Add a utility to tag/stamp image
There are several procedures in Chrome OS post-processing before being released:
stamping, tagging, mod image for URLs, ... and signing.
We need an integrated script to handle all the stamping / tagging.
This CL can handle empty tag files like /root/.force_update_firmware
or /root/.dev_mode.
This CL deprecates http://codereview.chromium.org/3421040 and moved script
from crosutils to vboot_reference. In the future we may isolate the non-signing
post-processing scripts (set_lsb, tag_image, remove_label, ...) into crosutils.
BUG=none
TEST=manually:
(1) Build a general dev image without firmware updates (default behavior of build_image for x86-generic ToT)
(2) Enter chroot and then execute:
cd ~/trunk/src/platform/vboot_reference/scripts;
./tag_image.sh \
--from ~/trunk/src/build/images/x86-generic/latest/chromiumos_image.bin
Expected: output message:
Update Firmware: disabled
Developer Mode: Enabled
(3) ./tag_image.sh --update_firmware=1 --dev_mode=0 \
--from ~/trunk/src//build/images/x86-generic/latest/chromiumos_image.bin
Expected: output message:
Update Firmware: disabled => Enabled
Developer Mode: Enabled => disabled
Manually verify:
pushd ../../build/images/x86-generic/latest
unpack_partitions.sh chromiumos_image.bin
sudo mount -o loop,ro part_3 rootfs
ls -l rootfs/root/.force_update_firmware # this file should exist
ls -l rootfs/root/.dev_mode # this file should NOT exist (i.e., error)
sudo umount rootfs
(4) ./tag_image.sh --update_firmware=0 --dev_mod=1 \
--from ~/trunk/src/build/images/x86-generic/latest/chromiumos_image.bin
Expected: output message:
Update Firmware: Enabled => disabled
Developer Mode: disabled => Enabled
Manually verify:
pushd ../../build/images/x86-generic/latest
unpack_partitions.sh chromiumos_image.bin
sudo mount -o loop,ro part_3 rootfs
ls -l rootfs/root/.force_update_firmware # this file should NOT exist (i.e., error)
ls -l rootfs/root/.dev_mode # this file should exist
sudo umount rootfs
Change-Id: I96af3c7201372bb904426d10cff142467a1fa2e7
Review URL: http://codereview.chromium.org/3604001
diff --git a/scripts/image_signing/common.sh b/scripts/image_signing/common.sh
index c4824c6..f7ed541 100755
--- a/scripts/image_signing/common.sh
+++ b/scripts/image_signing/common.sh
@@ -9,6 +9,16 @@
PROG=$(basename $0)
GPT=cgpt
+# The tag when the rootfs is changed.
+TAG_NEEDS_TO_BE_SIGNED="/root/.need_to_be_signed"
+
+# Load shflags
+if [[ -f /usr/lib/shflags ]]; then
+ . /usr/lib/shflags
+else
+ . "${SCRIPT_DIR}/lib/shflags/shflags"
+fi
+
# List of Temporary files and mount points.
TEMP_FILE_LIST=$(mktemp)
TEMP_DIR_LIST=$(mktemp)
@@ -27,6 +37,38 @@
sudo $GPT show -s -i $2 $1
}
+# Tags a file system as "needs to be resigned".
+# Args: MOUNTDIRECTORY
+tag_as_needs_to_be_resigned() {
+ local mount_dir="$1"
+ sudo touch "$mount_dir/$TAG_NEEDS_TO_BE_SIGNED"
+}
+
+# Determines if the target file system has the tag for resign
+# Args: MOUNTDIRECTORY
+# Returns: $FLAGS_TRUE if the tag is there, otherwise $FLAGS_FALSE
+has_needs_to_be_resigned_tag() {
+ local mount_dir="$1"
+ if [ -f "$mount_dir/$TAG_NEEDS_TO_BE_SIGNED" ]; then
+ return ${FLAGS_TRUE}
+ else
+ return ${FLAGS_FALSE}
+ fi
+}
+
+# Determines if the target file system is a Chrome OS root fs
+# Args: MOUNTDIRECTORY
+# Returns: $FLAGS_TRUE if MOUNTDIRECTORY looks like root fs,
+# otherwise $FLAGS_FALSE
+is_rootfs_partition() {
+ local mount_dir="$1"
+ if [ -f "$mount_dir/$(dirname "$TAG_NEEDS_TO_BE_SIGNED")" ]; then
+ return ${FLAGS_TRUE}
+ else
+ return ${FLAGS_FALSE}
+ fi
+}
+
# Mount a partition read-only from an image into a local directory
# Args: IMAGE PARTNUM MOUNTDIRECTORY
mount_image_partition_ro() {
@@ -45,6 +87,9 @@
local mount_dir=$3
local offset=$(partoffset "$image" "$partnum")
sudo mount -o loop,offset=$((offset * 512)) "$image" "$mount_dir"
+ if is_rootfs_partition "$mount_dir"; then
+ tag_as_needs_to_be_resigned "$mount_dir"
+ fi
}
# Extract a partition to a file
@@ -93,6 +138,9 @@
set +e # umount may fail for unmounted directories
for i in "$(cat $TEMP_DIR_LIST)"; do
if [ -n "$i" ]; then
+ if has_needs_to_be_resigned_tag "$i"; then
+ echo "Warning: image may be modified. Please resign image."
+ fi
sudo umount -d $i 2>/dev/null
rm -rf $i
fi
diff --git a/scripts/image_signing/lib/shflags/README.chromium b/scripts/image_signing/lib/shflags/README.chromium
new file mode 100644
index 0000000..3886892
--- /dev/null
+++ b/scripts/image_signing/lib/shflags/README.chromium
@@ -0,0 +1 @@
+This is r137 of shflags
diff --git a/scripts/image_signing/lib/shflags/shflags b/scripts/image_signing/lib/shflags/shflags
new file mode 100644
index 0000000..773e0f3
--- /dev/null
+++ b/scripts/image_signing/lib/shflags/shflags
@@ -0,0 +1,1009 @@
+# $Id: shflags 133 2009-05-10 18:04:51Z kate.ward@forestent.com $
+# vim:et:ft=sh:sts=2:sw=2
+#
+# Copyright 2008 Kate Ward. All Rights Reserved.
+# Released under the LGPL (GNU Lesser General Public License)
+#
+# shFlags -- Advanced command-line flag library for Unix shell scripts.
+# http://code.google.com/p/shflags/
+#
+# Author: kate.ward@forestent.com (Kate Ward)
+#
+# This module implements something like the google-gflags library available
+# from http://code.google.com/p/google-gflags/.
+#
+# FLAG TYPES: This is a list of the DEFINE_*'s that you can do. All flags take
+# a name, default value, help-string, and optional 'short' name (one-letter
+# name). Some flags have other arguments, which are described with the flag.
+#
+# DEFINE_string: takes any input, and intreprets it as a string.
+#
+# DEFINE_boolean: typically does not take any argument: say --myflag to set
+# FLAGS_myflag to true, or --nomyflag to set FLAGS_myflag to false.
+# Alternately, you can say
+# --myflag=true or --myflag=t or --myflag=0 or
+# --myflag=false or --myflag=f or --myflag=1
+# Passing an option has the same affect as passing the option once.
+#
+# DEFINE_float: takes an input and intreprets it as a floating point number. As
+# shell does not support floats per-se, the input is merely validated as
+# being a valid floating point value.
+#
+# DEFINE_integer: takes an input and intreprets it as an integer.
+#
+# SPECIAL FLAGS: There are a few flags that have special meaning:
+# --help (or -?) prints a list of all the flags in a human-readable fashion
+# --flagfile=foo read flags from foo. (not implemented yet)
+# -- as in getopt(), terminates flag-processing
+#
+# EXAMPLE USAGE:
+#
+# -- begin hello.sh --
+# #! /bin/sh
+# . ./shflags
+# DEFINE_string name 'world' "somebody's name" n
+# FLAGS "$@" || exit $?
+# eval set -- "${FLAGS_ARGV}"
+# echo "Hello, ${FLAGS_name}."
+# -- end hello.sh --
+#
+# $ ./hello.sh -n Kate
+# Hello, Kate.
+#
+# NOTE: Not all systems include a getopt version that supports long flags. On
+# these systems, only short flags are recognized.
+
+#==============================================================================
+# shFlags
+#
+# Shared attributes:
+# flags_error: last error message
+# flags_return: last return value
+#
+# __flags_longNames: list of long names for all flags
+# __flags_shortNames: list of short names for all flags
+# __flags_boolNames: list of boolean flag names
+#
+# __flags_opts: options parsed by getopt
+#
+# Per-flag attributes:
+# FLAGS_<flag_name>: contains value of flag named 'flag_name'
+# __flags_<flag_name>_default: the default flag value
+# __flags_<flag_name>_help: the flag help string
+# __flags_<flag_name>_short: the flag short name
+# __flags_<flag_name>_type: the flag type
+#
+# Notes:
+# - lists of strings are space separated, and a null value is the '~' char.
+
+# return if FLAGS already loaded
+[ -n "${FLAGS_VERSION:-}" ] && return 0
+FLAGS_VERSION='1.0.3'
+
+# return values
+FLAGS_TRUE=0
+FLAGS_FALSE=1
+FLAGS_ERROR=2
+
+# reserved flag names
+FLAGS_RESERVED='ARGC ARGV ERROR FALSE HELP PARENT RESERVED TRUE VERSION'
+
+_flags_debug() { echo "flags:DEBUG $@" >&2; }
+_flags_warn() { echo "flags:WARN $@" >&2; }
+_flags_error() { echo "flags:ERROR $@" >&2; }
+_flags_fatal() { echo "flags:FATAL $@" >&2; }
+
+# specific shell checks
+if [ -n "${ZSH_VERSION:-}" ]; then
+ setopt |grep "^shwordsplit$" >/dev/null
+ if [ $? -ne ${FLAGS_TRUE} ]; then
+ _flags_fatal 'zsh shwordsplit option is required for proper zsh operation'
+ exit ${FLAGS_ERROR}
+ fi
+ if [ -z "${FLAGS_PARENT:-}" ]; then
+ _flags_fatal "zsh does not pass \$0 through properly. please declare' \
+\"FLAGS_PARENT=\$0\" before calling shFlags"
+ exit ${FLAGS_ERROR}
+ fi
+fi
+
+#
+# constants
+#
+
+# getopt version
+__FLAGS_GETOPT_VERS_STD=0
+__FLAGS_GETOPT_VERS_ENH=1
+__FLAGS_GETOPT_VERS_BSD=2
+
+getopt >/dev/null 2>&1
+case $? in
+ 0) __FLAGS_GETOPT_VERS=${__FLAGS_GETOPT_VERS_STD} ;; # bsd getopt
+ 2)
+ # TODO(kward): look into '-T' option to test the internal getopt() version
+ if [ "`getopt --version`" = '-- ' ]; then
+ __FLAGS_GETOPT_VERS=${__FLAGS_GETOPT_VERS_STD}
+ else
+ __FLAGS_GETOPT_VERS=${__FLAGS_GETOPT_VERS_ENH}
+ fi
+ ;;
+ *)
+ _flags_fatal 'unable to determine getopt version'
+ exit ${FLAGS_ERROR}
+ ;;
+esac
+
+# getopt optstring lengths
+__FLAGS_OPTSTR_SHORT=0
+__FLAGS_OPTSTR_LONG=1
+
+__FLAGS_NULL='~'
+
+# flag info strings
+__FLAGS_INFO_DEFAULT='default'
+__FLAGS_INFO_HELP='help'
+__FLAGS_INFO_SHORT='short'
+__FLAGS_INFO_TYPE='type'
+
+# flag lengths
+__FLAGS_LEN_SHORT=0
+__FLAGS_LEN_LONG=1
+
+# flag types
+__FLAGS_TYPE_NONE=0
+__FLAGS_TYPE_BOOLEAN=1
+__FLAGS_TYPE_FLOAT=2
+__FLAGS_TYPE_INTEGER=3
+__FLAGS_TYPE_STRING=4
+
+# set the constants readonly
+__flags_constants=`set |awk -F= '/^FLAGS_/ || /^__FLAGS_/ {print $1}'`
+for __flags_const in ${__flags_constants}; do
+ # skip certain flags
+ case ${__flags_const} in
+ FLAGS_HELP) continue ;;
+ FLAGS_PARENT) continue ;;
+ esac
+ # set flag readonly
+ if [ -z "${ZSH_VERSION:-}" ]; then
+ readonly ${__flags_const}
+ else # handle zsh
+ case ${ZSH_VERSION} in
+ [123].*) readonly ${__flags_const} ;;
+ *) readonly -g ${__flags_const} ;; # declare readonly constants globally
+ esac
+ fi
+done
+unset __flags_const __flags_constants
+
+#
+# internal variables
+#
+
+__flags_boolNames=' ' # space separated list of boolean flag names
+__flags_longNames=' ' # space separated list of long flag names
+__flags_shortNames=' ' # space separated list of short flag names
+
+__flags_columns='' # screen width in columns
+__flags_opts='' # temporary storage for parsed getopt flags
+
+#------------------------------------------------------------------------------
+# private functions
+#
+
+# Define a flag.
+#
+# Calling this function will define the following info variables for the
+# specified flag:
+# FLAGS_flagname - the name for this flag (based upon the long flag name)
+# __flags_<flag_name>_default - the default value
+# __flags_flagname_help - the help string
+# __flags_flagname_short - the single letter alias
+# __flags_flagname_type - the type of flag (one of __FLAGS_TYPE_*)
+#
+# Args:
+# _flags__type: integer: internal type of flag (__FLAGS_TYPE_*)
+# _flags__name: string: long flag name
+# _flags__default: default flag value
+# _flags__help: string: help string
+# _flags__short: string: (optional) short flag name
+# Returns:
+# integer: success of operation, or error
+_flags_define()
+{
+ if [ $# -lt 4 ]; then
+ flags_error='DEFINE error: too few arguments'
+ flags_return=${FLAGS_ERROR}
+ _flags_error "${flags_error}"
+ return ${flags_return}
+ fi
+
+ _flags_type_=$1
+ _flags_name_=$2
+ _flags_default_=$3
+ _flags_help_=$4
+ _flags_short_=${5:-${__FLAGS_NULL}}
+
+ _flags_return_=${FLAGS_TRUE}
+
+ # TODO(kward): check for validity of the flag name (e.g. dashes)
+
+ # check whether the flag name is reserved
+ echo " ${FLAGS_RESERVED} " |grep " ${_flags_name_} " >/dev/null
+ if [ $? -eq 0 ]; then
+ flags_error="flag name (${_flags_name_}) is reserved"
+ _flags_return_=${FLAGS_ERROR}
+ fi
+
+ # require short option for getopt that don't support long options
+ if [ ${_flags_return_} -eq ${FLAGS_TRUE} \
+ -a ${__FLAGS_GETOPT_VERS} -ne ${__FLAGS_GETOPT_VERS_ENH} \
+ -a "${_flags_short_}" = "${__FLAGS_NULL}" ]
+ then
+ flags_error="short flag required for (${_flags_name_}) on this platform"
+ _flags_return_=${FLAGS_ERROR}
+ fi
+
+ # check for existing long name definition
+ if [ ${_flags_return_} -eq ${FLAGS_TRUE} ]; then
+ if _flags_itemInList "${_flags_name_}" \
+ ${__flags_longNames} ${__flags_boolNames}
+ then
+ flags_error="flag name ([no]${_flags_name_}) already defined"
+ _flags_warn "${flags_error}"
+ _flags_return_=${FLAGS_FALSE}
+ fi
+ fi
+
+ # check for existing short name definition
+ if [ ${_flags_return_} -eq ${FLAGS_TRUE} \
+ -a "${_flags_short_}" != "${__FLAGS_NULL}" ]
+ then
+ if _flags_itemInList "${_flags_short_}" ${__flags_shortNames}; then
+ flags_error="flag short name (${_flags_short_}) already defined"
+ _flags_warn "${flags_error}"
+ _flags_return_=${FLAGS_FALSE}
+ fi
+ fi
+
+ # handle default value. note, on several occasions the 'if' portion of an
+ # if/then/else contains just a ':' which does nothing. a binary reversal via
+ # '!' is not done because it does not work on all shells.
+ if [ ${_flags_return_} -eq ${FLAGS_TRUE} ]; then
+ case ${_flags_type_} in
+ ${__FLAGS_TYPE_BOOLEAN})
+ if _flags_validateBoolean "${_flags_default_}"; then
+ case ${_flags_default_} in
+ true|t|0) _flags_default_=${FLAGS_TRUE} ;;
+ false|f|1) _flags_default_=${FLAGS_FALSE} ;;
+ esac
+ else
+ flags_error="invalid default flag value '${_flags_default_}'"
+ _flags_return_=${FLAGS_ERROR}
+ fi
+ ;;
+
+ ${__FLAGS_TYPE_FLOAT})
+ if _flags_validateFloat "${_flags_default_}"; then
+ :
+ else
+ flags_error="invalid default flag value '${_flags_default_}'"
+ _flags_return_=${FLAGS_ERROR}
+ fi
+ ;;
+
+ ${__FLAGS_TYPE_INTEGER})
+ if _flags_validateInteger "${_flags_default_}"; then
+ :
+ else
+ flags_error="invalid default flag value '${_flags_default_}'"
+ _flags_return_=${FLAGS_ERROR}
+ fi
+ ;;
+
+ ${__FLAGS_TYPE_STRING}) ;; # everything in shell is a valid string
+
+ *)
+ flags_error="unrecognized flag type '${_flags_type_}'"
+ _flags_return_=${FLAGS_ERROR}
+ ;;
+ esac
+ fi
+
+ if [ ${_flags_return_} -eq ${FLAGS_TRUE} ]; then
+ # store flag information
+ eval "FLAGS_${_flags_name_}='${_flags_default_}'"
+ eval "__flags_${_flags_name_}_${__FLAGS_INFO_TYPE}=${_flags_type_}"
+ eval "__flags_${_flags_name_}_${__FLAGS_INFO_DEFAULT}=\
+\"${_flags_default_}\""
+ eval "__flags_${_flags_name_}_${__FLAGS_INFO_HELP}=\"${_flags_help_}\""
+ eval "__flags_${_flags_name_}_${__FLAGS_INFO_SHORT}='${_flags_short_}'"
+
+ # append flag name(s) to list of names
+ __flags_longNames="${__flags_longNames}${_flags_name_} "
+ __flags_shortNames="${__flags_shortNames}${_flags_short_} "
+ [ ${_flags_type_} -eq ${__FLAGS_TYPE_BOOLEAN} ] && \
+ __flags_boolNames="${__flags_boolNames}no${_flags_name_} "
+ fi
+
+ flags_return=${_flags_return_}
+ unset _flags_default_ _flags_help_ _flags_name_ _flags_return_ _flags_short_ \
+ _flags_type_
+ [ ${flags_return} -eq ${FLAGS_ERROR} ] && _flags_error "${flags_error}"
+ return ${flags_return}
+}
+
+# Return valid getopt options using currently defined list of long options.
+#
+# This function builds a proper getopt option string for short (and long)
+# options, using the current list of long options for reference.
+#
+# Args:
+# _flags_optStr: integer: option string type (__FLAGS_OPTSTR_*)
+# Output:
+# string: generated option string for getopt
+# Returns:
+# boolean: success of operation (always returns True)
+_flags_genOptStr()
+{
+ _flags_optStrType_=$1
+
+ _flags_opts_=''
+
+ for _flags_flag_ in ${__flags_longNames}; do
+ _flags_type_=`_flags_getFlagInfo ${_flags_flag_} ${__FLAGS_INFO_TYPE}`
+ case ${_flags_optStrType_} in
+ ${__FLAGS_OPTSTR_SHORT})
+ _flags_shortName_=`_flags_getFlagInfo \
+ ${_flags_flag_} ${__FLAGS_INFO_SHORT}`
+ if [ "${_flags_shortName_}" != "${__FLAGS_NULL}" ]; then
+ _flags_opts_="${_flags_opts_}${_flags_shortName_}"
+ # getopt needs a trailing ':' to indicate a required argument
+ [ ${_flags_type_} -ne ${__FLAGS_TYPE_BOOLEAN} ] && \
+ _flags_opts_="${_flags_opts_}:"
+ fi
+ ;;
+
+ ${__FLAGS_OPTSTR_LONG})
+ _flags_opts_="${_flags_opts_:+${_flags_opts_},}${_flags_flag_}"
+ # getopt needs a trailing ':' to indicate a required argument
+ [ ${_flags_type_} -ne ${__FLAGS_TYPE_BOOLEAN} ] && \
+ _flags_opts_="${_flags_opts_}:"
+ ;;
+ esac
+ done
+
+ echo "${_flags_opts_}"
+ unset _flags_flag_ _flags_opts_ _flags_optStrType_ _flags_shortName_ \
+ _flags_type_
+ return ${FLAGS_TRUE}
+}
+
+# Returns flag details based on a flag name and flag info.
+#
+# Args:
+# string: long flag name
+# string: flag info (see the _flags_define function for valid info types)
+# Output:
+# string: value of dereferenced flag variable
+# Returns:
+# integer: one of FLAGS_{TRUE|FALSE|ERROR}
+_flags_getFlagInfo()
+{
+ _flags_name_=$1
+ _flags_info_=$2
+
+ _flags_nameVar_="__flags_${_flags_name_}_${_flags_info_}"
+ _flags_strToEval_="_flags_value_=\"\${${_flags_nameVar_}:-}\""
+ eval "${_flags_strToEval_}"
+ if [ -n "${_flags_value_}" ]; then
+ flags_return=${FLAGS_TRUE}
+ else
+ # see if the _flags_name_ variable is a string as strings can be empty...
+ # note: the DRY principle would say to have this function call itself for
+ # the next three lines, but doing so results in an infinite loop as an
+ # invalid _flags_name_ will also not have the associated _type variable.
+ # Because it doesn't (it will evaluate to an empty string) the logic will
+ # try to find the _type variable of the _type variable, and so on. Not so
+ # good ;-)
+ _flags_typeVar_="__flags_${_flags_name_}_${__FLAGS_INFO_TYPE}"
+ _flags_strToEval_="_flags_type_=\"\${${_flags_typeVar_}:-}\""
+ eval "${_flags_strToEval_}"
+ if [ "${_flags_type_}" = "${__FLAGS_TYPE_STRING}" ]; then
+ flags_return=${FLAGS_TRUE}
+ else
+ flags_return=${FLAGS_ERROR}
+ flags_error="invalid flag name (${_flags_nameVar_})"
+ fi
+ fi
+
+ echo "${_flags_value_}"
+ unset _flags_info_ _flags_name_ _flags_strToEval_ _flags_type_ _flags_value_ \
+ _flags_nameVar_ _flags_typeVar_
+ [ ${flags_return} -eq ${FLAGS_ERROR} ] && _flags_error "${flags_error}"
+ return ${flags_return}
+}
+
+# check for presense of item in a list. passed a string (e.g. 'abc'), this
+# function will determine if the string is present in the list of strings (e.g.
+# ' foo bar abc ').
+#
+# Args:
+# _flags__str: string: string to search for in a list of strings
+# unnamed: list: list of strings
+# Returns:
+# boolean: true if item is in the list
+_flags_itemInList()
+{
+ _flags_str_=$1
+ shift
+
+ echo " ${*:-} " |grep " ${_flags_str_} " >/dev/null
+ if [ $? -eq 0 ]; then
+ flags_return=${FLAGS_TRUE}
+ else
+ flags_return=${FLAGS_FALSE}
+ fi
+
+ unset _flags_str_
+ return ${flags_return}
+}
+
+# Returns the width of the current screen.
+#
+# Output:
+# integer: width in columns of the current screen.
+_flags_columns()
+{
+ if [ -z "${__flags_columns}" ]; then
+ # determine the value and store it
+ if eval stty size >/dev/null 2>&1; then
+ # stty size worked :-)
+ set -- `stty size`
+ __flags_columns=$2
+ elif eval tput cols >/dev/null 2>&1; then
+ set -- `tput cols`
+ __flags_columns=$1
+ else
+ __flags_columns=80 # default terminal width
+ fi
+ fi
+ echo ${__flags_columns}
+}
+
+# Validate a boolean.
+#
+# Args:
+# _flags__bool: boolean: value to validate
+# Returns:
+# bool: true if the value is a valid boolean
+_flags_validateBoolean()
+{
+ _flags_bool_=$1
+
+ flags_return=${FLAGS_TRUE}
+ case "${_flags_bool_}" in
+ true|t|0) ;;
+ false|f|1) ;;
+ *) flags_return=${FLAGS_FALSE} ;;
+ esac
+
+ unset _flags_bool_
+ return ${flags_return}
+}
+
+# Validate a float.
+#
+# Args:
+# _flags__float: float: value to validate
+# Returns:
+# bool: true if the value is a valid float
+_flags_validateFloat()
+{
+ _flags_float_=$1
+
+ if _flags_validateInteger ${_flags_float_}; then
+ flags_return=${FLAGS_TRUE}
+ else
+ flags_return=${FLAGS_TRUE}
+ case ${_flags_float_} in
+ -*) # negative floats
+ _flags_test_=`expr "${_flags_float_}" : '\(-[0-9][0-9]*\.[0-9][0-9]*\)'`
+ ;;
+ *) # positive floats
+ _flags_test_=`expr "${_flags_float_}" : '\([0-9][0-9]*\.[0-9][0-9]*\)'`
+ ;;
+ esac
+ [ "${_flags_test_}" != "${_flags_float_}" ] && flags_return=${FLAGS_FALSE}
+ fi
+
+ unset _flags_float_ _flags_test_
+ return ${flags_return}
+}
+
+# Validate an integer.
+#
+# Args:
+# _flags__integer: interger: value to validate
+# Returns:
+# bool: true if the value is a valid integer
+_flags_validateInteger()
+{
+ _flags_int_=$1
+
+ flags_return=${FLAGS_TRUE}
+ case ${_flags_int_} in
+ -*) # negative ints
+ _flags_test_=`expr "${_flags_int_}" : '\(-[0-9][0-9]*\)'`
+ ;;
+ *) # positive ints
+ _flags_test_=`expr "${_flags_int_}" : '\([0-9][0-9]*\)'`
+ ;;
+ esac
+ [ "${_flags_test_}" != "${_flags_int_}" ] && flags_return=${FLAGS_FALSE}
+
+ unset _flags_int_ _flags_test_
+ return ${flags_return}
+}
+
+# Parse command-line options using the standard getopt.
+#
+# Note: the flag options are passed around in the global __flags_opts so that
+# the formatting is not lost due to shell parsing and such.
+#
+# Args:
+# @: varies: command-line options to parse
+# Returns:
+# integer: a FLAGS success condition
+_flags_getoptStandard()
+{
+ flags_return=${FLAGS_TRUE}
+ _flags_shortOpts_=`_flags_genOptStr ${__FLAGS_OPTSTR_SHORT}`
+
+ # check for spaces in passed options
+ for _flags_opt_ in "$@"; do
+ # note: the silliness with the x's is purely for ksh93 on Ubuntu 6.06
+ _flags_match_=`echo "x${_flags_opt_}x" |sed 's/ //g'`
+ if [ "${_flags_match_}" != "x${_flags_opt_}x" ]; then
+ flags_error='the available getopt does not support spaces in options'
+ flags_return=${FLAGS_ERROR}
+ break
+ fi
+ done
+
+ if [ ${flags_return} -eq ${FLAGS_TRUE} ]; then
+ __flags_opts=`getopt ${_flags_shortOpts_} $@ 2>&1`
+ _flags_rtrn_=$?
+ if [ ${_flags_rtrn_} -ne ${FLAGS_TRUE} ]; then
+ _flags_warn "${__flags_opts}"
+ flags_error='unable to parse provided options with getopt.'
+ flags_return=${FLAGS_ERROR}
+ fi
+ fi
+
+ unset _flags_match_ _flags_opt_ _flags_rtrn_ _flags_shortOpts_
+ return ${flags_return}
+}
+
+# Parse command-line options using the enhanced getopt.
+#
+# Note: the flag options are passed around in the global __flags_opts so that
+# the formatting is not lost due to shell parsing and such.
+#
+# Args:
+# @: varies: command-line options to parse
+# Returns:
+# integer: a FLAGS success condition
+_flags_getoptEnhanced()
+{
+ flags_return=${FLAGS_TRUE}
+ _flags_shortOpts_=`_flags_genOptStr ${__FLAGS_OPTSTR_SHORT}`
+ _flags_boolOpts_=`echo "${__flags_boolNames}" \
+ |sed 's/^ *//;s/ *$//;s/ /,/g'`
+ _flags_longOpts_=`_flags_genOptStr ${__FLAGS_OPTSTR_LONG}`
+
+ __flags_opts=`getopt \
+ -o ${_flags_shortOpts_} \
+ -l "${_flags_longOpts_},${_flags_boolOpts_}" \
+ -- "$@" 2>&1`
+ _flags_rtrn_=$?
+ if [ ${_flags_rtrn_} -ne ${FLAGS_TRUE} ]; then
+ _flags_warn "${__flags_opts}"
+ flags_error='unable to parse provided options with getopt.'
+ flags_return=${FLAGS_ERROR}
+ fi
+
+ unset _flags_boolOpts_ _flags_longOpts_ _flags_rtrn_ _flags_shortOpts_
+ return ${flags_return}
+}
+
+# Dynamically parse a getopt result and set appropriate variables.
+#
+# This function does the actual conversion of getopt output and runs it through
+# the standard case structure for parsing. The case structure is actually quite
+# dynamic to support any number of flags.
+#
+# Args:
+# argc: int: original command-line argument count
+# @: varies: output from getopt parsing
+# Returns:
+# integer: a FLAGS success condition
+_flags_parseGetopt()
+{
+ _flags_argc_=$1
+ shift
+
+ flags_return=${FLAGS_TRUE}
+
+ if [ ${__FLAGS_GETOPT_VERS} -ne ${__FLAGS_GETOPT_VERS_ENH} ]; then
+ set -- $@
+ else
+ # note the quotes around the `$@' -- they are essential!
+ eval set -- "$@"
+ fi
+
+ # provide user with number of arguments to shift by later
+ # NOTE: the FLAGS_ARGC variable is obsolete as of 1.0.3 because it does not
+ # properly give user access to non-flag arguments mixed in between flag
+ # arguments. Its usage was replaced by FLAGS_ARGV, and it is being kept only
+ # for backwards compatibility reasons.
+ FLAGS_ARGC=`expr $# - 1 - ${_flags_argc_}`
+
+ # handle options. note options with values must do an additional shift
+ while true; do
+ _flags_opt_=$1
+ _flags_arg_=${2:-}
+ _flags_type_=${__FLAGS_TYPE_NONE}
+ _flags_name_=''
+
+ # determine long flag name
+ case "${_flags_opt_}" in
+ --) shift; break ;; # discontinue option parsing
+
+ --*) # long option
+ _flags_opt_=`expr "${_flags_opt_}" : '--\(.*\)'`
+ _flags_len_=${__FLAGS_LEN_LONG}
+ if _flags_itemInList "${_flags_opt_}" ${__flags_longNames}; then
+ _flags_name_=${_flags_opt_}
+ else
+ # check for negated long boolean version
+ if _flags_itemInList "${_flags_opt_}" ${__flags_boolNames}; then
+ _flags_name_=`expr "${_flags_opt_}" : 'no\(.*\)'`
+ _flags_type_=${__FLAGS_TYPE_BOOLEAN}
+ _flags_arg_=${__FLAGS_NULL}
+ fi
+ fi
+ ;;
+
+ -*) # short option
+ _flags_opt_=`expr "${_flags_opt_}" : '-\(.*\)'`
+ _flags_len_=${__FLAGS_LEN_SHORT}
+ if _flags_itemInList "${_flags_opt_}" ${__flags_shortNames}; then
+ # yes. match short name to long name. note purposeful off-by-one
+ # (too high) with awk calculations.
+ _flags_pos_=`echo "${__flags_shortNames}" \
+ |awk 'BEGIN{RS=" ";rn=0}$0==e{rn=NR}END{print rn}' \
+ e=${_flags_opt_}`
+ _flags_name_=`echo "${__flags_longNames}" \
+ |awk 'BEGIN{RS=" "}rn==NR{print $0}' rn="${_flags_pos_}"`
+ fi
+ ;;
+ esac
+
+ # die if the flag was unrecognized
+ if [ -z "${_flags_name_}" ]; then
+ flags_error="unrecognized option (${_flags_opt_})"
+ flags_return=${FLAGS_ERROR}
+ break
+ fi
+
+ # set new flag value
+ [ ${_flags_type_} -eq ${__FLAGS_TYPE_NONE} ] && \
+ _flags_type_=`_flags_getFlagInfo \
+ "${_flags_name_}" ${__FLAGS_INFO_TYPE}`
+ case ${_flags_type_} in
+ ${__FLAGS_TYPE_BOOLEAN})
+ if [ ${_flags_len_} -eq ${__FLAGS_LEN_LONG} ]; then
+ if [ "${_flags_arg_}" != "${__FLAGS_NULL}" ]; then
+ eval "FLAGS_${_flags_name_}=${FLAGS_TRUE}"
+ else
+ eval "FLAGS_${_flags_name_}=${FLAGS_FALSE}"
+ fi
+ else
+ _flags_strToEval_="_flags_val_=\
+\${__flags_${_flags_name_}_${__FLAGS_INFO_DEFAULT}}"
+ eval "${_flags_strToEval_}"
+ if [ ${_flags_val_} -eq ${FLAGS_FALSE} ]; then
+ eval "FLAGS_${_flags_name_}=${FLAGS_TRUE}"
+ else
+ eval "FLAGS_${_flags_name_}=${FLAGS_FALSE}"
+ fi
+ fi
+ ;;
+
+ ${__FLAGS_TYPE_FLOAT})
+ if _flags_validateFloat "${_flags_arg_}"; then
+ eval "FLAGS_${_flags_name_}='${_flags_arg_}'"
+ else
+ flags_error="invalid float value (${_flags_arg_})"
+ flags_return=${FLAGS_ERROR}
+ break
+ fi
+ ;;
+
+ ${__FLAGS_TYPE_INTEGER})
+ if _flags_validateInteger "${_flags_arg_}"; then
+ eval "FLAGS_${_flags_name_}='${_flags_arg_}'"
+ else
+ flags_error="invalid integer value (${_flags_arg_})"
+ flags_return=${FLAGS_ERROR}
+ break
+ fi
+ ;;
+
+ ${__FLAGS_TYPE_STRING})
+ eval "FLAGS_${_flags_name_}='${_flags_arg_}'"
+ ;;
+ esac
+
+ # handle special case help flag
+ if [ "${_flags_name_}" = 'help' ]; then
+ if [ ${FLAGS_help} -eq ${FLAGS_TRUE} ]; then
+ flags_help
+ flags_error='help requested'
+ flags_return=${FLAGS_FALSE}
+ break
+ fi
+ fi
+
+ # shift the option and non-boolean arguements out.
+ shift
+ [ ${_flags_type_} != ${__FLAGS_TYPE_BOOLEAN} ] && shift
+ done
+
+ # give user back non-flag arguments
+ FLAGS_ARGV=''
+ while [ $# -gt 0 ]; do
+ FLAGS_ARGV="${FLAGS_ARGV:+${FLAGS_ARGV} }'$1'"
+ shift
+ done
+
+ unset _flags_arg_ _flags_len_ _flags_name_ _flags_opt_ _flags_pos_ \
+ _flags_strToEval_ _flags_type_ _flags_val_
+ return ${flags_return}
+}
+
+#------------------------------------------------------------------------------
+# public functions
+#
+
+# A basic boolean flag. Boolean flags do not take any arguments, and their
+# value is either 1 (false) or 0 (true). For long flags, the false value is
+# specified on the command line by prepending the word 'no'. With short flags,
+# the presense of the flag toggles the current value between true and false.
+# Specifying a short boolean flag twice on the command results in returning the
+# value back to the default value.
+#
+# A default value is required for boolean flags.
+#
+# For example, lets say a Boolean flag was created whose long name was 'update'
+# and whose short name was 'x', and the default value was 'false'. This flag
+# could be explicitly set to 'true' with '--update' or by '-x', and it could be
+# explicitly set to 'false' with '--noupdate'.
+DEFINE_boolean() { _flags_define ${__FLAGS_TYPE_BOOLEAN} "$@"; }
+
+# Other basic flags.
+DEFINE_float() { _flags_define ${__FLAGS_TYPE_FLOAT} "$@"; }
+DEFINE_integer() { _flags_define ${__FLAGS_TYPE_INTEGER} "$@"; }
+DEFINE_string() { _flags_define ${__FLAGS_TYPE_STRING} "$@"; }
+
+# Parse the flags.
+#
+# Args:
+# unnamed: list: command-line flags to parse
+# Returns:
+# integer: success of operation, or error
+FLAGS()
+{
+ # define a standard 'help' flag if one isn't already defined
+ [ -z "${__flags_help_type:-}" ] && \
+ DEFINE_boolean 'help' false 'show this help' 'h'
+
+ # parse options
+ if [ $# -gt 0 ]; then
+ if [ ${__FLAGS_GETOPT_VERS} -ne ${__FLAGS_GETOPT_VERS_ENH} ]; then
+ _flags_getoptStandard "$@"
+ else
+ _flags_getoptEnhanced "$@"
+ fi
+ flags_return=$?
+ else
+ # nothing passed; won't bother running getopt
+ __flags_opts='--'
+ flags_return=${FLAGS_TRUE}
+ fi
+
+ if [ ${flags_return} -eq ${FLAGS_TRUE} ]; then
+ _flags_parseGetopt $# "${__flags_opts}"
+ flags_return=$?
+ fi
+
+ [ ${flags_return} -eq ${FLAGS_ERROR} ] && _flags_fatal "${flags_error}"
+ return ${flags_return}
+}
+
+# This is a helper function for determining the `getopt` version for platforms
+# where the detection isn't working. It simply outputs debug information that
+# can be included in a bug report.
+#
+# Args:
+# none
+# Output:
+# debug info that can be included in a bug report
+# Returns:
+# nothing
+flags_getoptInfo()
+{
+ # platform info
+ _flags_debug "uname -a: `uname -a`"
+ _flags_debug "PATH: ${PATH}"
+
+ # shell info
+ if [ -n "${BASH_VERSION:-}" ]; then
+ _flags_debug 'shell: bash'
+ _flags_debug "BASH_VERSION: ${BASH_VERSION}"
+ elif [ -n "${ZSH_VERSION:-}" ]; then
+ _flags_debug 'shell: zsh'
+ _flags_debug "ZSH_VERSION: ${ZSH_VERSION}"
+ fi
+
+ # getopt info
+ getopt >/dev/null
+ _flags_getoptReturn=$?
+ _flags_debug "getopt return: ${_flags_getoptReturn}"
+ _flags_debug "getopt --version: `getopt --version 2>&1`"
+
+ unset _flags_getoptReturn
+}
+
+# Returns whether the detected getopt version is the enhanced version.
+#
+# Args:
+# none
+# Output:
+# none
+# Returns:
+# bool: true if getopt is the enhanced version
+flags_getoptIsEnh()
+{
+ test ${__FLAGS_GETOPT_VERS} -eq ${__FLAGS_GETOPT_VERS_ENH}
+}
+
+# Returns whether the detected getopt version is the standard version.
+#
+# Args:
+# none
+# Returns:
+# bool: true if getopt is the standard version
+flags_getoptIsStd()
+{
+ test ${__FLAGS_GETOPT_VERS} -eq ${__FLAGS_GETOPT_VERS_STD}
+}
+
+# This is effectively a 'usage()' function. It prints usage information and
+# exits the program with ${FLAGS_FALSE} if it is ever found in the command line
+# arguments. Note this function can be overridden so other apps can define
+# their own --help flag, replacing this one, if they want.
+#
+# Args:
+# none
+# Returns:
+# integer: success of operation (always returns true)
+flags_help()
+{
+ if [ -n "${FLAGS_HELP:-}" ]; then
+ echo "${FLAGS_HELP}" >&2
+ else
+ echo "USAGE: ${FLAGS_PARENT:-$0} [flags] args" >&2
+ fi
+ if [ -n "${__flags_longNames}" ]; then
+ echo 'flags:' >&2
+ for flags_name_ in ${__flags_longNames}; do
+ flags_flagStr_=''
+ flags_boolStr_=''
+
+ flags_default_=`_flags_getFlagInfo \
+ "${flags_name_}" ${__FLAGS_INFO_DEFAULT}`
+ flags_help_=`_flags_getFlagInfo \
+ "${flags_name_}" ${__FLAGS_INFO_HELP}`
+ flags_short_=`_flags_getFlagInfo \
+ "${flags_name_}" ${__FLAGS_INFO_SHORT}`
+ flags_type_=`_flags_getFlagInfo \
+ "${flags_name_}" ${__FLAGS_INFO_TYPE}`
+
+ [ "${flags_short_}" != "${__FLAGS_NULL}" ] \
+ && flags_flagStr_="-${flags_short_}"
+
+ if [ ${__FLAGS_GETOPT_VERS} -eq ${__FLAGS_GETOPT_VERS_ENH} ]; then
+ [ "${flags_short_}" != "${__FLAGS_NULL}" ] \
+ && flags_flagStr_="${flags_flagStr_},"
+ [ ${flags_type_} -eq ${__FLAGS_TYPE_BOOLEAN} ] \
+ && flags_boolStr_='[no]'
+ flags_flagStr_="${flags_flagStr_}--${flags_boolStr_}${flags_name_}:"
+ fi
+
+ case ${flags_type_} in
+ ${__FLAGS_TYPE_BOOLEAN})
+ if [ ${flags_default_} -eq ${FLAGS_TRUE} ]; then
+ flags_defaultStr_='true'
+ else
+ flags_defaultStr_='false'
+ fi
+ ;;
+ ${__FLAGS_TYPE_FLOAT}|${__FLAGS_TYPE_INTEGER})
+ flags_defaultStr_=${flags_default_} ;;
+ ${__FLAGS_TYPE_STRING}) flags_defaultStr_="'${flags_default_}'" ;;
+ esac
+ flags_defaultStr_="(default: ${flags_defaultStr_})"
+
+ flags_helpStr_=" ${flags_flagStr_} ${flags_help_} ${flags_defaultStr_}"
+ flags_helpStrLen_=`expr "${flags_helpStr_}" : '.*'`
+ flags_columns_=`_flags_columns`
+ if [ ${flags_helpStrLen_} -lt ${flags_columns_} ]; then
+ echo "${flags_helpStr_}" >&2
+ else
+ echo " ${flags_flagStr_} ${flags_help_}" >&2
+ # note: the silliness with the x's is purely for ksh93 on Ubuntu 6.06
+ # because it doesn't like empty strings when used in this manner.
+ flags_emptyStr_="`echo \"x${flags_flagStr_}x\" \
+ |awk '{printf "%"length($0)-2"s", ""}'`"
+ flags_helpStr_=" ${flags_emptyStr_} ${flags_defaultStr_}"
+ flags_helpStrLen_=`expr "${flags_helpStr_}" : '.*'`
+ if [ ${__FLAGS_GETOPT_VERS} -eq ${__FLAGS_GETOPT_VERS_STD} \
+ -o ${flags_helpStrLen_} -lt ${flags_columns_} ]; then
+ # indented to match help string
+ echo "${flags_helpStr_}" >&2
+ else
+ # indented four from left to allow for longer defaults as long flag
+ # names might be used too, making things too long
+ echo " ${flags_defaultStr_}" >&2
+ fi
+ fi
+ done
+ fi
+
+ unset flags_boolStr_ flags_default_ flags_defaultStr_ flags_emptyStr_ \
+ flags_flagStr_ flags_help_ flags_helpStr flags_helpStrLen flags_name_ \
+ flags_columns_ flags_short_ flags_type_
+ return ${FLAGS_TRUE}
+}
+
+# Reset shflags back to an uninitialized state.
+#
+# Args:
+# none
+# Returns:
+# nothing
+flags_reset()
+{
+ for flags_name_ in ${__flags_longNames}; do
+ flags_strToEval_="unset FLAGS_${flags_name_}"
+ for flags_type_ in \
+ ${__FLAGS_INFO_DEFAULT} \
+ ${__FLAGS_INFO_HELP} \
+ ${__FLAGS_INFO_SHORT} \
+ ${__FLAGS_INFO_TYPE}
+ do
+ flags_strToEval_=\
+"${flags_strToEval_} __flags_${flags_name_}_${flags_type_}"
+ done
+ eval ${flags_strToEval_}
+ done
+
+ # reset internal variables
+ __flags_boolNames=' '
+ __flags_longNames=' '
+ __flags_shortNames=' '
+
+ unset flags_name_ flags_type_ flags_strToEval_
+}
diff --git a/scripts/image_signing/sign_official_build.sh b/scripts/image_signing/sign_official_build.sh
index e4f6c3d..8bafced 100755
--- a/scripts/image_signing/sign_official_build.sh
+++ b/scripts/image_signing/sign_official_build.sh
@@ -122,6 +122,17 @@
local keyblock=$2 # Keyblock for re-generating signed kernel partition
local signprivate=$3 # Private key to use for signing.
+ # check and clear need_to_resign tag
+ local rootfs_dir=$(make_temp_dir)
+ mount_image_partition_ro "${image}" 3 "${rootfs_dir}"
+ if has_needs_to_be_resigned_tag "${rootfs_dir}"; then
+ # remount as RW
+ sudo umount -d "${rootfs_dir}"
+ mount_image_partition "${image}" 3 "${rootfs_dir}"
+ sudo rm -f "${rootfs_dir}/${TAG_NEEDS_TO_BE_SIGNED}"
+ fi
+ sudo umount -d "${rootfs_dir}"
+
local rootfs_image=$(make_temp_file)
extract_image_partition ${image} 3 ${rootfs_image}
local kernel_config=$(grab_kernel_config "${image}")
@@ -180,7 +191,7 @@
mount_image_partition ${image} 3 ${rootfs_dir}
# Force unmount of the rootfs on function exit as it is needed later.
trap "sudo umount -d ${rootfs_dir}" RETURN
-
+
local shellball_dir=$(make_temp_dir)
# get_firmwarebin_from_shellball can fail if the image has no
# firmware update.
diff --git a/scripts/image_signing/tag_image.sh b/scripts/image_signing/tag_image.sh
new file mode 100755
index 0000000..143a221
--- /dev/null
+++ b/scripts/image_signing/tag_image.sh
@@ -0,0 +1,158 @@
+#!/bin/bash
+
+# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Script to manipulate the tag files in the output of build_image
+
+# Load common constants. This should be the first executable line.
+# The path to common.sh should be relative to your script's location.
+. "$(dirname "$0")/common.sh"
+
+DEFINE_string from "chromiumos_image.bin" \
+ "Input file name of Chrome OS image to tag/stamp."
+DEFINE_string update_firmware "" \
+ "Tag to force updating firmware (1 to enable, 0 to disable)"
+DEFINE_string dev_mode "" \
+ "Tag for developer mode (1 to enable, 0 to disable)"
+
+# Parse command line
+FLAGS "$@" || exit 1
+eval set -- "${FLAGS_ARGV}"
+
+# Abort on error
+set -e
+
+if [ -z ${FLAGS_from} ] || [ ! -f ${FLAGS_from} ] ; then
+ echo "Error: invalid flag --from"
+ exit 1
+fi
+
+# Global variable to track if image is modified.
+g_modified=${FLAGS_FALSE}
+
+# Processes (enable, disable, or simply report) a tag file.
+# Args: DO_MODIFICATION NAME ROOT TAG_FILE ACTION
+#
+# When DO_MODIFICATION=${FLAGS_TRUE},
+# Creates (ACTION=1) the TAG_FILE in ROOT, or
+# removes (ACTION=0) the TAG_FILE in ROOT, then
+# reports the status (and change) to the tag file.
+# When DO_MODIFICATION=${FLAGS_FALSE},
+# make a dry-run and only change ${g_modified}
+function process_tag() {
+ local tag_status_text=""
+ local do_modification="$1"
+ local name="$2"
+ local root="$3"
+ local tag_file_path="$3/$4"
+ local action="$5"
+ local do_enable=${FLAGS_FALSE}
+ local do_disable=${FLAGS_FALSE}
+
+ # only 1, 0, and "" are valid params to action.
+ case "${action}" in
+ "1" )
+ do_enable=${FLAGS_TRUE}
+ ;;
+ "0" )
+ do_disable=${FLAGS_TRUE}
+ ;;
+ "" )
+ ;;
+ * )
+ echo "Error: invalid param to ${name}: ${action} (must be 1 or 0)."
+ exit 1
+ ;;
+ esac
+
+ if [ -f "${tag_file_path}" ]; then
+ tag_status_text="ENABLED"
+ if [ "${do_disable}" = ${FLAGS_TRUE} ]; then
+ # disable the tag
+ if [ "${do_modification}" = ${FLAGS_TRUE} ]; then
+ sudo rm "${tag_file_path}"
+ fi
+ g_modified=${FLAGS_TRUE}
+ tag_status_text="${tag_status_text} => disabled"
+ elif [ "${do_disable}" != ${FLAGS_FALSE} ]; then
+ # internal error
+ echo "Internal error for tag ${name}: need disable param." 1>&2
+ exit 1
+ fi
+ else
+ tag_status_text="disabled"
+ if [ "${do_enable}" = ${FLAGS_TRUE} ]; then
+ # enable the tag
+ if [ "${do_modification}" = ${FLAGS_TRUE} ]; then
+ sudo touch "${tag_file_path}"
+ fi
+ g_modified=${FLAGS_TRUE}
+ tag_status_text="${tag_status_text} => ENABLED"
+ elif [ "${do_enable}" != ${FLAGS_FALSE} ]; then
+ # internal error
+ echo "Internal error for tag ${name}: need enable param." 1>&2
+ exit 1
+ fi
+ fi
+
+ # report tag status
+ if [ "${do_modification}" != ${FLAGS_TRUE} ]; then
+ echo "${name}: ${tag_status_text}"
+ fi
+}
+
+# Iterates all tags to a given partition root.
+# Args: ROOTFS DO_MODIFICATION
+#
+# Check process_tag for the meaning of parameters.
+process_all_tags() {
+ local rootfs="$1"
+ local do_modification="$2"
+
+ process_tag "${do_modification}" \
+ "Update Firmware" \
+ "${rootfs}" \
+ /root/.force_update_firmware \
+ "${FLAGS_update_firmware}"
+
+ process_tag "${do_modification}" \
+ "Developer Mode" \
+ "${rootfs}" \
+ /root/.dev_mode \
+ "${FLAGS_dev_mode}"
+}
+
+IMAGE=$(readlink -f "${FLAGS_from}")
+if [[ -z "${IMAGE}" || ! -f "${IMAGE}" ]]; then
+ echo "Missing required argument: --from (image to update)"
+ usage
+ exit 1
+fi
+
+# First round, mount as read-only and check if we read any modification.
+rootfs=$(make_temp_dir)
+mount_image_partition_ro "${IMAGE}" 3 "${rootfs}"
+
+# we don't have tags in stateful partition yet...
+# stateful_dir=$(make_temp_dir)
+# mount_image_partition ${IMAGE} 1 ${stateful_dir}
+
+process_all_tags "${rootfs}" ${FLAGS_FALSE}
+
+if [ ${g_modified} = ${FLAGS_TRUE} ]; then
+ # remount as RW (we can't use mount -o rw,remount because of loop device)
+ sudo umount -d "${rootfs}"
+ mount_image_partition "${IMAGE}" 3 "${rootfs}"
+
+ # Second round, apply the modification to image.
+ process_all_tags "${rootfs}" ${FLAGS_TRUE}
+
+ # this is supposed to be automatically done in mount_image_partition,
+ # but it's no harm to explicitly make it again here.
+ tag_as_needs_to_be_resigned "${rootfs}"
+ echo "IMAGE IS MODIFIED. PLEASE REMEMBER TO RESIGN YOUR IMAGE."
+else
+ echo "Image is not modified."
+fi