commit | 39ebc17537a07352aef67b2629f9cbb8eaaa1389 | [log] [tgz] |
---|---|---|
author | Mike Frysinger <vapier@chromium.org> | Tue Jul 31 22:19:59 2018 |
committer | Mike Frysinger <vapier@chromium.org> | Thu Aug 23 21:26:40 2018 |
tree | cec1ce775c7f70d3191f679df740f9d401d4224e | |
parent | 9a64627d411f691acd596dad04615ee87554612b [diff] |
initial import of existing container code Change-Id: I11a17c1eb688e4a644eedc7554e488b3cdcd8a4f Reviewed-on: https://chromium-review.googlesource.com/1157238 Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org>
This is the code to create a container for ADB/Fastboot for use in CrOS in a Chrome App. This won't work on any other platform.
.crx
as a zip with all the CWS metadata inserted.manifest.json
uses NaCl-specific-paths in conjunction with the CWS to shrink downloads sent to users (see the platforms
key).You can use the ./bin/run-all
script to execute all the commands. See that file too for more details on each sub-step.
Here's a rough layout of the output:
dist/
: All cached/intermediate artifacts are under this. Nuke it to restart.build/
: Various build roots are in here.adb-*/
: The directory tree which creates the crx zip.signing/
: Intermediates for creating archives for signing.arm/
: The sysroot for the OCI container for the ARM arch.x86-64/
: The sysroot for the OCI container for the x86-64 arch.cache/
: All download artifacts are cached here.crx/
: The final zip files to upload to the CWS. This is the “final” extension and everything it needs.signing/
: All signing files (before & after signing). These are just the OCI container images._platform_specific/
: All architecture specific output files live here. This is where the final imageloader files are saved.We duplicate the files under each arch dir to make testing with official images and developer images (devkey) easier. That‘s why you’ll see e.g. _platform_specific/x86-64/adb/
and _platform_specific/x86-64/adb-devkeys/
. At runtime, imageloader will skip files that don't match the registered keys and move on to the ones that do. The contents of these directories are the same other than the signed details.
Once you run ./bin/run-all
, you can take the zip files under dist/build/crx/
and copy them to your Chromebook and load them unpacked. This will only work if your device is running devkeys (not the same thing as just being in dev mode). This is because the /usr/share/misc/oci-container-key-pub.der
is baked into the rootfs.
If you don't want to boot your own build of Chromium OS, you can copy over the image.squash
file from _platform_specific/x86-64/adb/
and unpack it (using unsquashfs
) or loopback mount it into a path like /usr/local/
. Then run run_oci
manually on that output directory (see the cmd_c
code in /usr/bin/crosh
for more details).
You probably want to run start device-jail
before doing so as crosh itself normally takes care of spawning that. Note that crosh itself will also stop device-jail once you're done.
You can even use chroot
to quickly test lower level details in the rootfs/
subdir of the squashfs image.