首页 发现 帮助
注册 登录
FreifunkHochstift
/
gluon
6
0
派生 0
文件 工单管理 0 合并请求 0
目录树: a3ed0dde1f
分支列表 标签列表
gluon
/
package
/
gluon-autoupdater
/
files
/
usr
/
sbin
/
autoupdater

autoupdater 4.2 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. #!/bin/sh
    2. 

  2. 

  3. 

  4. BRANCH=$(uci get autoupdater.settings.branch)
    5. 

  5. 

  6. PROBABILITY=$(uci get autoupdater.${BRANCH}.probability)
    7. 

  7. 

  8. if test "a$1" != "a-f"; then
    9. 

  9.   if test $(uci get autoupdater.settings.enabled) != 1; then
    10. 

  10.     echo "autoupdater is disabled"
    11. 

  11.     exit 0
    12. 

  12.   fi
    13. 

  13.   # get one random byte from /dev/urandom, convert it to decimal and check
    14. 

  14.   # against update_probability*255
    15. 

  15.   hexdump -n1 -e '/1 "%d"' /dev/urandom | awk "{exit \$1 > $PROBABILITY * 255}"
    16. 

  16.   if test $? -ne 0; then
    17. 

  17.     echo "No autoupdate this time. Use -f to override"
    18. 

  18.     exit 0
    19. 

  19.   fi
    20. 

  20. fi
    21. 

  21. 

  22. BRANCH_NAME=$(uci get autoupdater.${BRANCH}.name)
    23. 

  23. MIRRORS=$(for mirror in $(uci get autoupdater.${BRANCH}.mirror); do \
    24. 

  24.             hexdump -n1 -e '/1 "%d '"$mirror"'\n"' /dev/urandom; \
    25. 

  25.           done | sort -n | cut -d' ' -f2)
    26. 

  26. PUBKEYS=$(uci get autoupdater.${BRANCH}.pubkey)
    27. 

  27. GOOD_SIGNATURES=$(uci get autoupdater.${BRANCH}.good_signatures)
    28. 

  28. 

  29. VERSION_FILE=/lib/gluon/release
    30. 

  30. 

  31. # returns 0 when $1 is a higher version number than $2
    32. 

  32. newer_than() {
    33. 

  33. 	# negate the return value as opkg returns 1 when the proposition is true
    34. 

  34. 	! opkg compare-versions "$1" '>>' "$2"
    35. 

  35. }
    36. 

  36. 

  37. fetch_manifest() {
    38. 

  38.   local MIRROR=$1
    39. 

  39.   local manifest=$2
    40. 

  40. 

  41.   wget -O$manifest "$MIRROR"/manifest
    42. 

  42. 

  43.   if test $? -ne 0; then
    44. 

  44.     echo "Couldn't fetch manifest from $MIRROR" >&2
    45. 

  45.     return 1
    46. 

  46.   fi
    47. 

  47. 

  48.   return 0
    49. 

  49. }
    50. 

  50. 

  51. verify_manifest() {
    52. 

  52.   local manifest=$1
    53. 

  53.   local manifest_upper=$2
    54. 

  54.   local manifest_lower=$(mktemp)
    55. 

  55.   awk "BEGIN    { sep=0 }
    56. 

  56.      /^---\$/ { sep=1; next }
    57. 

  57.               { if(sep==0) print > \"$manifest_upper\";
    58. 

  58.                 else       print > \"$manifest_lower\"}" \
    59. 

  59.     $manifest
    60. 

  60. 

  61.   local signatures=""
    62. 

  62.   while read sig; do
    63. 

  63.     echo "$sig" | grep -q "^[0-9a-f]\{128\}$"
    64. 

  64.     if test $? -ne 0; then
    65. 

  65.       continue
    66. 

  66.     fi
    67. 

  67.     signatures="$signatures -s $sig"
    68. 

  68.   done < $manifest_lower
    69. 

  69. 

  70.   local pubkeys=""
    71. 

  71.   for key in $PUBKEYS; do
    72. 

  72.     pubkeys="$pubkeys -p $key"
    73. 

  73.   done
    74. 

  74. 

  75.   rm -f $manifest_lower
    76. 

  76. 

  77.   ecdsaverify -n $GOOD_SIGNATURES $pubkeys $signatures $manifest_upper
    78. 

  78. 

  79.   if test $? -ne 0; then
    80. 

  80.     echo "Not enough valid signatures!" >&2
    81. 

  81.     return 1
    82. 

  82.   fi
    83. 

  83. 

  84.   return 0
    85. 

  85. }
    86. 

  86. 

  87. analyse_manifest() {
    88. 

  88.   local manifest_upper=$1
    89. 

  89. 

  90.   grep -q "^BRANCH=${BRANCH_NAME}$" $manifest_upper
    91. 

  91. 

  92.   if test $? -ne 0; then
    93. 

  93.     echo "Wrong branch. We are on ${BRANCH_NAME}" >&2
    94. 

  94.     return 1
    95. 

  95.   fi
    96. 

  96. 

  97.   local my_firmware
    98. 

  98.   my_firmware=$(grep "^${my_model} " $manifest_upper)
    99. 

  99. 

  100.   if test $? -ne 0; then
    101. 

  101.     echo "No matching firmware found (model ${my_model})" >&2
    102. 

  102.     return 1
    103. 

  103.   fi
    104. 

  104. 

  105.   fw_version=$(echo "${my_firmware}"|cut -d' ' -f2)
    106. 

  106.   fw_checksum=$(echo "${my_firmware}"|cut -d' ' -f3)
    107. 

  107.   fw_file=$(echo "${my_firmware}"|cut -d' ' -f4)
    108. 

  108. 

  109.   return 0
    110. 

  110. }
    111. 

  111. 

  112. fetch_firmware() {
    113. 

  113.   local MIRROR=$1
    114. 

  114.   local fw_image=$2
    115. 

  115. 

  116.   wget -O$fw_image "${MIRROR}/${fw_file}"
    117. 

  117. 

  118.   if test $? -ne 0; then
    119. 

  119.     echo "Error downloading image from $MIRROR" >&2
    120. 

  120.     return 1
    121. 

  121.   fi
    122. 

  122. 

  123.   return 0
    124. 

  124. }
    125. 

  125. 

  126. autoupdate() {
    127. 

  127.   local MIRROR=$1
    128. 

  128. 

  129.   local manifest=$(mktemp)
    130. 

  130.   fetch_manifest $MIRROR $manifest || { rm -f $manifest; return 1; }
    131. 

  131. 

  132.   local manifest_upper=$(mktemp)
    133. 

  133.   verify_manifest $manifest $manifest_upper || { rm -f $manifest $manifest_upper; return 1; }
    134. 

  134.   rm -f $manifest
    135. 

  135. 

  136.   analyse_manifest $manifest_upper || { rm -f $manifest_upper; return 1; }
    137. 

  137.   rm -f $manifest_upper
    138. 

  138. 

  139.   if newer_than "$fw_version" "$my_version"; then
    140. 

  140.     echo "New version available"
    141. 

  141. 

  142.     # drop caches to make room for firmware image
    143. 

  143.     sync
    144. 

  144.     sysctl -w vm.drop_caches=3
    145. 

  145. 

  146.     local fw_image=$(mktemp)
    147. 

  147.     fetch_firmware $MIRROR $fw_image || { rm -f $fw_image; return 1; }
    148. 

  148. 

  149.     image_sha512=$(sha512sum "$fw_image" | awk '{print $1}')
    150. 

  150.     image_md5=$(md5sum "$fw_image" | awk '{print $1}')
    151. 

  151.     if [ "$image_sha512" != "$fw_checksum" -a "$image_md5" != "$fw_checksum" ]; then
    152. 

  152.       echo "Invalid image checksum" >&2
    153. 

  153.       rm -f $fw_image
    154. 

  154.       return 1
    155. 

  155.     fi
    156. 

  156.     echo "Upgrading firmware."
    157. 

  157. 

  158.     sysupgrade "${fw_image}"
    159. 

  159.   else
    160. 

  160.     echo "No new firmware available"
    161. 

  161.   fi
    162. 

  162. 

  163.   return 0
    164. 

  164. }
    165. 

  165. 

  166. trap 'echo Signal ignored.' INT TERM PIPE
    167. 

  167. 

  168. . /lib/gluon/functions/model.sh
    169. 

  169. my_model="$(get_model | tr '[A-Z]' '[a-z]' | sed -r 's/[^a-z0-9]+/-/g;s/-$//')"
    170. 

  170. 

  171. if [ ! -f "$VERSION_FILE" ]; then
    172. 

  172.   echo "Couldn't determine firmware version!" >&2
    173. 

  173.   exit 1
    174. 

  174. fi
    175. 

  175. 

  176. my_version="$(cat "$VERSION_FILE")"
    177. 

  177. 

  178. for mirror in $MIRRORS; do
    179. 

  179. 

  180.   autoupdate $mirror && exit 0
    181. 

  181. 

  182.   unset fw_version
    183. 

  183.   unset fw_checksum
    184. 

  184.   unset fw_file
    185. 

  185. 

  186. done
    187. 

  187.