| Alex Klein | fa719c9 | 2018-10-15 14:04:22 -0600 | [diff] [blame^] | 1 | # -*- coding: utf-8 -*- |
| 2 | # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| 3 | # Use of this source code is governed by a BSD-style license that can be |
| 4 | # found in the LICENSE file. |
| 5 | |
| 6 | """This script provides CLI access to run security tests on a Chrome OS images. |
| 7 | |
| 8 | The entry point is available as image_lib.SecurityTest. Call that directly when |
| 9 | possible. |
| 10 | |
| 11 | Note: You probably will need an internal checkout by default for these |
| 12 | tests to be useful. You can provide your own baselines, but you |
| 13 | can certainly provide your own set of configs. |
| 14 | |
| 15 | Note: These tests will fail on dev images. They are designed to |
| 16 | check release recovery images only. |
| 17 | |
| 18 | Note: The --image argument can be a path or a basename. When a basename is |
| 19 | provided, the --board argument is always used to build the path. |
| 20 | Consequently, `./image_name.bin` and `image_name.bin` are treated |
| 21 | very differently. |
| 22 | """ |
| 23 | |
| 24 | from __future__ import print_function |
| 25 | |
| 26 | import re |
| 27 | |
| 28 | from chromite.lib import commandline |
| 29 | from chromite.lib import cros_build_lib |
| 30 | from chromite.lib import image_lib |
| 31 | |
| 32 | |
| 33 | def GetParser(): |
| 34 | """Build the Argument Parser.""" |
| 35 | parser = commandline.ArgumentParser(description=__doc__) |
| 36 | |
| 37 | parser.add_argument('--board', help='The board to test an image for.') |
| 38 | # Avoiding type='path' to allow the use of `./` to distinguish between a |
| 39 | # local image (e.g. `./image_name.bin`) and a basename (`image_name.bin`) in |
| 40 | # the board's build directory. The `./` would be normalized out of a |
| 41 | # type='path' argument, making it look like it's a basename. |
| 42 | parser.add_argument('--image', |
| 43 | help='Source release image to use (recovery_image.bin by ' |
| 44 | 'default). May be a path to an image or just the ' |
| 45 | 'basename of the image if a board is also provided.') |
| 46 | parser.add_argument('--baselines', type='path', |
| 47 | help='Directory to load security baselines from (default ' |
| 48 | 'from cros-signing).') |
| 49 | parser.add_argument('--vboot-hash', |
| 50 | help='The git rev of the vboot tree to checkout (default ' |
| 51 | 'to the signer hash).') |
| 52 | |
| 53 | return parser |
| 54 | |
| 55 | |
| 56 | def _ParseArgs(argv): |
| 57 | """Parse and validate arguments.""" |
| 58 | parser = GetParser() |
| 59 | opts = parser.parse_args(argv) |
| 60 | |
| 61 | # Need the board if no image provided or only the basename is provided so |
| 62 | # we can build out the full path to an image file. |
| 63 | opts.board = opts.board or cros_build_lib.GetDefaultBoard() |
| 64 | try: |
| 65 | opts.image = image_lib.BuildImagePath(opts.board, opts.image) |
| 66 | except image_lib.ImageDoesNotExistError as e: |
| 67 | # Replace |arg| with --arg, otherwise messages still relevant. |
| 68 | message = re.sub(r'\|(\w+)\|', r'--\1', e.message) |
| 69 | parser.error(message) |
| 70 | |
| 71 | opts.Freeze() |
| 72 | return opts |
| 73 | |
| 74 | |
| 75 | def main(argv): |
| 76 | cros_build_lib.AssertInsideChroot() |
| 77 | opts = _ParseArgs(argv) |
| 78 | try: |
| 79 | success = image_lib.SecurityTest(board=opts.board, image=opts.image, |
| 80 | baselines=opts.baselines, |
| 81 | vboot_hash=opts.vboot_hash) |
| 82 | except image_lib.Error as e: |
| 83 | cros_build_lib.Die(e.message) |
| 84 | else: |
| 85 | return 0 if success else 1 |