| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 3 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Sign the final build image using the "official" keys. | 7 # Sign the final build image using the "official" keys. |
| 8 # | 8 # |
| 9 # Prerequisite tools needed in the system path: | 9 # Prerequisite tools needed in the system path: |
| 10 # | 10 # |
| 11 # gbb_utility (from src/platform/vboot_reference) | 11 # gbb_utility (from src/platform/vboot_reference) |
| 12 # vbutil_kernel (from src/platform/vboot_reference) | 12 # vbutil_kernel (from src/platform/vboot_reference) |
| 13 # cgpt (from src/platform/vboot_reference) | 13 # cgpt (from src/platform/vboot_reference) |
| 14 # dump_kernel_config (from src/platform/vboot_reference) | 14 # dump_kernel_config (from src/platform/vboot_reference) |
| 15 # verity (from src/platform/verity) | 15 # verity (from src/platform/verity) |
| 16 # load_kernel_test (from src/platform/vboot_reference) | 16 # load_kernel_test (from src/platform/vboot_reference) |
| 17 # dumpe2fs |
| 17 | 18 |
| 18 # Load common constants and variables. | 19 # Load common constants and variables. |
| 19 . "$(dirname "$0")/common.sh" | 20 . "$(dirname "$0")/common.sh" |
| 20 | 21 |
| 21 # Print usage string | 22 # Print usage string |
| 22 usage() { | 23 usage() { |
| 23 cat <<EOF | 24 cat <<EOF |
| 24 Usage: $PROG <type> input_image /path/to/keys/dir [output_image] | 25 Usage: $PROG <type> input_image /path/to/keys/dir [output_image] |
| 25 where <type> is one of: | 26 where <type> is one of: |
| 26 ssd (sign an SSD image) | 27 ssd (sign an SSD image) |
| 27 recovery (sign a USB recovery image) | 28 recovery (sign a USB recovery image) |
| 28 install (sign a factory install image) | 29 install (sign a factory install image) |
| 29 verify (verify an image including rootfs hashes) | 30 verify (verify an image including rootfs hashes) |
| 30 | 31 |
| 31 If you are signing an image, you must specify an [output_image]. | 32 If you are signing an image, you must specify an [output_image]. |
| 32 EOF | 33 EOF |
| 33 } | 34 } |
| 34 | 35 |
| 35 if [ $# -ne 3 ] && [ $# -ne 4 ]; then | 36 if [ $# -ne 3 ] && [ $# -ne 4 ]; then |
| 36 usage | 37 usage |
| 37 exit 1 | 38 exit 1 |
| 38 fi | 39 fi |
| 39 | 40 |
| 40 # Abort on errors. | 41 # Abort on errors. |
| 41 set -e | 42 set -e |
| 42 | 43 |
| 43 # Make sure the tools we need are available. | 44 # Make sure the tools we need are available. |
| 44 for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \ | 45 for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \ |
| 45 load_kernel_test; | 46 load_kernel_test dumpe2fs; |
| 46 do | 47 do |
| 47 type -P "${prereqs}" &>/dev/null || \ | 48 type -P "${prereqs}" &>/dev/null || \ |
| 48 { echo "${prereqs} tool not found."; exit 1; } | 49 { echo "${prereqs} tool not found."; exit 1; } |
| 49 done | 50 done |
| 50 | 51 |
| 51 TYPE=$1 | 52 TYPE=$1 |
| 52 INPUT_IMAGE=$2 | 53 INPUT_IMAGE=$2 |
| 53 KEY_DIR=$3 | 54 KEY_DIR=$3 |
| 54 OUTPUT_IMAGE=$4 | 55 OUTPUT_IMAGE=$4 |
| 55 | 56 |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 122 local signprivate=$3 # Private key to use for signing. | 123 local signprivate=$3 # Private key to use for signing. |
| 123 | 124 |
| 124 local rootfs_image=$(make_temp_file) | 125 local rootfs_image=$(make_temp_file) |
| 125 extract_image_partition ${image} 3 ${rootfs_image} | 126 extract_image_partition ${image} 3 ${rootfs_image} |
| 126 local kernel_config=$(grab_kernel_config "${image}") | 127 local kernel_config=$(grab_kernel_config "${image}") |
| 127 local hash_image=$(make_temp_file) | 128 local hash_image=$(make_temp_file) |
| 128 | 129 |
| 129 local new_kernel_config=$(calculate_rootfs_hash "${rootfs_image}" \ | 130 local new_kernel_config=$(calculate_rootfs_hash "${rootfs_image}" \ |
| 130 "${kernel_config}" "${hash_image}") | 131 "${kernel_config}" "${hash_image}") |
| 131 | 132 |
| 132 local rootfs_blocks=$(dumpe2fs "${rootfs_image}" 2> /dev/null | | 133 local rootfs_blocks=$(sudo dumpe2fs "${rootfs_image}" 2> /dev/null | |
| 133 grep "Block count" | | 134 grep "Block count" | |
| 134 tr -d ' ' | | 135 tr -d ' ' | |
| 135 cut -f2 -d:) | 136 cut -f2 -d:) |
| 136 local rootfs_sectors=$((rootfs_blocks * 8)) | 137 local rootfs_sectors=$((rootfs_blocks * 8)) |
| 137 | 138 |
| 138 # Overwrite the appended hashes in the rootfs | 139 # Overwrite the appended hashes in the rootfs |
| 139 local temp_config=$(make_temp_file) | 140 local temp_config=$(make_temp_file) |
| 140 echo ${new_kernel_config} >${temp_config} | 141 echo ${new_kernel_config} >${temp_config} |
| 141 dd if=${hash_image} of=${rootfs_image} bs=512 \ | 142 dd if=${hash_image} of=${rootfs_image} bs=512 \ |
| 142 seek=${rootfs_sectors} conv=notrunc | 143 seek=${rootfs_sectors} conv=notrunc |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 sign_for_recovery | 335 sign_for_recovery |
| 335 elif [ "${TYPE}" == "install" ]; then | 336 elif [ "${TYPE}" == "install" ]; then |
| 336 update_rootfs_hash ${INPUT_IMAGE} \ | 337 update_rootfs_hash ${INPUT_IMAGE} \ |
| 337 ${KEY_DIR}/installer_kernel.keyblock \ | 338 ${KEY_DIR}/installer_kernel.keyblock \ |
| 338 ${KEY_DIR}/recovery_kernel_data_key.vbprivk | 339 ${KEY_DIR}/recovery_kernel_data_key.vbprivk |
| 339 sign_for_factory_install | 340 sign_for_factory_install |
| 340 else | 341 else |
| 341 echo "Invalid type ${TYPE}" | 342 echo "Invalid type ${TYPE}" |
| 342 exit 1 | 343 exit 1 |
| 343 fi | 344 fi |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3355013:
Adds a sudo before dumpe2fs. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git