2018-01-15 02:37:17 +00:00
fwtool_check_signature( ) {
[ $# -gt 1 ] && return 1
[ ! -x /usr/bin/ucert ] && {
if [ " $REQUIRE_IMAGE_SIGNATURE " = 1 ] ; then
return 1
else
return 0
fi
}
2019-02-09 13:34:12 +00:00
if ! fwtool -q -s /tmp/sysupgrade.ucert " $1 " ; then
2018-01-15 02:37:17 +00:00
echo "Image signature not found"
[ " $REQUIRE_IMAGE_SIGNATURE " = 1 -a " $FORCE " != 1 ] && {
echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
}
[ " $REQUIRE_IMAGE_SIGNATURE " = 1 ] && return 1
return 0
fi
2019-02-12 15:37:30 +00:00
fwtool -q -T -s /dev/null " $1 " | \
ucert -V -m - -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
2018-01-15 02:37:17 +00:00
return $?
}
2016-11-14 16:30:51 +00:00
fwtool_check_image( ) {
[ $# -gt 1 ] && return 1
. /usr/share/libubox/jshn.sh
2018-12-02 15:05:40 +00:00
if ! fwtool -q -i /tmp/sysupgrade.meta " $1 " ; then
2016-11-14 16:30:51 +00:00
echo "Image metadata not found"
2016-11-26 17:43:59 +00:00
[ " $REQUIRE_IMAGE_METADATA " = 1 -a " $FORCE " != 1 ] && {
echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
}
2016-11-14 16:30:51 +00:00
[ " $REQUIRE_IMAGE_METADATA " = 1 ] && return 1
return 0
fi
json_load " $( cat /tmp/sysupgrade.meta) " || {
echo "Invalid image metadata"
return 1
}
device = " $( cat /tmp/sysinfo/board_name) "
base-files: fwtool: implement compatibility check for images
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.
To solve this situation, this patchset introduces a compatibility
version for devices. In this patch, the actual checks are implemented
into fwtool_check_image():
If an incompatible change is introduced, one can increase either
the minor version (1.0->1.1) or the major version (1.0->2.0).
Minor version increment:
This will still allow sysupgrade, but require to reset config
(-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a
corresponding message will be printed. If sysupgrade is called
with -n, it will just pass, with supported devices being checked
as usual. (Which will allow us to add back SUPPORTED_DEVICES for
many cases.)
Major version increment:
This is meant for potential (rare) cases where sysupgrade is
not possible at all, because it would break the device.
In this case, a warning will be printed, and -n won't help.
If image check fails because of one of the versions parts not
matching, the content of DEVICE_COMPAT_MESSAGE is printed in
addition to the generic message (if set).
For both cases, upgrade can still be forced with -F as usual.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-09 17:34:09 +00:00
devicecompat = " $( uci -q get system.@system[ 0] .compat_version) "
[ -n " $devicecompat " ] || devicecompat = "1.0"
json_get_var imagecompat compat_version
json_get_var compatmessage compat_message
[ -n " $imagecompat " ] || imagecompat = "1.0"
2016-11-14 16:30:51 +00:00
json_select supported_devices || return 1
json_get_keys dev_keys
for k in $dev_keys ; do
json_get_var dev " $k "
base-files: fwtool: implement compatibility check for images
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.
To solve this situation, this patchset introduces a compatibility
version for devices. In this patch, the actual checks are implemented
into fwtool_check_image():
If an incompatible change is introduced, one can increase either
the minor version (1.0->1.1) or the major version (1.0->2.0).
Minor version increment:
This will still allow sysupgrade, but require to reset config
(-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a
corresponding message will be printed. If sysupgrade is called
with -n, it will just pass, with supported devices being checked
as usual. (Which will allow us to add back SUPPORTED_DEVICES for
many cases.)
Major version increment:
This is meant for potential (rare) cases where sysupgrade is
not possible at all, because it would break the device.
In this case, a warning will be printed, and -n won't help.
If image check fails because of one of the versions parts not
matching, the content of DEVICE_COMPAT_MESSAGE is printed in
addition to the generic message (if set).
For both cases, upgrade can still be forced with -F as usual.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-09 17:34:09 +00:00
if [ " $dev " = " $device " ] ; then
# major compat version -> no sysupgrade
if [ " ${ devicecompat %.* } " != " ${ imagecompat %.* } " ] ; then
echo " The device is supported, but this image is incompatible for sysupgrade based on the image version ( $devicecompat -> $imagecompat ). "
[ -n " $compatmessage " ] && echo " $compatmessage "
return 1
fi
# minor compat version -> sysupgrade with -n required
if [ " ${ devicecompat #.* } " != " ${ imagecompat #.* } " ] && [ " $SAVE_CONFIG " = "1" ] ; then
echo " The device is supported, but the config is incompatible to the new image ( $devicecompat -> $imagecompat ). Please upgrade without keeping config (sysupgrade -n). "
[ -n " $compatmessage " ] && echo " $compatmessage "
return 1
fi
return 0
fi
2016-11-14 16:30:51 +00:00
done
echo " Device $device not supported by this image "
echo -n "Supported devices:"
for k in $dev_keys ; do
json_get_var dev " $k "
echo -n " $dev "
done
echo
return 1
}
