forked from ading2210/shimboot
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbuild_complete.sh
More file actions
executable file
·203 lines (176 loc) · 6.15 KB
/
Copy pathbuild_complete.sh
File metadata and controls
executable file
·203 lines (176 loc) · 6.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
#!/bin/bash
. ./common.sh
. ./image_utils.sh
print_help() {
echo "Usage: ./build_complete.sh board_name"
echo "Valid named arguments (specify with 'key=value'):"
echo " compress_img - Compress the final disk image into a zip file. Set this to any value to enable this option."
echo " quiet - Don't use progress indicators which may clog up log files."
echo " data_dir - The working directory for the scripts. This defaults to ./data"
echo " arch - The CPU architecture to build the shimboot image for. Set this to 'arm64' if you have an ARM Chromebook."
}
assert_root
assert_args "$1"
parse_args "$@"
base_dir="$(realpath -m $(dirname "$0"))"
board="$1"
compress_img="${args['compress_img']}"
quiet="${args['quiet']}"
data_dir="${args['data_dir']}"
arch="${args['arch']-amd64}"
#a list of all arm board names
arm_boards="
corsola hana jacuzzi kukui strongbad nyan-big kevin bob
veyron-speedy veyron-jerry veyron-minnie scarlet elm
kukui peach-pi peach-pit stumpy daisy-spring trogdor
"
#a list of shims that have a patch for the sh1mmer vulnerability
bad_boards="reef sand pyro"
if grep -q "$board" <<< "$arm_boards" > /dev/null; then
print_info "automatically detected arm64 device name"
arch="arm64"
fi
if grep -q "$board" <<< "$bad_boards" > /dev/null; then
print_error "Warning: you are attempting to build Shimboot for a board which has a shim that includes a fix for the sh1mmer vulnerability. The resulting image will not boot if you are enrolled."
read -p "Press [enter] to continue "
fi
kernel_arch="$(uname -m)"
host_arch="unknown"
if [ "$kernel_arch" = "x86_64" ]; then
host_arch="amd64"
elif [ "$kernel_arch" = "aarch64" ]; then
host_arch="arm64"
fi
needed_deps="wget python3 unzip zip git cpio binwalk pcregrep cgpt mkfs.ext4 mkfs.ext2 fdisk lz4 pv"
if [ "$(check_deps "$needed_deps")" ]; then
#install deps automatically on debian and ubuntu
if [ -f "/etc/debian_version" ]; then
print_title "attempting to install build deps"
apt-get install wget python3 unzip zip cpio binwalk pcregrep cgpt kmod pv lz4 -y
fi
assert_deps "$needed_deps"
fi
cleanup_path=""
sigint_handler() {
if [ $cleanup_path ]; then
rm -rf $cleanup_path
fi
exit 1
}
trap sigint_handler SIGINT
shim_url="" #set this if you want to download from a third party mirror
if [ -z "$data_dir" ]; then
data_dir="$base_dir/data"
else
data_dir="$(realpath -m "$data_dir")"
fi
shim_bin="$data_dir/shim_$board.bin"
shim_zip="$data_dir/shim_$board.zip"
shim_dir="$data_dir/shim_${board}_chunks"
mkdir -p "$data_dir"
extract_zip() {
local zip_path="$1"
local bin_path="$2"
cleanup_path="$bin_path"
print_info "extracting $zip_path"
local total_bytes="$(unzip -lq "$zip_path" | tail -1 | xargs | cut -d' ' -f1)"
if [ ! "$quiet" ]; then
unzip -p "$zip_path" | pv -s "$total_bytes" > "$bin_path"
else
unzip -p "$zip_path" > "$bin_path"
fi
rm -rf "$zip_path"
cleanup_path=""
}
download_and_unzip() {
local url="$1"
local zip_path="$2"
local bin_path="$3"
if [ ! -f "$bin_path" ]; then
if [ ! "$quiet" ]; then
wget -q --show-progress $url -O "$zip_path" -c
else
wget -q "$url" -O "$zip_path" -c
fi
fi
if [ ! -f "$bin_path" ]; then
extract_zip "$zip_path" "$bin_path"
fi
}
download_shim() {
print_info "downloading shim file manifest"
local boards_index="$(curl --no-progress-meter "https://cdn.cros.download/boards.txt")"
local shim_url_path="$(echo "$boards_index" | grep "/$board/").manifest"
local shim_url_dir="$(dirname "$shim_url_path")"
local shim_manifest="$(curl --no-progress-meter "https://cdn.cros.download/$shim_url_path")"
local py_load_json="import json, sys; manifest = json.load(sys.stdin)"
local zip_size="$(echo "$shim_manifest" | python3 -c "$py_load_json; print(manifest['size'])")"
local zip_size_pretty="$(echo "$zip_size" | numfmt --format %.2f --to=iec)"
local shim_chunks="$(echo "$shim_manifest" | python3 -c "$py_load_json; print('\\n'.join(manifest['chunks']))")"
local chunk_count="$(echo "$shim_chunks" | wc -l)"
local chunk_size="$((25 * 1024 * 1024))"
print_info "downloading shim file chunks (total $zip_size_pretty across $chunk_count chunks)"
mkdir -p "$shim_dir"
local i="0"
for shim_chunk in $shim_chunks; do
local chunk_url="https://cdn.cros.download/$shim_url_dir/$shim_chunk"
local chunk_path="$shim_dir/$shim_chunk"
local i="$(($i + 1))"
if [ -f "$chunk_path" ]; then
local existing_size="$(du -b "$chunk_path" | cut -f1)"
if [ "$existing_size" = "$chunk_size" ]; then
continue
fi
fi
print_info "downloading chunk $i / $chunk_count"
if [ ! "$quiet" ]; then
wget -c -q --show-progress "$chunk_url" -O "$chunk_path"
else
wget -c -q "$chunk_url" -O "$chunk_path"
fi
done
print_info "joining shim file chunks"
cleanup_path="$shim_zip"
if [ ! -f "$shim_bin" ]; then
cat "$shim_dir/"* | pv -s "$zip_size" > "$shim_zip"
rm -rf "$shim_dir"
fi
cleanup_path=""
print_info "extracting shim file"
if [ ! -f "$shim_bin" ]; then
extract_zip "$shim_zip" "$shim_bin"
fi
}
retry_cmd() {
local cmd="$@"
for i in 1 2 3 4 5; do
$cmd && break
done
}
print_title "downloading shim image"
if [ ! -f "$shim_bin" ]; then
if [ "$shim_url" ]; then
download_and_unzip "$shim_url" "$shim_zip" "$shim_bin"
else
download_shim "$shim_url" "$shim_zip" "$shim_bin"
fi
fi
print_title "creating minimal dummy rootfs (bootloader-only mode)"
rootfs_dir="$(realpath -m data/minimal_rootfs)"
rm -rf "$rootfs_dir"
chmod +x ./create_minimal_rootfs.sh
./create_minimal_rootfs.sh "$rootfs_dir"
print_title "building final disk image"
final_image="$data_dir/shimboot_$board.bin"
rm -rf $final_image
retry_cmd ./build.sh $final_image $shim_bin $rootfs_dir "quiet=$quiet" "arch=$arch" "name=bootloader_only"
print_info "build complete! the final disk image is located at $final_image"
print_title "cleaning up"
clean_loops
if [ "$compress_img" ]; then
image_zip="$data_dir/shimboot_$board.zip"
print_title "compressing disk image into a zip file"
zip -j $image_zip $final_image
print_info "finished compressing the disk file"
print_info "the finished zip file can be found at $image_zip"
fi