scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-29 04:33:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

image_signing: sign_official_build.sh: use loopbacks when updating recovery kernels

Browse Source 
This avoids copying in/out the kernels for their configs and to resign.

BRANCH=None
BUG=chromium:714598
TEST=signing images still works

Change-Id: Id13d5099da7f8a73ebd4d4e918188c7eb5b65a12
Reviewed-on: https://chromium-review.googlesource.com/505478
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: David Riley <davidriley@chromium.org>
This commit is contained in:
Mike Frysinger
2017-05-09 03:29:37 -04:00
committed by chrome-bot
parent 3dd580298b
commit 06beb42e11
1 changed files with 9 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
scripts/image_signing/sign_official_build.sh
View File

@@ -720,15 +720,15 @@ EOF
} }
# Re-calculate recovery kernel hash. # Re-calculate recovery kernel hash.
# Args: IMAGE_BIN # Args: LOOPDEV
update_recovery_kernel_hash() { update_recovery_kernel_hash() {
image_bin=$1 local loopdev="$1"
local loop_kerna="${loopdev}p2"
local loop_kernb="${loopdev}p4"
# Update the Kernel B hash in Kernel A command line # Update the Kernel B hash in Kernel A command line
local old_kerna_config=$(grab_kernel_config "${image_bin}" 2) local old_kerna_config="$(sudo dump_kernel_config "${loop_kerna}")"
local new_kernb=$(make_temp_file) local new_kernb_hash=$(sudo sha1sum "${loop_kernb}" | cut -f1 -d' ')
extract_image_partition ${image_bin} 4 ${new_kernb}
local new_kernb_hash=$(sha1sum ${new_kernb} | cut -f1 -d' ')
new_kerna_config=$(make_temp_file) new_kerna_config=$(make_temp_file)
echo "$old_kerna_config" | echo "$old_kerna_config" |
@@ -737,19 +737,13 @@ update_recovery_kernel_hash() {
info "New config for kernel partition 2 is" info "New config for kernel partition 2 is"
cat ${new_kerna_config} cat ${new_kerna_config}
local temp_kimagea=$(make_temp_file)
extract_image_partition ${image_bin} 2 ${temp_kimagea}
# Re-calculate kernel partition signature and command line. # Re-calculate kernel partition signature and command line.
local updated_kimagea=$(make_temp_file) sudo vbutil_kernel --repack "${loop_kerna}" \
vbutil_kernel --repack ${updated_kimagea} \
--keyblock ${KEY_DIR}/recovery_kernel.keyblock \ --keyblock ${KEY_DIR}/recovery_kernel.keyblock \
--signprivate ${KEY_DIR}/recovery_kernel_data_key.vbprivk \ --signprivate ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
--version "${KERNEL_VERSION}" \ --version "${KERNEL_VERSION}" \
--oldblob ${temp_kimagea} \ --oldblob "${loop_kerna}" \
--config ${new_kerna_config} --config ${new_kerna_config}
replace_image_partition ${image_bin} 2 ${updated_kimagea}
} }
# Update the legacy bootloader templates in EFI partition if available. # Update the legacy bootloader templates in EFI partition if available.
@@ -852,7 +846,7 @@ sign_image_file() {
"${kernB_keyblock}" "${kernB_privkey}" "${kernB_keyblock}" "${kernB_privkey}"
update_stateful_partition_vblock "${loopdev}" update_stateful_partition_vblock "${loopdev}"
if [[ "${image_type}" == "recovery" ]]; then if [[ "${image_type}" == "recovery" ]]; then
update_recovery_kernel_hash "${output}" update_recovery_kernel_hash "${loopdev}"
fi fi
if ! update_legacy_bootloader "${output}" "${dm_partno}"; then if ! update_legacy_bootloader "${output}" "${dm_partno}"; then
# Error is already logged. # Error is already logged.