Index: scripts/image_signing/sign_official_build.sh |
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh |
index f8bf23c78caad27d8fcfdfe788a0e57adc900722..eb07127323e82a3cb867ecfea0ed709e9e3e0989 100755 |
--- a/scripts/image_signing/sign_official_build.sh |
+++ b/scripts/image_signing/sign_official_build.sh |
@@ -45,7 +45,7 @@ set -e |
# Make sure the tools we need are available. |
for prereqs in gbb_utility vbutil_kernel cgpt dump_kernel_config verity \ |
- load_kernel_test dumpe2fs sha1sum; |
+ load_kernel_test dumpe2fs sha1sum e2fsck; |
do |
type -P "${prereqs}" &>/dev/null || \ |
{ echo "${prereqs} tool not found."; exit 1; } |
@@ -178,6 +178,20 @@ update_rootfs_hash() { |
replace_image_partition ${image} 3 ${rootfs_image} |
} |
+# Do a sanity check on the image's rootfs |
+# ARGS: Image |
+verify_image_rootfs() { |
+ local image=$1 |
+ local rootfs_image=$(make_temp_file) |
+ extract_image_partition ${image} 3 ${rootfs_image} |
+ # This flips the read-only compatibility flag, so that e2fsck does not |
+ # complain about unknown file system capabilities. |
+ enable_rw_mount ${rootfs_image} |
+ echo "Running e2fsck to check root file system for errors" |
+ sudo e2fsck -fn "${rootfs_image}" || |
+ { echo "Root file system has errors!" && exit 1;} |
+} |
+ |
# Extracts the firmware update binaries from the a firmware update |
# shell ball (generated by src/platform/firmware/pack_firmware.sh) |
# Args: INPUT_SCRIPT OUTPUT_DIR |
@@ -306,6 +320,8 @@ EOF |
echo "YES"; } || echo "NO" |
set -e |
+ verify_image_rootfs "${INPUT_IMAGE}" |
+ |
# TODO(gauravsh): Check embedded firmware AU signatures. |
} |