Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / vboot_reference / 61ed188e9585db538f2686f3e62365156c8d7363^! / .
commit61ed188e9585db538f2686f3e62365156c8d7363[log] [tgz]
authorJim Hebert <jimhebert@chromium.org>Thu Aug 02 09:55:27 2012 -0700
committerGerrit <chrome-bot@google.com>Tue Aug 07 14:28:01 2012 -0700
tree05dacdecb303263212b85b6d72d5ff375112c0f6
parentf217520215e7e3d2f5ca006992ab5002927c4f87 [diff]
Extend "non-release" check to session manager use-flags.

Since we've moved away from flag-files in session manager to
enable certain dev/test-mode features, our strategy of checking
for those flag files on the signer fell behind. This test adopts
a scheme that any use flag starting with "test_" or "dangerous_"
is blacklisted from release signing.

BUG=chromium-os:32430
TEST=ran the script against both a 'base' and 'test' image
from the builder/ToT. Passes/fails as expected.

Change-Id: I54d6ef17d52371c7543d5705e0939e000db85e51
Reviewed-on: https://gerrit.chromium.org/gerrit/29034
Reviewed-by: Chris Masone <cmasone@chromium.org>
Tested-by: Jim Hebert <jimhebert@chromium.org>
Commit-Ready: Jim Hebert <jimhebert@chromium.org>

diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index bc38a57..5a07248 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
@@ -48,6 +48,18 @@
         fi
     done
 
+    # Some things which used to be flag-files, checked-for by this
+    # test, are now tracked as use-flags.
+    local useflag_path="$rootfs/etc/session_manager_use_flags.txt"
+    for prefix in dangerous_ test_; do
+        local matches=$(grep "^$prefix" "$useflag_path")
+        if [ -n "$matches" ]; then
+            echo "FAIL: Found non-release use flags in $useflag_path:"
+            echo "$matches"
+            testfail=1
+        fi
+    done
+
     exit $testfail
 }
 main "$@"