132 lines
2.7 KiB
Bash
Executable File
132 lines
2.7 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
if test $(uci get autoupdater.settings.enabled) != 1; then
|
|
echo "autoupdater is disabled"
|
|
exit 0
|
|
fi
|
|
|
|
BRANCH=$(uci get autoupdater.settings.branch)
|
|
|
|
PROBABILITY=$(uci get autoupdater.${BRANCH}.probability)
|
|
|
|
if test "a$1" != "a-f"; then
|
|
echo | awk "END{srand();exit rand() > $PROBABILITY}"
|
|
if test $? -ne 0; then
|
|
echo "No autoupdate this time. Use -f to override"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
BASE=$(uci get autoupdater.${BRANCH}.url)
|
|
PUBKEYS=$(uci get autoupdater.${BRANCH}.pubkey)
|
|
GOOD_SIGNATURES=$(uci get autoupdater.${BRANCH}.good_signatures)
|
|
|
|
VERSION_FILE=/lib/gluon/release
|
|
|
|
newer_than() {
|
|
local old="$(printf '%s\n%s\n' "$1" "$2" | sort -n | head -n 1)"
|
|
test "$1" != "$old"
|
|
}
|
|
|
|
cleanup() {
|
|
rm -f $manifest
|
|
rm -f $fw_image
|
|
rm -f $manifest_upper
|
|
rm -f $manifest_lower
|
|
}
|
|
|
|
trap cleanup INT TERM EXIT PIPE
|
|
|
|
my_model="$(cat /tmp/sysinfo/model | sed 's/ /-/g' | tr '[A-Z]' '[a-z]')"
|
|
|
|
if [ ! -f "$VERSION_FILE" ]; then
|
|
echo "Couldn't determine firmware version!" >&2
|
|
exit 1
|
|
fi
|
|
|
|
my_version="$(cat "$VERSION_FILE")"
|
|
|
|
fw_image=$(mktemp)
|
|
manifest=$(mktemp)
|
|
manifest_upper=$(mktemp)
|
|
manifest_lower=$(mktemp)
|
|
|
|
wget -O$manifest "$BASE"/manifest
|
|
|
|
if test $? -ne 0; then
|
|
echo "Couldn't fetch manifest" >&2
|
|
exit 1
|
|
fi
|
|
|
|
seperator_line=$(cat $manifest|grep -n "^---$"|cut -d: -f1|head -n1)
|
|
|
|
if test -z "$seperator_line"; then
|
|
echo "Couldn't find --- marker!" >&2
|
|
exit 1
|
|
fi
|
|
|
|
head -n$(($seperator_line-1)) $manifest > $manifest_upper
|
|
tail -n+$(($seperator_line+1)) $manifest > $manifest_lower
|
|
|
|
signatures=""
|
|
while read sig; do
|
|
echo "$sig" | grep -q "^[0-9a-f]\{128\}$"
|
|
if test $? -ne 0; then
|
|
continue
|
|
fi
|
|
signatures="$signatures -s $sig"
|
|
done < $manifest_lower
|
|
|
|
pubkeys=""
|
|
for key in $PUBKEYS; do
|
|
pubkeys="$pubkeys -p $key"
|
|
done
|
|
|
|
ecdsaverify -n $GOOD_SIGNATURES $pubkeys $signatures $manifest_upper
|
|
|
|
if test $? -ne 0; then
|
|
echo "Not enough valid signatures!" >&2
|
|
exit 1
|
|
fi
|
|
|
|
grep -q "^BRANCH=${BRANCH}$" $manifest_upper
|
|
|
|
if test $? -ne 0; then
|
|
echo "Wrong branch. We'are on ${BRANCH}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
my_firmware=$(grep "^${my_model} " $manifest_upper)
|
|
|
|
if test $? -ne 0; then
|
|
echo "No matching firmware found (model ${my_model})" >&2
|
|
exit 1
|
|
fi
|
|
|
|
fw_version=$(echo "${my_firmware}"|cut -d' ' -f2)
|
|
fw_md5=$(echo "${my_firmware}"|cut -d' ' -f3)
|
|
fw_file=$(echo "${my_firmware}"|cut -d' ' -f4)
|
|
|
|
if newer_than "$fw_version" "$my_version"; then
|
|
echo "New version available"
|
|
wget -O$fw_image "${BASE}/${fw_file}"
|
|
if test $? -ne 0; then
|
|
echo "Error downloading image" >&2
|
|
exit 1
|
|
fi
|
|
|
|
image_md5=$(md5sum "$fw_image"|cut -b-32)
|
|
if test "$image_md5" != "$fw_md5"; then
|
|
echo "Invalid image checksum" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo "Upgrading firmware."
|
|
|
|
sysupgrade "${fw_image}"
|
|
else
|
|
echo "No new firmware available"
|
|
fi
|
|
|
|
exit 0
|