Extend "non-release" check to session manager use-flags.
Since we've moved away from flag-files in session manager to
enable certain dev/test-mode features, our strategy of checking
for those flag files on the signer fell behind. This test adopts
a scheme that any use flag starting with "test_" or "dangerous_"
is blacklisted from release signing.
BUG=chromium-os:32430
TEST=ran the script against both a 'base' and 'test' image
from the builder/ToT. Passes/fails as expected.
Change-Id: I54d6ef17d52371c7543d5705e0939e000db85e51
Reviewed-on: https://gerrit.chromium.org/gerrit/29034
Reviewed-by: Chris Masone <cmasone@chromium.org>
Tested-by: Jim Hebert <jimhebert@chromium.org>
Commit-Ready: Jim Hebert <jimhebert@chromium.org>
diff --git a/scripts/image_signing/ensure_no_nonrelease_files.sh b/scripts/image_signing/ensure_no_nonrelease_files.sh
index bc38a57..5a07248 100755
--- a/scripts/image_signing/ensure_no_nonrelease_files.sh
+++ b/scripts/image_signing/ensure_no_nonrelease_files.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
@@ -48,6 +48,18 @@
fi
done
+ # Some things which used to be flag-files, checked-for by this
+ # test, are now tracked as use-flags.
+ local useflag_path="$rootfs/etc/session_manager_use_flags.txt"
+ for prefix in dangerous_ test_; do
+ local matches=$(grep "^$prefix" "$useflag_path")
+ if [ -n "$matches" ]; then
+ echo "FAIL: Found non-release use flags in $useflag_path:"
+ echo "$matches"
+ testfail=1
+ fi
+ done
+
exit $testfail
}
main "$@"