Skip to content

Instantly share code, notes, and snippets.

@DennisLfromGA
Last active July 31, 2022 10:17
Show Gist options
  • Save DennisLfromGA/6690677 to your computer and use it in GitHub Desktop.
Save DennisLfromGA/6690677 to your computer and use it in GitHub Desktop.
A script that asks to make the root filesystem read-writable for subsequent changes and additions by the user.
#!/bin/sh -e
##!! PLEASE USE THIS SCRIPT WITH CAUTION - AND AT YOUR OWN RISK !!##
##!! IT HAS BEEN KNOWN TO CAUSE RESETS AND WIPE DATA ON SOME CHROMEBOXES !!##
APPLICATION="${0##*/}"
ANSWER=''
SUDO=''
USAGE="
$APPLICATION [no options]
### A script that asks the user to make the root filesystem
##+ read-writable for subsequent changes and additions by the user.
"
## Exits the script with exit code $1, spitting out message $@ to stderr
error() {
local ecode="$1"
shift
echo "$*" 1>&2
exit "$ecode"
}
if [ $# -gt 0 ]; then error 0 "$USAGE"; fi
## Check for bootcache fix ...
checkbootcache () {
ret=$(grep -iq bootcache /usr/share/vboot/bin/make_dev_ssd.sh; echo $?)
if [ $ret -gt 0 ];
then echo "$ret: No 'bootcache' fix appplied yet. :("
echo "Not safe to continue, exiting..."
exit $ret
else echo "$ret: The 'bootcache' fix has been appplied - yay. :)"
echo "You can now run 'rw-rootfs' safely."
fi
}
## Report dev_boot_legacy and dev_boot_usb flags
## Check and set dev_boot_signed_only flag if needed.
checkflags() {
boot="$($SUDO crossystem dev_boot_usb dev_boot_legacy dev_boot_signed_only)"
echo -n "## "
echo "$boot"
echo " ##"
# db_usb and db_legacy can be off, db_signed_only should be off.
echo "$boot" | {
read -r usb legacy signed
suggest=''
if [ "$usb" = 1 ]; then
echo "NOTE: USB booting <Ctrl+U> is enabled." 1>&2
else
echo "WARNING: USB booting is disabled." 1>&2
suggest="$suggest dev_boot_usb=1"
fi
if [ "$legacy" = 1 ]; then
echo "NOTE: Legacy booting <Ctrl+L> is enabled." 1>&2
else
echo "WARNING: Legacy booting is disabled." 1>&2
suggest="$suggest dev_boot_legacy=1"
fi
if [ -n "$suggest" ]; then
echo "To enable, you can use the following command: $SUDO crossystem$suggest" 1>&2
sleep 3
fi
if [ "$signed" = 1 ]; then
# Only disable signed booting if the user hasn't to ensure booting unverified kernels
echo "WARNING: Signed boot verification is enabled; disabling it to ensure booting unverified kernel." 1>&2
echo "You can enable it again using: $SUDO crossystem dev_boot_signed_only=1" 1>&2
$SUDO crossystem dev_boot_signed_only=0 || true
sleep 3
else
echo "NOTE: Signed boot verification is disabled, you're good to go..." 1>&2
fi
sleep 2
}
}
##
## If we're not running as root, restart as root.
if [ ${UID:-$(id -u)} -ne 0 ]; then
echo "...elevating $USER to superuser via 'sudo'..."
SUDO='sudo'
fi
if $SUDO mount -i -o remount,rw / 2>/dev/null; then
echo "*** $(mount | grep ' / ') ***"
error 0 "Your rootfs is already mounted read-write ..."
fi
echo -n "Perform REMOVAL of rootfs verification (Y/n/q) ? " 1>&2
read ANSWER
case ${ANSWER:-y} in
[yY]*) checkbootcache
checkflags
echo
if grep -q CHROMEOS_RELEASE_BOARD=chromeover64 /etc/lsb-release
then
echo "...using CloudReady, disabling verity."
echo "$SUDO disable_verity" 1>&2
$SUDO disable_verity || ret=$? || true
else
echo "$SUDO /usr/libexec/debugd/helpers/dev_features_rootfs_verification" 1>&2
$SUDO /usr/libexec/debugd/helpers/dev_features_rootfs_verification || ret=$?
fi
if [ $ret -gt 0 ]; then
error 2 "Sorry but REMOVAL of rootfs verification failed."
else
echo
echo "*** Rebooting in 10 seconds to make changes effective ***" 1>&2
read -t 10 -p "... ENTER 'a' TO ABORT! " GO
if [ -n "${GO}" ]; then error 0 "Okay, ABORTING ..."; fi
$SUDO reboot && exit $ret
fi
;;
[nN]*) error 0 "Skipping REMOVAL of rootfs verification for now..."
;;
[qQ]*) error 0 "Quitting - no changes made..."
;;
*) error 1 "Not a valid choice, exiting..."
;;
esac
@Blaisorblade
Copy link

@DennisLfromGA: Cool! I used it because it's linked on https://github.com/dnschneid/crouton/wiki/Autostart-crouton-chroot-at-ChromeOS-startup — and it worked great. FWIW, that document also links to specific (and old) versions of your other gists (I used the latest versions of each piece).

@Blaisorblade
Copy link

@DennisLfromGA I'm afraid your last change does not fix the right problem: if you write foo || ret=$? and then use $ret, when commands succeed, ret is not set; as a consequence, the if that uses $ret becomes syntactically incorrect.
I only added || true to make sure that line doesn't fail when ret is false, but it's probably redundant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment