forked from Ivasoft/openwrt
base-files: use JSON for storing firmware validation info
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f522047958)
This commit is contained in:
Rafał Miłecki
committed by
Jo-Philipp Wich
Jo-Philipp Wich
parent
34002d5c8b
commit
f65080793c
@@ -2,6 +2,7 @@
|
||||
|
||||
. /lib/functions.sh
|
||||
. /lib/functions/system.sh
|
||||
. /usr/share/libubox/jshn.sh
|
||||
|
||||
# initialize defaults
|
||||
export MTD_ARGS=""
|
||||
@@ -191,9 +192,6 @@ add_overlayfiles() {
|
||||
return 0
|
||||
}
|
||||
|
||||
# hooks
|
||||
sysupgrade_image_check="fwtool_check_signature fwtool_check_image platform_check_image"
|
||||
|
||||
if [ $SAVE_OVERLAY = 1 ]; then
|
||||
[ ! -d /overlay/upper/etc ] && {
|
||||
echo "Cannot find '/overlay/upper/etc', required for '-c'" >&2
|
||||
@@ -316,17 +314,19 @@ case "$IMAGE" in
|
||||
;;
|
||||
esac
|
||||
|
||||
for check in $sysupgrade_image_check; do
|
||||
( $check "$IMAGE" ) || {
|
||||
if [ $FORCE -eq 1 ]; then
|
||||
echo "Image check '$check' failed but --force given - will update anyway!" >&2
|
||||
break
|
||||
else
|
||||
echo "Image check '$check' failed." >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
done
|
||||
json_load "$(/usr/libexec/validate_firmware_image "$IMAGE")" || {
|
||||
echo "Failed to check image"
|
||||
exit 1
|
||||
}
|
||||
json_get_var valid "valid"
|
||||
[ "$valid" -eq 0 ] && {
|
||||
if [ $FORCE -eq 1 ]; then
|
||||
echo "Image check failed but --force given - will update anyway!" >&2
|
||||
else
|
||||
echo "Image check failed." >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -n "$CONF_IMAGE" ]; then
|
||||
case "$(get_magic_word $CONF_IMAGE cat)" in
|
||||
|
||||
Reference in New Issue
Block a user