[OpenWrt-Devel] [PATCH RFC] base-files: add /sbin/check_image

Rafał Miłecki zajec5 at gmail.com
Mon Aug 19 04:40:40 EDT 2019


From: Rafał Miłecki <rafal at milecki.pl>

This new executable allows validating firmware file. Its main advantage
is JSON output which should allow all kind of UIs to provide a
meaningful feedback on possible validation issues. Used design allows
checking functions to mark firmware as totally unsupported (FORCEABLE=0)
and prevent user from forcing its installation.

This commit updates /sbin/sysupgrade to use that new validation method
so no code is duplicated. Further plans for this feature are:
1) Add ubus method calling /sbin/check_image
2) Introduce platform checks extending output JSON
3) Extend "sysupgrade" ubus method to use check_image so it's possible
   and safe to upgrade without using /sbin/sysupgrade

Output example:
{
        "tests": {
                "fwtool_signature": true,
                "fwtool_device_match": true
        },
        "valid": true,
        "forceable": true
}

Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
I'm not sure how to implement platform checks that may set extra JSON
object fields. I'd e.g. Broadcom targets to allow something like:
"tests": {
	"trx_checksum": true,
	"platform_device_match": true,
	"fwtool_signature": true,
	"fwtool_device_match": true
}

Any ideas?
---
 package/base-files/files/sbin/check_image | 35 +++++++++++++++++++++++
 package/base-files/files/sbin/sysupgrade  | 24 ++++++++++------
 2 files changed, 50 insertions(+), 9 deletions(-)
 create mode 100755 package/base-files/files/sbin/check_image

diff --git a/package/base-files/files/sbin/check_image b/package/base-files/files/sbin/check_image
new file mode 100755
index 0000000000..81c3e5661f
--- /dev/null
+++ b/package/base-files/files/sbin/check_image
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+. /lib/functions.sh
+. /lib/functions/system.sh
+. /usr/share/libubox/jshn.sh
+
+include /lib/upgrade
+
+VALID=1
+FORCEABLE=1
+
+err_to_bool() {
+	[ "$1" -ne 0 ] && echo 0 || echo 1
+}
+
+fwtool_check_signature "$1" >&2
+FWTOOL_SIGNATURE=$?
+[ "$FWTOOL_SIGNATURE" -ne 0 ] && VALID=0
+
+fwtool_check_image "$1" >&2
+FWTOOL_DEVICE_MATCH=$?
+[ "$FWTOOL_DEVICE_MATCH" -ne 0 ] && VALID=0
+
+platform_check_image "$1" >&2
+PLATFORM_CHECK=$?
+[ "$PLATFORM_CHECK" -ne 0 ] && VALID=0
+
+json_init
+	json_add_object "tests"
+		json_add_boolean fwtool_signature "$(err_to_bool $FWTOOL_SIGNATURE)"
+		json_add_boolean fwtool_device_match "$(err_to_bool $FWTOOL_DEVICE_MATCH)"
+	json_close_object
+	json_add_boolean valid "$VALID"
+	json_add_boolean forceable "$FORCEABLE"
+json_dump -i
diff --git a/package/base-files/files/sbin/sysupgrade b/package/base-files/files/sbin/sysupgrade
index c27c1fbc47..e2284a4509 100755
--- a/package/base-files/files/sbin/sysupgrade
+++ b/package/base-files/files/sbin/sysupgrade
@@ -2,6 +2,7 @@
 
 . /lib/functions.sh
 . /lib/functions/system.sh
+. /usr/share/libubox/jshn.sh
 
 # initialize defaults
 export MTD_ARGS=""
@@ -191,9 +192,6 @@ add_overlayfiles() {
 	return 0
 }
 
-# hooks
-sysupgrade_image_check="fwtool_check_signature fwtool_check_image platform_check_image"
-
 if [ $SAVE_OVERLAY = 1 ]; then
 	[ ! -d /overlay/upper/etc ] && {
 		echo "Cannot find '/overlay/upper/etc', required for '-c'" >&2
@@ -316,17 +314,25 @@ case "$IMAGE" in
 		;;
 esac
 
-for check in $sysupgrade_image_check; do
-	( $check "$IMAGE" ) || {
+json_load "$(/sbin/check_image "$IMAGE")" || {
+	echo "Failed to check image"
+	exit 1
+}
+json_get_var valid "valid"
+json_get_var forceable "forceable"
+[ "$valid" -eq 0 ] && {
+	[ "$forceable" -eq 1 ] && {
 		if [ $FORCE -eq 1 ]; then
-			echo "Image check '$check' failed but --force given - will update anyway!" >&2
-			break
+			echo "Image check failed but --force given - will update anyway!" >&2
 		else
-			echo "Image check '$check' failed." >&2
+			echo "Image check failed. Use --force if needed." >&2
 			exit 1
 		fi
+	} || {
+		echo "Image check failed. This firmware can't be installed." >&2
+		exit 1
 	}
-done
+}
 
 if [ -n "$CONF_IMAGE" ]; then
 	case "$(get_magic_word $CONF_IMAGE cat)" in
-- 
2.21.0


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list