build_image, build_kernel_image, update_bootloaders: fix up rootfs_verification

build_image

 #!/bin/bash
 
 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # Script to build a bootable keyfob-based chromeos system image from within
 # a chromiumos setup. This assumes that all needed packages have been built into
 # the given target's root with binary packages turned on. This script will
 # build the Chrome OS image using only pre-built binary packages.
@@ skipping 33 matching lines @@
   "The target image file or device"
 DEFINE_boolean factory_install ${FLAGS_FALSE} \
   "Build a smaller image to overlay the factory install shim on; this argument \
 is also required in image_to_usb."
 DEFINE_string arm_extra_bootargs "" \
   "Additional command line options to pass to the ARM kernel."
 DEFINE_integer rootfs_partition_size 1024 \
   "rootfs parition size in MBs."
 DEFINE_integer rootfs_size 720 \
   "rootfs filesystem size in MBs."
+# ceil(0.1 * rootfs_size) is a good minimum.
+DEFINE_integer rootfs_hash_pad 8 \
+  "MBs reserved at the end of the rootfs image."
 DEFINE_integer statefulfs_size 1024 \
   "stateful filesystem size in MBs."
 DEFINE_boolean preserve ${FLAGS_FALSE} \
   "Attempt to preserve the previous build image if one can be found (unstable, \
 kernel/firmware not updated)"
 DEFINE_boolean fast ${FLAGS_FALSE} \
   "Call many emerges in parallel (unstable)"
 
 DEFINE_string usb_disk /dev/sdb3 \
   "Path syslinux should use to do a usb boot. Default: /dev/sdb3"
@@ skipping 20 matching lines @@
 
 # Only now can we die on error.  shflags functions leak non-zero error codes,
 # so will die prematurely if 'set -e' is specified before now.
 set -e
 
 if [ -z "${FLAGS_board}" ] ; then
   error "--board is required."
   exit 1
 fi
 
-if [ "${FLAGS_rootfs_size}" -gt "${FLAGS_rootfs_partition_size}" ] ; then
-  error "rootfs (${FLAGS_rootfs_size} MB) is bigger than partition (${FLAGS_rootfs_partition_size} MB)."
+if [ "$((FLAGS_rootfs_size + FLAGS_rootfs_hash_pad))" -gt \
+     "${FLAGS_rootfs_partition_size}" ] ; then
+  error "rootfs ($((FLAGS_rootfs_size + FLAGS_rootfs_hash_pad)) MB) is \
+bigger than partition (${FLAGS_rootfs_partition_size} MB)."
   exit 1
 fi
 
 EMERGE_BOARD_CMD="emerge-${FLAGS_board}"
 if [ "${FLAGS_fast}" -eq "${FLAGS_TRUE}" ]; then
   echo "Using alternate emerge"
   EMERGE_BOARD_CMD="${SCRIPTS_DIR}/parallel_emerge --board=${FLAGS_board}"
 fi
 
 # Determine build version.
@@ skipping 180 matching lines @@
   if [[ ${FLAGS_enable_rootfs_verification} -eq ${FLAGS_TRUE} ]]; then
     cros_root=/dev/dm-0
   fi
 
   # TODO(wad) mount the root fs to LOOP_DEV from the image
   trap "mount_gpt_cleanup" EXIT
   ${SCRIPTS_DIR}/mount_gpt_image.sh --from "${OUTPUT_DIR}" \
     --image "${image_name}" -r "${ROOT_FS_DIR}" \
     -s "${STATEFUL_FS_DIR}"
 
+  # The rootfs should never be mounted rw again after this point without
+  # re-calling make_image_bootable.
   sudo mount -o remount,ro "${ROOT_FS_DIR}"
-  root_dev=$(mount | grep -- "${ROOT_FS_DIR}" | cut -f1 -d' ' | tail -1)
+  root_dev=$(mount | grep -- "on ${ROOT_FS_DIR} type" | cut -f1 -d' ' | tail -1)
 
   DEVKEYSDIR="/usr/share/vboot/devkeys"
 
   # Builds the kernel partition image.  The temporary files are kept around
   # so that we can perform a load_kernel_test later on the final image.
   ${SCRIPTS_DIR}/build_kernel_image.sh \
     --arch="${ARCH}" \
     --to="${OUTPUT_DIR}/vmlinuz.image" \
     --hd_vblock="${OUTPUT_DIR}/vmlinuz_hd.vblock" \
     --vmlinuz="${OUTPUT_DIR}/boot/vmlinuz" \
     --working_dir="${OUTPUT_DIR}" \
     --keep_work \
     --rootfs_image=${root_dev} \
-    --rootfs_hash=${OUTPUT_DIR}/rootfs.hash \
+    --rootfs_hash=${ROOT_FS_HASH} \
     --verity_hash_alg=${FLAGS_verity_algorithm} \
     --verity_tree_depth=${FLAGS_verity_depth} \
     --verity_max_ios=${FLAGS_verity_max_ios} \
     --verity_error_behavior=${FLAGS_verity_error_behavior} \
     --root=${cros_root} \
     --keys_dir="${DEVKEYSDIR}"
 
+  local rootfs_hash_size=$(stat -c '%s' ${ROOT_FS_HASH})
+  info "Appending rootfs.hash (${rootfs_hash_size} bytes) to the root fs"
+  if [[ ${rootfs_hash_size} -gt $((FLAGS_rootfs_hash_pad * 1024 * 1024)) ]]
+  then
+    die "--rootfs_hash_pad reserves less than the needed ${rootfs_hash_size}"
+  fi
+  # Unfortunately, mount_gpt_image uses mount and not losetup to create the
+  # loop devices.  This means that they are not the correct size.  We have to
+  # write directly to the image to append the hash tree data.
+  local hash_offset="$(partoffset ${OUTPUT_DIR}/${image_name} 3)"
+  hash_offset=$((hash_offset + ((1024 * 1024 * ${FLAGS_rootfs_size}) / 512)))
+  sudo dd bs=512 \
+          seek=${hash_offset} \
+          if="${ROOT_FS_HASH}" \
+          of="${OUTPUT_DIR}/${image_name}" \
+          conv=notrunc
+  # We don't need to keep the file around anymore.
+  sudo rm "${ROOT_FS_HASH}"
+
   # Move the verification block needed for the hard disk install to the
   # stateful partition. Mount stateful fs, copy file, and umount fs.
   # In original CL: http://codereview.chromium.org/2868044, this was done in
   # create_base_image(). However, it could break the build if it is a clean
   # build because vmlinuz_hd.vblock hasn't been created by build_kernel_image.sh
   if [[ "${ARCH}" = "x86" ]]; then
     sudo cp "${OUTPUT_DIR}/vmlinuz_hd.vblock" "${STATEFUL_FS_DIR}"
   fi
 
   # START_KERN_A is set by the first call to install the gpt.
@@ skipping 174 matching lines @@
   if [[ ${FLAGS_factory_install} -eq ${FLAGS_TRUE} ]] ; then
     ROOT_SIZE_BYTES=$((1024 * 1024 * 300))
   else
     ROOT_SIZE_BYTES=$((1024 * 1024 * ${FLAGS_rootfs_size}))
   fi
 
   dd if=/dev/zero of="${ROOT_FS_IMG}" bs=1 count=1 seek=$((ROOT_SIZE_BYTES - 1))
   sudo losetup "${LOOP_DEV}" "${ROOT_FS_IMG}"
   sudo mkfs.ext3 "${LOOP_DEV}"
 
+  # Pad out 10% for the hash tree.  This currently _exact_ for
+  # default configuration.  More space may be needed for different options.
+  ROOT_HASH_PAD=$((FLAGS_rootfs_hash_pad * 1024 * 1024))
+  info "Padding the rootfs image by ${ROOT_HASH_PAD} bytes for hash data"
+  dd if=/dev/zero of="${ROOT_FS_IMG}" bs=1 count=1 \
+     seek=$((ROOT_SIZE_BYTES + ROOT_HASH_PAD - 1))
+  # Update to reflect the new capacity in the loop device.
+  sudo losetup -c "${LOOP_DEV}"
+
   # Tune and mount rootfs.
+  # TODO(wad) rename the disk label to match the GPT since we
+  #           can't change it later.
   DISK_LABEL="C-KEYFOB"
   sudo tune2fs -L "${DISK_LABEL}" -U "${UUID}" -c 0 -i 0 "${LOOP_DEV}"
   sudo mount "${LOOP_DEV}" "${ROOT_FS_DIR}"
 
   # Create stateful partition of the same size as the rootfs.
   STATEFUL_LOOP_DEV=$(sudo losetup -f)
   if [ -z "${STATEFUL_LOOP_DEV}" ] ; then
     echo "No free loop device.  Free up a loop device or reboot.  exiting. "
     exit 1
   fi
@@ skipping 207 matching lines @@
   echo "Developer image created as ${DEVELOPER_IMAGE_NAME}"
 fi
 
 print_time_elapsed
 
 echo "To copy to USB keyfob, OUTSIDE the chroot, do something like:"
 echo "  ./image_to_usb.sh --from=${OUTSIDE_OUTPUT_DIR} --to=/dev/sdX"
 echo "To convert to VMWare image, OUTSIDE the chroot, do something like:"
 echo "  ./image_to_vm.sh --from=${OUTSIDE_OUTPUT_DIR}"
 echo "from the scripts directory where you entered the chroot."