mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 07:22:33 +00:00
9808bd2799
This reverts commit 41770add03
.
The fwtool_check_image() procedure is used by `sysupgrade --test` which must
not alter the image under test in any way.
Currently, when the LuCI ui or any other sysupgrade wrapper first invokes
sysupgrade --test to verify the compatibility of the image and then calculates
the sha256sum over it, the resulting checksum will differ from the original
image since the test invocation will implicitely strip the metadata trailer.
To properly fix the underlying issue, the combined image checksumming code
must be modified to skip the metadata trailer.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
65 lines
1.4 KiB
Bash
65 lines
1.4 KiB
Bash
fwtool_check_signature() {
|
|
[ $# -gt 1 ] && return 1
|
|
|
|
[ ! -x /usr/bin/ucert ] && {
|
|
if [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ]; then
|
|
return 1
|
|
else
|
|
return 0
|
|
fi
|
|
}
|
|
|
|
if ! fwtool -q -t -s /tmp/sysupgrade.ucert "$1"; then
|
|
echo "Image signature not found"
|
|
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
|
|
echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
|
|
}
|
|
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
|
|
return 0
|
|
fi
|
|
|
|
ucert -V -m "$1" -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
|
|
|
|
return $?
|
|
}
|
|
|
|
fwtool_check_image() {
|
|
[ $# -gt 1 ] && return 1
|
|
|
|
. /usr/share/libubox/jshn.sh
|
|
|
|
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
|
|
echo "Image metadata not found"
|
|
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
|
|
echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
|
|
}
|
|
[ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
|
|
return 0
|
|
fi
|
|
|
|
json_load "$(cat /tmp/sysupgrade.meta)" || {
|
|
echo "Invalid image metadata"
|
|
return 1
|
|
}
|
|
|
|
device="$(cat /tmp/sysinfo/board_name)"
|
|
|
|
json_select supported_devices || return 1
|
|
|
|
json_get_keys dev_keys
|
|
for k in $dev_keys; do
|
|
json_get_var dev "$k"
|
|
[ "$dev" = "$device" ] && return 0
|
|
done
|
|
|
|
echo "Device $device not supported by this image"
|
|
echo -n "Supported devices:"
|
|
for k in $dev_keys; do
|
|
json_get_var dev "$k"
|
|
echo -n " $dev"
|
|
done
|
|
echo
|
|
|
|
return 1
|
|
}
|