package/base-files/files/lib/upgrade/fwtool.sh

   1 fwtool_check_signature() {
   2         [ $# -gt 1 ] && return 1
   3
   4         [ ! -x /usr/bin/ucert ] && {
   5                 if [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ]; then
   6                         return 1
   7                 else
   8                         return 0
   9                 fi
  10         }
  11
  12         if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
  13                 echo "Image signature not found"
  14                 [ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
  15                         echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
  16                 }
  17                 [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
  18                 return 0
  19         fi
  20
  21         fwtool -q -T -s /dev/null "$1" | \
  22                 ucert -V -m - -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
  23
  24         return $?
  25 }
  26
  27 fwtool_check_image() {
  28         [ $# -gt 1 ] && return 1
  29
  30         . /usr/share/libubox/jshn.sh
  31
  32         if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
  33                 echo "Image metadata not found"
  34                 [ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
  35                         echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
  36                 }
  37                 [ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
  38                 return 0
  39         fi
  40
  41         json_load "$(cat /tmp/sysupgrade.meta)" || {
  42                 echo "Invalid image metadata"
  43                 return 1
  44         }
  45
  46         device="$(cat /tmp/sysinfo/board_name)"
  47         devicecompat="$(uci -q get system.@system[0].compat_version)"
  48         [ -n "$devicecompat" ] || devicecompat="1.0"
  49
  50         json_get_var imagecompat compat_version
  51         json_get_var compatmessage compat_message
  52         [ -n "$imagecompat" ] || imagecompat="1.0"
  53
  54         json_select supported_devices || return 1
  55
  56         json_get_keys dev_keys
  57         for k in $dev_keys; do
  58                 json_get_var dev "$k"
  59                 if [ "$dev" = "$device" ]; then
  60                         # major compat version -> no sysupgrade
  61                         if [ "${devicecompat%.*}" != "${imagecompat%.*}" ]; then
  62                                 echo "The device is supported, but this image is incompatible for sysupgrade based on the image version ($devicecompat->$imagecompat)."
  63                                 [ -n "$compatmessage" ] && echo "$compatmessage"
  64                                 return 1
  65                         fi
  66
  67                         # minor compat version -> sysupgrade with -n required
  68                         if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [ "$SAVE_CONFIG" = "1" ]; then
  69                                 echo "The device is supported, but the config is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade without keeping config (sysupgrade -n)."
  70                                 [ -n "$compatmessage" ] && echo "$compatmessage"
  71                                 return 1
  72                         fi
  73
  74                         return 0
  75                 fi
  76         done
  77
  78         echo "Device $device not supported by this image"
  79         echo -n "Supported devices:"
  80         for k in $dev_keys; do
  81                 json_get_var dev "$k"
  82                 echo -n " $dev"
  83         done
  84         echo
  85
  86         return 1
  87 }