From cc853810a4aae04f1afcad3439bf9db6fc1f4852 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 14 Nov 2016 17:30:51 +0100 Subject: [PATCH] base-files: validate metadata of sysupgrade images Use fwtool to extract it, only require metadata to be present if the platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1 Image metadata is in JSON format and contains a list of supported devices, along with version information that could be displayed by a UI later before the actual upgrade happens. Signed-off-by: Felix Fietkau --- package/base-files/Makefile | 2 +- .../base-files/files/lib/upgrade/fwtool.sh | 40 +++++++++++++++++++ package/base-files/files/sbin/sysupgrade | 3 +- 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 package/base-files/files/lib/upgrade/fwtool.sh diff --git a/package/base-files/Makefile b/package/base-files/Makefile index ef62db29bd1..637d88b5adc 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -30,7 +30,7 @@ endif define Package/base-files SECTION:=base CATEGORY:=Base system - DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:lede-keyring +fstools + DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:lede-keyring +fstools +fwtool TITLE:=Base filesystem for Lede URL:=http://openwrt.org/ VERSION:=$(PKG_RELEASE)-$(REVISION) diff --git a/package/base-files/files/lib/upgrade/fwtool.sh b/package/base-files/files/lib/upgrade/fwtool.sh new file mode 100644 index 00000000000..984c173097e --- /dev/null +++ b/package/base-files/files/lib/upgrade/fwtool.sh @@ -0,0 +1,40 @@ +fwtool_pre_upgrade() { + fwtool -q -i /dev/null "$1" +} + +fwtool_check_image() { + [ $# -gt 1 ] && return 1 + + . /usr/share/libubox/jshn.sh + + if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then + echo "Image metadata not found" + [ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1 + return 0 + fi + + json_load "$(cat /tmp/sysupgrade.meta)" || { + echo "Invalid image metadata" + return 1 + } + + device="$(cat /tmp/sysinfo/board_name)" + + json_select supported_devices || return 1 + + json_get_keys dev_keys + for k in $dev_keys; do + json_get_var dev "$k" + [ "$dev" = "$device" ] && return 0 + done + + echo "Device $device not supported by this image" + echo -n "Supported devices:" + for k in $dev_keys; do + json_get_var dev "$k" + echo -n " $dev" + done + echo + + return 1 +} diff --git a/package/base-files/files/sbin/sysupgrade b/package/base-files/files/sbin/sysupgrade index 2f441f868ba..c095ca81c50 100755 --- a/package/base-files/files/sbin/sysupgrade +++ b/package/base-files/files/sbin/sysupgrade @@ -128,7 +128,8 @@ add_overlayfiles() { } # hooks -sysupgrade_image_check="platform_check_image" +sysupgrade_image_check="fwtool_check_image platform_check_image" +sysupgrade_pre_upgrade="fwtool_pre_upgrade" [ $SAVE_OVERLAY = 0 -o ! -d /overlay/etc ] && \ sysupgrade_init_conffiles="add_uci_conffiles" || \ sysupgrade_init_conffiles="add_overlayfiles"