base-files: do not strip fwtool signature data during check

[openwrt/openwrt.git] / package / base-files / files / lib / upgrade / fwtool.sh

diff --git a/package/base-files/files/lib/upgrade/fwtool.sh b/package/base-files/files/lib/upgrade/fwtool.sh
index aa2ac79d13790200163c284e04d961d185b21463..6d7300bad632c76e9d24a4c227a9734b7ad55aac 100644 (file)
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -1,3 +1,28 @@
+fwtool_check_signature() {
+       [ $# -gt 1 ] && return 1
+
+       [ ! -x /usr/bin/ucert ] && {
+               if [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ]; then
+                       return 1
+               else
+                       return 0
+               fi
+       }
+
+       if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
+               echo "Image signature not found"
+               [ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
+                       echo "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware"
+               }
+               [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
+               return 0
+       fi
+
+       ucert -V -m "$1" -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys
+
+       return $?
+}
+
 fwtool_check_image() {
        [ $# -gt 1 ] && return 1