mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-26 06:09:37 +00:00
9808bd2799
This reverts commit 41770add03ad77a0ce41ed424ad050238f7d9272. The fwtool_check_image() procedure is used by `sysupgrade --test` which must not alter the image under test in any way. Currently, when the LuCI ui or any other sysupgrade wrapper first invokes sysupgrade --test to verify the compatibility of the image and then calculates the sha256sum over it, the resulting checksum will differ from the original image since the test invocation will implicitely strip the metadata trailer. To properly fix the underlying issue, the combined image checksumming code must be modified to skip the metadata trailer. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
65 lines
1.4 KiB
Bash
65 lines
1.4 KiB
Bash
fwtool_check_signature() {
|
|
[ $# -gt 1 ] && return 1
|
|
|
|
[ ! -x /usr/bin/ucert ] && {
|
|
if [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ]; then
|
|
return 1
|
|
else
|
|
return 0
|
|
fi
|
|
}
|
|
|
|
if ! fwtool -q -t -s /tmp/sysupgrade.ucert "$1"; then
|
|
echo "Image signature not found"
|
|
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
|
|
echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
|
|
}
|
|
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
|
|
return 0
|
|
fi
|
|
|
|
ucert -V -m "$1" -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
|
|
|
|
return $?
|
|
}
|
|
|
|
fwtool_check_image() {
|
|
[ $# -gt 1 ] && return 1
|
|
|
|
. /usr/share/libubox/jshn.sh
|
|
|
|
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
|
|
echo "Image metadata not found"
|
|
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
|
|
echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
|
|
}
|
|
[ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
|
|
return 0
|
|
fi
|
|
|
|
json_load "$(cat /tmp/sysupgrade.meta)" || {
|
|
echo "Invalid image metadata"
|
|
return 1
|
|
}
|
|
|
|
device="$(cat /tmp/sysinfo/board_name)"
|
|
|
|
json_select supported_devices || return 1
|
|
|
|
json_get_keys dev_keys
|
|
for k in $dev_keys; do
|
|
json_get_var dev "$k"
|
|
[ "$dev" = "$device" ] && return 0
|
|
done
|
|
|
|
echo "Device $device not supported by this image"
|
|
echo -n "Supported devices:"
|
|
for k in $dev_keys; do
|
|
json_get_var dev "$k"
|
|
echo -n " $dev"
|
|
done
|
|
echo
|
|
|
|
return 1
|
|
}
|