Check return code of uloop_run() and pass the signal number up when the
loop was interrupted. After cleanup, uninstall uloop's signal handlers
and re-raise the signal to terminate the process.
This allows interrupting the autoupdater using Ctrl-C during downloads,
instead of having it continue with the next mirror (if multple are
configured). As uloop's signal handlers only set a flag to interrupt
uloop_run() and have otherwise no effect, the autoupdater can still only
be interrupted during HTTP requests, ensuring we can't leave the system
in an inconsistent state.
uloop_run() may finish without ever reaching request_done(), for example
when the main loop is interrupted by a signal. In this case,
uclient_disconnect() was never called, leaving a number of callbacks
like timeout handlers registered in the uloop context.
When the main loop was later resumed in a subsequent HTTP request without
completely reinitializing the uloop context, these timeout handlers could
still fire, even though the old uclient context had already been freed,
resulting in a use-after-free.
To avoid this, move the uclient_disconnect() call out of request_done()
to ensure that it is always called before uclient_free().
Ignore a mismatching minor compat-version. A minor version hints an
incompatibility with configuration, which Gluon re-generates based on
the intent on upgrade. Thus, only mismatching major versions present
a reason to block installation.
This is required to provide a migration path from swconfig to DSA based
ethernet architectures.
Signed-off-by: David Bauer <mail@david-bauer.net>
Let sysupgrade run a --test upgrade to verify that the image is
compatible before attempting an upgrade.
This fixes an issue where a router can get stuck without network
connectivity when a a remote autoupgrade was triggered.
Fixes#193
X-FIRMWARE-VERSION gets set to the content of the file referenced by UCI setting "autoupdater.settings.version_file"
If "autoupdater.settings.version_file" is unset X-FIRMWARE-VERSION is
omitted
If an autoupdater long option (prefixed with '--') are unknown then a segmentation fault occurs.
Example:
root@node:~# autoupdater --xyz
Segmentation fault
[Matthias Schiffer: changed sentinel syntax]
This fixes ordering for the following patterns:
* 1.0 < 1.0a
* 1.0a < 1.0ab
* 1.0a < 1.0a1
Note that trailing zeros are still ignored (1.0 == 1., 1test0 == 1test),
which matches the behaviour of dpkg and opkg.
Version strings with the same prefix, e.g. "1.0" and "1.0~pre", or even
"1.0" and "1.0.1" were considered equal. This is a regression in the C
autoupdater rewrite.
Give the user a better error message when allocations fail by using our
checked allocation functions.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[Matthias Schiffer: squash, use safe_realloc]
safe_malloc() and safe_realloc() are wrappers around malloc() and realloc()
than abort the process if the memory allocation fails.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[Matthias Schiffer: add safe_realloc()]
Previously the return value of uci_alloc_context was not checked leading
to a possible null ptr dereference
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[Matthias Schiffer: use abort()]
Previously supplying an invalid url for download would result in
uclient_new returning NULL and crash the autoupdater as soon as
cl->priv is accessed.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
This new version of the autoupdater is implemented in C instead of Lua,
allowing us to interface with libuclient (HTTP downloads) and libecdsautil
(signature checks) directly instead of spawning external processes,
saving RAM and making error handling more robust.
[Matthias Schiffer: add commit message]