autoupdater: avoid unnessesary shell processes
Use functions that don't run commands though a shell where easily possible, add 'exec' to remaining io.popen calls.
This commit is contained in:
parent
129b1146c3
commit
3d98695abc
|
@ -6,8 +6,23 @@ local nixio = require 'nixio'
|
||||||
module 'autoupdater.util'
|
module 'autoupdater.util'
|
||||||
|
|
||||||
|
|
||||||
|
-- Executes a command in the background, without parsing the command through a shell (in contrast to os.execute)
|
||||||
|
function exec(...)
|
||||||
|
local pid, errno, error = nixio.fork()
|
||||||
|
if pid == 0 then
|
||||||
|
nixio.execp(...)
|
||||||
|
os.exit(127)
|
||||||
|
elseif pid > 0 then
|
||||||
|
local wpid, status, code = nixio.waitpid(pid)
|
||||||
|
return wpid and status == 'exited' and code
|
||||||
|
else
|
||||||
|
return pid, errno, error
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
-- Executes a command in the background, returning its PID and a pipe connected to the command's standard input
|
-- Executes a command in the background, returning its PID and a pipe connected to the command's standard input
|
||||||
function popen(command)
|
function popen(...)
|
||||||
local inr, inw = nixio.pipe()
|
local inr, inw = nixio.pipe()
|
||||||
local pid = nixio.fork()
|
local pid = nixio.fork()
|
||||||
|
|
||||||
|
@ -21,7 +36,8 @@ function popen(command)
|
||||||
inr:close()
|
inr:close()
|
||||||
inw:close()
|
inw:close()
|
||||||
|
|
||||||
nixio.exec('/bin/sh', '-c', command)
|
nixio.execp(...)
|
||||||
|
os.exit(127)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -80,24 +80,26 @@ end
|
||||||
|
|
||||||
-- Verifies a file given as a list of lines with a list of signatures using ecdsaverify
|
-- Verifies a file given as a list of lines with a list of signatures using ecdsaverify
|
||||||
local function verify_lines(lines, sigs)
|
local function verify_lines(lines, sigs)
|
||||||
local command = string.format('ecdsaverify -n %i', branch.good_signatures)
|
local command = {'ecdsaverify', '-n', tostring(branch.good_signatures)}
|
||||||
|
|
||||||
-- Build command line from sigs and branch.pubkey
|
-- Build command line from sigs and branch.pubkey
|
||||||
for _, sig in ipairs(sigs) do
|
for _, sig in ipairs(sigs) do
|
||||||
if sig:match('^' .. string.rep('%x', 128) .. '$') then
|
if sig:match('^' .. string.rep('%x', 128) .. '$') then
|
||||||
command = command .. ' -s ' .. sig
|
table.insert(command, '-s')
|
||||||
|
table.insert(command, sig)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
for _, key in ipairs(branch.pubkey) do
|
for _, key in ipairs(branch.pubkey) do
|
||||||
if key:match('^' .. string.rep('%x', 64) .. '$') then
|
if key:match('^' .. string.rep('%x', 64) .. '$') then
|
||||||
command = command .. ' -p ' .. key
|
table.insert(command, '-p')
|
||||||
|
table.insert(command, key)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
-- Call ecdsautils
|
-- Call ecdsautils
|
||||||
local pid, f = autoupdater_util.popen(command)
|
local pid, f = autoupdater_util.popen(unpack(command))
|
||||||
|
|
||||||
for _, line in ipairs(lines) do
|
for _, line in ipairs(lines) do
|
||||||
f:write(line)
|
f:write(line)
|
||||||
|
@ -126,7 +128,7 @@ local function read_manifest(mirror)
|
||||||
|
|
||||||
-- Read all lines from the manifest
|
-- Read all lines from the manifest
|
||||||
-- The upper part is saves to lines, the lower part to sigs
|
-- The upper part is saves to lines, the lower part to sigs
|
||||||
for line in io.popen(string.format("wget -T 120 -O- '%s/%s.manifest'", mirror, branch.name), 'r'):lines() do
|
for line in io.popen(string.format("exec wget -T 120 -O- '%s/%s.manifest'", mirror, branch.name), 'r'):lines() do
|
||||||
if not sep then
|
if not sep then
|
||||||
if line == '---' then
|
if line == '---' then
|
||||||
sep = true
|
sep = true
|
||||||
|
@ -189,7 +191,7 @@ end
|
||||||
|
|
||||||
-- Downloads the firmware image from a mirror to a given output file
|
-- Downloads the firmware image from a mirror to a given output file
|
||||||
local function fetch_firmware(mirror, filename, output)
|
local function fetch_firmware(mirror, filename, output)
|
||||||
if os.execute(string.format("wget -T 120 -O '%s' '%s/%s'", output, mirror, filename)) ~= 0 then
|
if autoupdater_util.exec('wget', '-T', '120', '-O', output, mirror .. '/' .. filename) ~= 0 then
|
||||||
io.stderr:write('Error downloading the image from ' .. mirror .. '\n')
|
io.stderr:write('Error downloading the image from ' .. mirror .. '\n')
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
@ -258,7 +260,8 @@ local function autoupdate(mirror)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
os.execute('sync; sysctl -w vm.drop_caches=3')
|
autoupdater_util.exec('sync')
|
||||||
|
autoupdater_util.exec('sysctl', '-w', 'vm.drop_caches=3')
|
||||||
collectgarbage()
|
collectgarbage()
|
||||||
|
|
||||||
local image = os.tmpname()
|
local image = os.tmpname()
|
||||||
|
@ -266,7 +269,7 @@ local function autoupdate(mirror)
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
local popen = io.popen(string.format("sha512sum '%s'", image))
|
local popen = io.popen(string.format("exec sha512sum '%s'", image))
|
||||||
local checksum = popen:read('*l'):match('^%x+')
|
local checksum = popen:read('*l'):match('^%x+')
|
||||||
popen:close()
|
popen:close()
|
||||||
if checksum ~= manifest.checksum then
|
if checksum ~= manifest.checksum then
|
||||||
|
|
Loading…
Reference in New Issue