[OpenWrt-Devel] sysupgrade: extending firmware validation

Vincent Wiemann vincent.wiemann at ironai.com
Wed Sep 11 06:19:40 EDT 2019 

Hi Rafal,

better error messages for sysupgrade is a good idea.

On 11.09.19 11:26, Rafał Miłecki wrote:
> On Wed, 19 Jun 2019 at 16:07, Rafał Miłecki <zajec5 at gmail.com> wrote:
>> Currently targets can implement platform_check_image() that verifies
>> submitted firmware file. It may return a success or failure.
>>
>> I'm looking for more complex implementation/solution. I'd like
>> firmware validation to provide more info like:
>> 1) Is firmware valid
>> 2) What makes firmware invalid if anything
>> 3) Is that possible to force firmware installation
>>
>> Having such info available would make user feedback much more
>> friendly. I'd like luci to use that new info & display a proper
>> error/warning to a user if needed.
>>
>> Some possible validation failures:
>> 1) Firmware not matching device model
>> 2) File too big to get flashed
>> 3) Checksum invalid (corrupted file)
>> 4) Signature missing (can be dangerous to flash it)

This needs to be implemented in sysupgrade so that it's available
to every script that uses it and third-party firmware without LuCI.
.

>> luci could display warnings and then offer an option to flash a
>> firmware anyway. 

Please don't offer a functionality for flashing firmware via the web-interface
when the firmware validation fails.
Someone who understands whether it is a good idea to force the flashing
is always able to use SSH and force the sysupgrade manually.
People would try to revert to stock firmware and such things with the
web-interface's flashing forcing option. This will get us a lot of tears.

>> Or display a critical error and don't offer such
>> option at all. In any case that should be much more meaningful than a
>> single error message.

From my perspective Luci should print the errorthat sysupgrade shows in STDERR and maybe translate it.

>> I also thought we may want to start signing OpenWrt firmwares one day.

There was a proposal for that using usign some weeks ago and a RFC on Github.

>> My question is: what do you find the best way of implementing it?
>>
>> A simple return code of bash script won't be sufficient (too many data
>> to pass, even if we decide to use some bit flags). I was thinking
>> about providing validation result using JSON. Should that be some
>> standalone app or a ubus deamon? How could we handle target-specific
>> validation steps?

Just print an error message in sysupgrade to STDERR.
Don't do overcomplicated solutions. You're on linux.
If you want to write a ubus-wrapper I'm fine with that, too,
but don't put to much effort in it. Simple solutions are best here.

> Over the last few weeks I've implemented many sysupgrade improvements.
> There are 2 patches under review right now.
> 
> What I still want to implement:
> 1) Usable "ubus call system sysupgrade" without /sbin/sysupgrade

Do you mean putting the functionality into a library which
can be called by ubus and /sbin/sysupgrade or just writing a ubus-wrapper?
If you intend to write a library, this should be done in C.

> 2) LuCI using new validation info
> 
> The later may take me quite some time as I have close to zero LuCI experience.

LuCI will be the simplest thing here.

> 
> Does anyone have any other suggestions for extra improvements?
> 
> --
> Rafał



Vincent

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list