[OpenWrt-Devel] Uncompress image: trailing garbage ignored

Paul Spooren mail at aparcar.org
Sun Apr 26 18:48:50 EDT 2020


On Thu, 2020-04-23 at 23:29 +0300, Hannu Nyman wrote:
> W. Michael Petullo kirjoitti 23.4.2020 klo 19.50:
> > I have started to notice a gunzip warning when decompressing the
> > OpenWrt images I build. This is with master df27e949:
> > 
> > gunzip  openwrt/bin/targets/x86/64/openwrt-x86-64-generic-ext4-
> > combined.img.gz -c >/dev/null
> > gzip: openwrt-aquinas-git/bin/targets/x86/64/openwrt-x86-64-generic-
> > ext4-combined.img.gz: decompression OK, trailing garbage ignored
> > 
> > Aside from the warning, gunzip exits with a code of 2. The gunzip man
> > page indicates that an exit code of 2 indicates a warning.
> > 
> > Is this a result of an intended change? Should I expect this to
> > continue? Are we sneaking a hash or signature in there? If so, I
> > suppose I will adjust some of the scripts I use to account for the
> > non-zero exit code.
> Likely we are attaching a signature since commit f81412160 a week ago:
> https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=f814121600e5cf43fd75fe93e5b1b54f65b71bcd

The sysupgrade process automatically handels compressed images, however the
validation does not. Currently fwtool validation in /usr/lib/fwtool.sh reads the
sysupgrade(.gz) as is:

if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then

A fix could be to use "append-metadata | gzip" for the firmware images and then
unpack the firmware before validating it's signature and metadata, e.g. with the
following command in fwtool.sh

source /usr/bin/common.sh
if ! get_image "$1" | fwtool -q -s /tmp/sysupgrade.ucert -; then

This worked in my qemu test, not tested on a real hardware.

Rafał Miłecki worked recently on the validation, maybe he can share an opinion.


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list