symlink.
|
|
LINK_NAME="${FLAGS_output_root}/${BOARD}/${FLAGS_symlink}"
|
|
ln -sfT $(basename ${OUTPUT_DIR}) ${LINK_NAME}
|
|
|
|
echo "Done. Image created in ${OUTPUT_DIR}"
|
|
echo "Chromium OS image created as ${PRISTINE_IMAGE_NAME}"
|
|
if [ ${FLAGS_withdev} -eq ${FLAGS_TRUE} ]; then
|
|
echo "Developer image created as ${DEVELOPER_IMAGE_NAME}"
|
|
fi
|
|
if [ ${FLAGS_factory} -eq ${FLAGS_TRUE} ]; then
|
|
echo "Factory test image created as ${CHROMEOS_FACTORY_TEST_IMAGE_NAME}"
|
|
elif [ ${FLAGS_test} -eq ${FLAGS_TRUE} ]; then
|
|
echo "Test image created as ${CHROMEOS_TEST_IMAGE_NAME}"
|
|
fi
|
|
|
|
print_time_elapsed
|
|
|
|
echo "To copy to USB keyfob, do something like:"
|
|
echo " ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"
|
|
echo "To convert to VMWare image, INSIDE the chroot, do something like:"
|
|
echo " ./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR} --board=${BOARD}"
|
|
echo "from the scripts directory where you entered the chroot."
|