| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | fwtool_check_signature() { |
| 2 | [ $# -gt 1 ] && return 1 |
| 3 | |
| 4 | [ ! -x /usr/bin/ucert ] && { |
| 5 | if [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ]; then |
| 6 | return 1 |
| 7 | else |
| 8 | return 0 |
| 9 | fi |
| 10 | } |
| 11 | |
| 12 | if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then |
| 13 | v "Image signature not present" |
| 14 | [ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && { |
| 15 | v "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware" |
| 16 | } |
| 17 | [ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1 |
| 18 | return 0 |
| 19 | fi |
| 20 | |
| 21 | fwtool -q -T -s /dev/null "$1" | \ |
| 22 | ucert -V -m - -c "/tmp/sysupgrade.ucert" -P /etc/opkg/keys |
| 23 | |
| 24 | return $? |
| 25 | } |
| 26 | |
| 27 | fwtool_check_image() { |
| 28 | [ $# -gt 1 ] && return 1 |
| 29 | |
| 30 | . /usr/share/libubox/jshn.sh |
| 31 | |
| 32 | if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then |
| 33 | v "Image metadata not present" |
| 34 | [ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && { |
| 35 | v "Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware" |
| 36 | } |
| 37 | [ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1 |
| 38 | return 0 |
| 39 | fi |
| 40 | |
| 41 | json_load "$(cat /tmp/sysupgrade.meta)" || { |
| 42 | v "Invalid image metadata" |
| 43 | return 1 |
| 44 | } |
| 45 | |
| 46 | device="$(cat /tmp/sysinfo/board_name)" |
| 47 | devicecompat="$(uci -q get system.@system[0].compat_version)" |
| 48 | [ -n "$devicecompat" ] || devicecompat="1.0" |
| 49 | |
| 50 | json_get_var imagecompat compat_version |
| 51 | json_get_var compatmessage compat_message |
| 52 | [ -n "$imagecompat" ] || imagecompat="1.0" |
| 53 | |
| 54 | # select correct supported list based on compat_version |
| 55 | # (using this ensures that compatibility check works for devices |
| 56 | # not knowing about compat-version) |
| 57 | local supported=supported_devices |
| 58 | [ "$imagecompat" != "1.0" ] && supported=new_supported_devices |
| 59 | json_select $supported || return 1 |
| 60 | |
| 61 | json_get_keys dev_keys |
| 62 | for k in $dev_keys; do |
| 63 | json_get_var dev "$k" |
| 64 | if [ "$dev" = "$device" ]; then |
| 65 | # major compat version -> no sysupgrade |
| 66 | if [ "${devicecompat%.*}" != "${imagecompat%.*}" ]; then |
| 67 | v "The device is supported, but this image is incompatible for sysupgrade based on the image version ($devicecompat->$imagecompat)." |
| 68 | [ -n "$compatmessage" ] && v "$compatmessage" |
| 69 | return 1 |
| 70 | fi |
| 71 | |
| 72 | # minor compat version -> sysupgrade with -n required |
| 73 | if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [ "$SAVE_CONFIG" = "1" ]; then |
| 74 | [ "$IGNORE_MINOR_COMPAT" = 1 ] && return 0 |
| 75 | v "The device is supported, but the config is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade without keeping config (sysupgrade -n)." |
| 76 | [ -n "$compatmessage" ] && v "$compatmessage" |
| 77 | return 1 |
| 78 | fi |
| 79 | |
| 80 | return 0 |
| 81 | fi |
| 82 | done |
| 83 | |
| 84 | v "Device $device not supported by this image" |
| 85 | local devices="Supported devices:" |
| 86 | for k in $dev_keys; do |
| 87 | json_get_var dev "$k" |
| 88 | devices="$devices $dev" |
| 89 | done |
| 90 | v "$devices" |
| 91 | |
| 92 | return 1 |
| 93 | } |