image_signing: sign_official_build.sh: use loopbacks when updating recovery kernels

This avoids copying in/out the kernels for their configs and to resign. BRANCH=None BUG=chromium:714598 TEST=signing images still works Change-Id: Id13d5099da7f8a73ebd4d4e918188c7eb5b65a12 Reviewed-on: https://chromium-review.googlesource.com/505478 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: David Riley <davidriley@chromium.org>
2025-11-29 04:33:39 +00:00 · 2017-05-09 03:29:37 -04:00
parent 3dd580298b
commit 06beb42e11
1 changed files with 9 additions and 15 deletions
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -720,15 +720,15 @@ EOF
 }

 # Re-calculate recovery kernel hash.
-# Args: IMAGE_BIN
+# Args: LOOPDEV
 update_recovery_kernel_hash() {
-  image_bin=$1
+  local loopdev="$1"
+  local loop_kerna="${loopdev}p2"
+  local loop_kernb="${loopdev}p4"

  # Update the Kernel B hash in Kernel A command line
-  local old_kerna_config=$(grab_kernel_config "${image_bin}" 2)
-  local new_kernb=$(make_temp_file)
-  extract_image_partition ${image_bin} 4 ${new_kernb}
-  local new_kernb_hash=$(sha1sum ${new_kernb} | cut -f1 -d' ')
+  local old_kerna_config="$(sudo dump_kernel_config "${loop_kerna}")"
+  local new_kernb_hash=$(sudo sha1sum "${loop_kernb}" | cut -f1 -d' ')

  new_kerna_config=$(make_temp_file)
  echo "$old_kerna_config" |
@@ -737,19 +737,13 @@ update_recovery_kernel_hash() {
  info "New config for kernel partition 2 is"
  cat ${new_kerna_config}

-  local temp_kimagea=$(make_temp_file)
-  extract_image_partition ${image_bin} 2 ${temp_kimagea}
-
  # Re-calculate kernel partition signature and command line.
-  local updated_kimagea=$(make_temp_file)
-  vbutil_kernel --repack ${updated_kimagea} \
+  sudo vbutil_kernel --repack "${loop_kerna}" \
    --keyblock ${KEY_DIR}/recovery_kernel.keyblock \
    --signprivate ${KEY_DIR}/recovery_kernel_data_key.vbprivk \
    --version "${KERNEL_VERSION}" \
-    --oldblob ${temp_kimagea} \
+    --oldblob "${loop_kerna}" \
    --config ${new_kerna_config}
-
-  replace_image_partition ${image_bin} 2 ${updated_kimagea}
 }

 # Update the legacy bootloader templates in EFI partition if available.
@@ -852,7 +846,7 @@ sign_image_file() {
    "${kernB_keyblock}" "${kernB_privkey}"
  update_stateful_partition_vblock "${loopdev}"
  if [[ "${image_type}" == "recovery" ]]; then
-    update_recovery_kernel_hash "${output}"
+    update_recovery_kernel_hash "${loopdev}"
  fi
  if ! update_legacy_bootloader "${output}" "${dm_partno}"; then
    # Error is already logged.