aboutsummaryrefslogtreecommitdiffstats
path: root/package/base-files/files/lib/upgrade/fwtool.sh
Commit message (Collapse)AuthorAgeFilesLines
* base-files: fix ucert verificationFelix Fietkau2019-02-121-1/+2
| | | | | | | | ucert needs to check the firmware part with metadata, but without the signature. Use the new fwtool mode to extract that without altering the firmware image inside the check Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: do not strip fwtool signature data during checkFelix Fietkau2019-02-091-1/+1
| | | | | | | Same reason as in commit 9808bd279927bcd2d3a78d19a55229b93bbbcf05 - sysupgrade --test must not alter the image in any way Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "base-files: fwtool: Fix wrong checksum on combined-image with metadata"Jo-Philipp Wich2018-12-021-1/+1
| | | | | | | | | | | | | | | | | This reverts commit 41770add03ad77a0ce41ed424ad050238f7d9272. The fwtool_check_image() procedure is used by `sysupgrade --test` which must not alter the image under test in any way. Currently, when the LuCI ui or any other sysupgrade wrapper first invokes sysupgrade --test to verify the compatibility of the image and then calculates the sha256sum over it, the resulting checksum will differ from the original image since the test invocation will implicitely strip the metadata trailer. To properly fix the underlying issue, the combined image checksumming code must be modified to skip the metadata trailer. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: fwtool: Fix wrong checksum on combined-image with metadataPetr Štetiar2018-11-261-1/+1
| | | | | | | | | | | | | | | | | | If I create following image: define Device/engenius-m36 IMAGE/sysupgrade.bin := combined-image | append-metadata endef Sysupgrade then errors out: Invalid image. Contents do not match checksum (image:cd285595eaf297370404ae0e2815ec1a calculated:2cf9a2286fb6b01af3ea189128017d44) Image check 'platform_check_image' failed. By removing the metadata from the image I get combined-image checksum working again and sysupgrade works. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: introduce sysupgrade signature chain verificationDaniel Golle2018-08-081-0/+25
| | | | | | | | | Verify ucert signature chains in sysupgrade images in case ucert is installed and $CHECK_IMAGE_SIGNARURE = 1. Also make sure ucert host binary is present and generate a self-signed ucert in case $TOPDIR/key-build.ucert is missing. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: drop fwtool_pre_upgradeJohn Crispin2018-07-301-4/+0
| | | | | | | this feature has never worked, the fw image name was not passed and the -t parameter was missing in the tool invocation. drop the feature. Signed-off-by: John Crispin <john@phrozen.org>
* base-files: add a hint in sysupgrade that shows what to do when the image ↵Felix Fietkau2016-12-041-0/+3
| | | | | | metadata check fails Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: validate metadata of sysupgrade imagesFelix Fietkau2016-11-191-0/+40
Use fwtool to extract it, only require metadata to be present if the platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1 Image metadata is in JSON format and contains a list of supported devices, along with version information that could be displayed by a UI later before the actual upgrade happens. Signed-off-by: Felix Fietkau <nbd@nbd.name>