openwrt/package/base-files/files/lib/upgrade/fwtool.sh

93 lines
2.6 KiB
Bash
Raw Normal View History

fwtool_check_signature() {
[ $# -gt 1 ] && return 1
[ ! -x /usr/bin/ucert ] && {
if [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ]; then
return 1
else
return 0
fi
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
v "Image signature not present"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
return 0
fi
fwtool -q -T -s /dev/null "$1" | \
ucert -V -m - -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
return $?
}
fwtool_check_image() {
[ $# -gt 1 ] && return 1
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
v "Image metadata not present"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
return 0
fi
json_load "$(cat /tmp/sysupgrade.meta)" || {
v "Invalid image metadata"
return 1
}
device="$(cat /tmp/sysinfo/board_name)"
devicecompat="$(uci -q get system.@system[0].compat_version)"
[ -n "$devicecompat" ] || devicecompat="1.0"
json_get_var imagecompat compat_version
json_get_var compatmessage compat_message
[ -n "$imagecompat" ] || imagecompat="1.0"
base-files: fwtool: make compat_version backward compatible So far, the compatibility mechanism only works if both device and image are already updated to the new routines. This patch extends the sysupgrade metadata and fwtool_check_image() to account for "older" images as well: The basic mechanism for older devices to check for image compatibility is the supported_devices entry. This can be exploited by putting a custom message into this variable of the metadata, so older FW will produce a mismatch and print the message as it thinks it's the list of supported devices. So, we have two cases: device 1.0, image 1.0: The metadata will just contain supported_devices as before. device 1.0, image 1.1: The metadata will contain: "new_supported_devices":["device_string1", "device_string2", ...], "supported_devices":["Image version 1.1 incompatible to device: ..."] If the device is "legacy", i.e. does not have the updated fwtool.sh, it will just fail with image check and print the content of supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be printed on old devices as well through the same mechanism. Otherwise a generic "Please check documentation ..." is appended. Upgrade can still be performed with -F like when SUPPORTED_DEVICES has been removed to prevent bricking. If the device has updated fwtool.sh (but is 1.0), it will just use the new_supported_devices instead, and work as intended (flashing with -n will work, flashing without will print the appropriate warning). This mechanism should provide a fair tradeoff between simplicity and functionality. Since we touched a lot of fields in metadata, this also bumps metadata_version to 1.1. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-09 17:46:44 +00:00
# select correct supported list based on compat_version
# (using this ensures that compatibility check works for devices
# not knowing about compat-version)
local supported=supported_devices
[ "$imagecompat" != "1.0" ] && supported=new_supported_devices
json_select $supported || return 1
json_get_keys dev_keys
for k in $dev_keys; do
json_get_var dev "$k"
if [ "$dev" = "$device" ]; then
# major compat version -> no sysupgrade
if [ "${devicecompat%.*}" != "${imagecompat%.*}" ]; then
v "The device is supported, but this image is incompatible for sysupgrade based on the image version ($devicecompat->$imagecompat)."
[ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
# minor compat version -> sysupgrade with -n required
if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [ "$SAVE_CONFIG" = "1" ]; then
v "The device is supported, but the config is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade without keeping config (sysupgrade -n)."
[ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
return 0
fi
done
v "Device $device not supported by this image"
vn "Supported devices:"
for k in $dev_keys; do
json_get_var dev "$k"
_vn " $dev"
done
_v
return 1
}