autoupdater: use set -e for safety
This commit is contained in:
parent
5914088bd1
commit
f9ea8e6862
|
@ -1,5 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
# abort on error
|
||||
set -e
|
||||
|
||||
if test $(uci get autoupdater.settings.enabled) != 1; then
|
||||
echo "autoupdater is disabled"
|
||||
exit 0
|
||||
|
@ -18,7 +21,8 @@ if test "a$1" != "a-f"; then
|
|||
fi
|
||||
|
||||
BASE=$(uci get autoupdater.${BRANCH}.url)
|
||||
PUBKEYS=$(uci get autoupdater.${BRANCH}.pubkey)
|
||||
# if no signatures are needed, no pubkeys need to be defined, so don't fail
|
||||
PUBKEYS=$(uci get autoupdater.${BRANCH}.pubkey) || true
|
||||
GOOD_SIGNATURES=$(uci get autoupdater.${BRANCH}.good_signatures)
|
||||
|
||||
VERSION_FILE=/lib/gluon/release
|
||||
|
@ -35,6 +39,11 @@ cleanup() {
|
|||
rm -f $manifest_lower
|
||||
}
|
||||
|
||||
fail() {
|
||||
echo "$@" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
trap cleanup INT TERM EXIT PIPE
|
||||
|
||||
. /lib/ar71xx.sh
|
||||
|
@ -51,10 +60,7 @@ case "$my_model" in
|
|||
;;
|
||||
esac
|
||||
|
||||
if [ ! -f "$VERSION_FILE" ]; then
|
||||
echo "Couldn't determine firmware version!" >&2
|
||||
exit 1
|
||||
fi
|
||||
[ -f "$VERSION_FILE" ] || fail "Couldn't determine firmware version!"
|
||||
|
||||
my_version="$(cat "$VERSION_FILE")"
|
||||
|
||||
|
@ -63,19 +69,10 @@ manifest=$(mktemp)
|
|||
manifest_upper=$(mktemp)
|
||||
manifest_lower=$(mktemp)
|
||||
|
||||
wget -O$manifest "$BASE"/manifest
|
||||
wget -O$manifest "$BASE"/manifest || fail "Couldn't fetch manifest"
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "Couldn't fetch manifest" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
seperator_line=$(cat $manifest|grep -n "^---$"|cut -d: -f1|head -n1)
|
||||
|
||||
if test -z "$seperator_line"; then
|
||||
echo "Couldn't find --- marker!" >&2
|
||||
exit 1
|
||||
fi
|
||||
seperator_line=$(cat $manifest|grep -n "^---$"|cut -d: -f1|head -n1) || \
|
||||
fail "Could't find --- marker!"
|
||||
|
||||
head -n$(($seperator_line-1)) $manifest > $manifest_upper
|
||||
tail -n+$(($seperator_line+1)) $manifest > $manifest_lower
|
||||
|
@ -94,26 +91,12 @@ for key in $PUBKEYS; do
|
|||
pubkeys="$pubkeys -p $key"
|
||||
done
|
||||
|
||||
ecdsaverify -n $GOOD_SIGNATURES $pubkeys $signatures $manifest_upper
|
||||
ecdsaverify -n $GOOD_SIGNATURES $pubkeys $signatures $manifest_upper || \
|
||||
fail "Not enough valid signatures!"
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "Not enough valid signatures!" >&2
|
||||
exit 1
|
||||
fi
|
||||
grep -q "^BRANCH=${BRANCH}$" $manifest_upper || fail "Wrong branch. We'are on ${BRANCH}"
|
||||
|
||||
grep -q "^BRANCH=${BRANCH}$" $manifest_upper
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "Wrong branch. We'are on ${BRANCH}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
my_firmware=$(grep "^${my_model} " $manifest_upper)
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "No matching firmware found (model ${my_model})" >&2
|
||||
exit 1
|
||||
fi
|
||||
my_firmware=$(grep "^${my_model} " $manifest_upper) || fail "No matching firmware found (model ${my_model})"
|
||||
|
||||
fw_version=$(echo "${my_firmware}"|cut -d' ' -f2)
|
||||
fw_md5=$(echo "${my_firmware}"|cut -d' ' -f3)
|
||||
|
@ -121,16 +104,11 @@ fw_file=$(echo "${my_firmware}"|cut -d' ' -f4)
|
|||
|
||||
if newer_than "$fw_version" "$my_version"; then
|
||||
echo "New version available"
|
||||
wget -O$fw_image "${BASE}/${fw_file}"
|
||||
if test $? -ne 0; then
|
||||
echo "Error downloading image" >&2
|
||||
exit 1
|
||||
fi
|
||||
wget -O$fw_image "${BASE}/${fw_file}" || fail "Error downloading image"
|
||||
|
||||
image_md5=$(md5sum "$fw_image"|cut -b-32)
|
||||
if test "$image_md5" != "$fw_md5"; then
|
||||
echo "Invalid image checksum" >&2
|
||||
exit 1
|
||||
fail "Invalid image checksum"
|
||||
fi
|
||||
|
||||
echo "Upgrading firmware."
|
||||
|
|
Loading…
Reference in New Issue