do_upgrade_stage2() isn't really any common code. It isn't used anywhere
except for /sbin/sysupgrade that passes it to the stage2.
Moving its code to separated file also simplifies COMMAND variable.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
With bcm53xx switched to the new procedure there is no more need for
keeping that backward compatibility code.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Its last usage was dropped back in 2013 in the commit b95bdc8ab5
("kernel/base-files: clean up old code related to refreshing mtd
partitions, it is no longer used anywhere").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.
Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.
The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...
In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.
Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.
Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add support for passing additional parameters to mtd called during
sysupgrade. It will be required to toggle the "recovery moe" flag
supported by recent tp-link boards.
Signed-off-by: David Bauer <mail@david-bauer.net>
[split code from board support patch; add commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
This commit allows to use non-standard UBI volume name as the rootfs
volume in sysupgrade.
ex.:
The U-Boot on Buffalo WXR-2533DHP checks existence and checksum of
"ubi_rootfs" volume when booting, so this name is required.
OpenWrt currently provides several patches:
490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch
491-ubi-auto-create-ubiblock-device-for-rootfs.patch
492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch
to facilitate ubi rootfs automount. However the upstream kernel
also supports the means of booting from a fully custom ubi
partition name and ubi volume name via bootargs/kernel's cmdline
parameters:
ubi.mtd=mtd_partition_name
ubi.block=rootfs_volume_name
root=/dev/ubiblock$X_$Y
For more information and examples visit the wiki over at linux-mtd:
<http://www.linux-mtd.infradead.org/faq/ubifs.html>
<http://www.linux-mtd.infradead.org/doc/ubi.html>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
This reverts commit 41770add03.
The fwtool_check_image() procedure is used by `sysupgrade --test` which must
not alter the image under test in any way.
Currently, when the LuCI ui or any other sysupgrade wrapper first invokes
sysupgrade --test to verify the compatibility of the image and then calculates
the sha256sum over it, the resulting checksum will differ from the original
image since the test invocation will implicitely strip the metadata trailer.
To properly fix the underlying issue, the combined image checksumming code
must be modified to skip the metadata trailer.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If I create following image:
define Device/engenius-m36
IMAGE/sysupgrade.bin := combined-image | append-metadata
endef
Sysupgrade then errors out:
Invalid image. Contents do not match checksum (image:cd285595eaf297370404ae0e2815ec1a calculated:2cf9a2286fb6b01af3ea189128017d44)
Image check 'platform_check_image' failed.
By removing the metadata from the image I get combined-image checksum
working again and sysupgrade works.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Set the (sys)upgrade state when sourcing the stage2 script instead of
setting the state for each target individual.
This change fixes the, due to a missing state set, not working upgrade
led on ath79 and apm821xx.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.
Signed-off-by: John Crispin <john@phrozen.org>
On bcm53xx and brcm47xx, commands are passed to default_do_upgrade that
expect the image to be passed on stdin, rather than as an argument.
Fixes: 30f61a34b4 ("base-files: always use staged sysupgrade")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Current code and also before commit da52dd0c83 was vulnerable to shell
injection using volume lables in the GPT partition table of block
devices. Given that partition names can be freely defined in GPT tables
we really shouldn't evaluate a string which is potentially crafted with
evil intentions. Hence rather use `export -n` to absorb the uevent's
variables into the environment.
Fixes commit da52dd0c83 (base-files: quote values when evaluating uevent)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[mschiffer@universe-factory.net: suggested export -n usage]
When sourcing /sys/class/block/*/uevent values have to be quoted as
they may contain spaces (e.g. in PARTNAME).
Fix this by pre-processing with sed before sourcing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.
Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.
It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch fixes two issues with the current get_partitions()
function.
First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.
This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.
This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.
Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add the parent of the sysupgrade script to the list of pids not getting
killed
Signed-off-by: Mat Trudel <mat@geeky.net>
Signed-off-by: John Crispin <john@phrozen.org>
When processes don't die on SIGKILL (usually because of kernel bugs), it's
better to give up instead of looping forever.
upgraded will trigger a reboot in this case (and if this fails, a hardware
watchdog will eventually time out and reset the system, if present).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Depending on busybox applet selection, paths of basic utiilties may differ,
and may not work as symlinks to busybox. Simply using whatever binary is
found in PATH and detecting symlinks automatically is more robust and
easier to maintain.
The list of binaries is also slightly cleaned up and duplicates are
removed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.
As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.
Config copying is moved to a function called by platform_copy_config, where
it belongs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch is in continuation of: commit 93aa860405
"procd: nand: make it possible to configure kernel and ubi partition"
The $CI_KERNPART variable should be used in place
of the fixed "kernel" partition name. This allows
targets to specifiy alternate names for the kernel
partition.
Cc: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Some functions only used by stage2 are moved there from common.sh.
One piece that could still use more cleanup is platform_pre_upgrade: many
targets reference files from there are aren't available in the ramfs, so
we need to evaluate it before the switch; conversely, flash writes happen
in that function on some targets. Targets that do the latter should be
fixed eventually to use platform_do_upgrade for that purpose.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Support for the -d and -p options is dropped; it may be added again at some
point by adding these flags to the ubus sysupgrade call.
A downside of this is that we get a lot less information about the progress
of the upgrade: as soon as the actual upgrade starts, all shell sessions
are killed to allow unmounting the root filesystem.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.
The procd-nand-firstboot package is removed for now, it may return later
as a separate package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1
Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
mkfs.ext4 und losetup are needed for sysupgrade support on mmc devices
with automatic rootfs split (loopback device usage).
Signed-off-by: André Valentin <avalentin@marcant.net>
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Treat 'relayd' as an essential service to avoid connection interruptions during sysupgrade on devices configured as a pseudobridge.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
Generalize the partition discovery in sysupgrade in order to fix sysupgrade
and config backup/recovery on MMC block devices which use a different naming
scheme compared to mtdblock or sd* devices.
The change also adds the find applet to the ramdisk utilities so that upgrade
code can rely on it.
The commit is based on the initial submission by Russell Senior at
http://patchwork.ozlabs.org/patch/625440/ .
Signed-off-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With this patch sysupgrade will write directly to the partitions
instead of to the main disk. The UUID is copied from the image
to the MBR as well. This prevents the mbr from being completely
overwritten and losing the partition table. The -p option has
been added to maintain the original behavior and overwite the
entire disk with the new image. Tests have been added to ensure
that the image partitions match up with the active partitions.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
SVN-Revision: 48682
change 48451 tried to add support for uclient-fetch by moving
/usr/bin/wget to /bin/wget, but this change kept the symbolic
link to /bin/busybox as install_bin creates links to param 1
the desired fix is to link to uclient-fetch to wget:
install_bin /bin/uclient-fetch /bin/wget
Signed-off-by: John Clark <inindev@gmail.com>
SVN-Revision: 48483
with r48379 and r48386 the path of wget changed.
respect that and adjust the dirname.
this fixes#21680
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 48451
get_image allows passing 2nd argument that is used in a pipe for
extracting firmware from a non-native format. By accepting such command
in default_do_upgrade we allow platforms to use this helper for vendor
specific images.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45900
ldd might be called for shell scrips during sysupgrade, causing it to
complain that they are not a dynamic executables.
This is a harmless error, so supress it to avoid confusing about them
being serious ones.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 43315
r36107 ("base-files: sysupgrade fail with eglibc") tried to fix
sysupgrade by changing the ld-soname to what is expected, but only
fixed MIPS while breaking ARM.
The underlying issue is that the ld.so name varies widely across
different architectures for eglibc:
eglibc-2.19-r25243$ grep -r "ld-soname :=" . | awk '{ print $3 }' | sort -u
ld64.so.1
ld64.so.2
ld-linux-aarch64_be.so.1
ld-linux-aarch64.so.1
ld-linux-armhf.so.3
ld-linux-mipsn8.so.1
ld-linux.so.2
ld-linux.so.3
ld-linux-x32.so.2
ld-linux-x86-64.so.2
ld.so.1
Instead of adding each different soname to check for and copy it,
replace the awk script with a sed script to extract it properly and
drop the hardcoded so-name.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 43295
Based on bug #18206 sysupgrade can lead to loss of password information in
certain situations. Most likely all users who will upgrade from versions
r43017-43040, will lose their current passwords. :-(
https://dev.openwrt.org/ticket/18206
Currently /etc/shadow is defined as a conffile in base-files:
https://dev.openwrt.org/browser/trunk/package/base-files/Makefile#L37
But it is not defined in the default list of essential files to keep in
sysupgrade:
https://dev.openwrt.org/browser/trunk/package/base-files/files/lib/upgrade/keep.d/base-files-essential
If exporting conffiles info fails, /etc/shadow can get lost.
Shadow passwords are now the default, so saying that preserving /etc/passwd
is essential while /etc/shadow is not, makes no sense.
The attached patch adds /etc/shadow to the list of essential files.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 43061