kernel tools: make build-dtb-image.sh root-only and remove sudo dependency

bjordiscollaku · web-flow · commit 388f7a9e1919 · 2025-11-26T12:01:51.000-08:00
Refine build-dtb-image.sh to operate as a root-only tool and eliminate its runtime dependency on sudo, improving compatibility with minimal and containerized CI environments.

Changes:
- Add an explicit EUID check at startup and fail fast if the script is not executed as root, clarifying the requirement for losetup/mkfs/mount operations.
- Remove all internal sudo invocations around:
  - losetup --show -fP
  - mkfs.vfat
  - mount / umount
  - loop-device detach
  - DTB copy into the mounted FAT filesystem
- Keep the existing EXIT trap semantics intact, still guaranteeing:
  - sync() best-effort flush,
  - unmount of the temporary mountpoint (if present and mounted),
  - loop device detachment,
  - removal of the temporary sanitized manifest file.

Behavior of the tool is otherwise unchanged:
it still normalizes and validates DTB paths from the manifest, produces &lt;DTB_SRC&gt;/combined-dtb.dtb by concatenation in manifest order, and creates a FAT-formatted dtb.bin image containing only the combined DTB. 

The script is now better aligned with containerized CI usage patterns, where the entrypoint already runs as root and sudo is typically absent.

Signed-off-by: Bjordis Collaku &lt;bcollaku@qti.qualcomm.com&gt;
diff --git a/kernel/scripts/build-dtb-image.sh b/kernel/scripts/build-dtb-image.sh
@@ -41,10 +41,7 @@
 #       * losetup
 #       * mount / umount
 #       * dd (with status=progress support is nice but not required)
-#   - sudo access for:
-#       * losetup
-#       * mkfs.vfat
-#       * mount / umount
+#   - This script must be run as root (no internal sudo calls).
 #
 # Notes:
 #   - The combined DTB is written to: <DTB_SRC>/combined-dtb.dtb
@@ -59,6 +56,12 @@
 
 set -euo pipefail
 
+# Require running as root (needed for losetup, mkfs, mount, etc.)
+if [[ "$EUID" -ne 0 ]]; then
+    echo "[ERROR] This script must be run as root (no internal sudo calls)." >&2
+    exit 1
+fi
+
 # ----------------------------- Defaults --------------------------------------
 
 DTB_BIN_SIZE=4         # Default FAT image size (MB)
@@ -79,7 +82,7 @@ Usage: $0 -dtb-src <path> -manifest <file> [-size <MB>] [-out <file>]
 
   -dtb-src   Path to DTB source directory (e.g. arch/arm64/boot/dts/qcom)
   -manifest  Path to manifest file listing DTBs (one per line)
-  -size      FAT image size in MB (default: 7)
+  -size      FAT image size in MB (default: 4)
   -out       Output image filename (default: dtb.bin)
 EOF
     exit 1
@@ -95,15 +98,15 @@ cleanup() {
     # Unmount the mountpoint if it exists and is currently mounted
     if [[ -n "${MNT_DIR:-}" && -d "$MNT_DIR" ]]; then
         if mountpoint -q "$MNT_DIR"; then
-            sudo umount "$MNT_DIR" || true
+            umount "$MNT_DIR" || true
         fi
         # Try to remove the temporary directory (ignore failures)
         rmdir "$MNT_DIR" 2>/dev/null || true
     fi
 
     # Detach loop device if it was created
     if [[ -n "${LOOP_DEV:-}" ]]; then
-        sudo losetup -d "$LOOP_DEV" || true
+        losetup -d "$LOOP_DEV" || true
     fi
 
     # Remove temporary sanitized list
@@ -208,7 +211,6 @@ OUT="${DTB_SRC}/combined-dtb.dtb"
 rm -f "$OUT"
 
 # Concatenate in the order specified by the sanitized manifest.
-# xargs -a is GNU-specific but acceptable for typical Linux build hosts.
 xargs -a "$SANLIST" -r cat > "$OUT"
 echo "[INFO] Combined DTBs into: $OUT"
 ls -lh "$OUT"
@@ -219,23 +221,23 @@ echo "[INFO] Creating FAT image '$DTB_BIN' (${DTB_BIN_SIZE} MB)..."
 dd if=/dev/zero of="$DTB_BIN" bs=1M count="$DTB_BIN_SIZE" status=progress
 
 # Attach a loop device to the image
-LOOP_DEV="$(sudo losetup --show -fP "$DTB_BIN")"
+LOOP_DEV="$(losetup --show -fP "$DTB_BIN")"
 echo "[INFO] Using loop device: $LOOP_DEV"
 
 # Create a temporary mount directory for this run
 MNT_DIR="$(mktemp -d -t dtb-mnt-XXXXXX)"
 
 # Format the loop device with FAT
 echo "[INFO] Formatting $LOOP_DEV as FAT..."
-sudo mkfs.vfat "$LOOP_DEV" >/dev/null
+mkfs.vfat "$LOOP_DEV" >/dev/null
 
 # Mount the loop device
 echo "[INFO] Mounting $LOOP_DEV at $MNT_DIR..."
-sudo mount "$LOOP_DEV" "$MNT_DIR"
+mount "$LOOP_DEV" "$MNT_DIR"
 
 # ----------------------- Deploy Combined DTB ---------------------------------
 
-sudo cp "$OUT" "$MNT_DIR/"
+cp "$OUT" "$MNT_DIR/"
 echo "[INFO] Deployed combined DTB into FAT image."
 echo "[INFO] Files in image:"
 ls -lh "$MNT_DIR"
