On Fri, 23 Aug 2019 at 08:15, Rafał Miłecki <zaj...@gmail.com> wrote: > So far firmware validation result was binary limited: it was either > successful or not. That meant various limitations, e.g.: > 1) Lack of proper feedback on validation problems > 2) No way of marking firmware as totally broken (impossible to install) > > This change introduces JSON for storing detailed validation info. It > provides a list of performed validation tests and their results. It > allows marking firmware as non-forceable (broken image that can't be > even forced to install). > Example: > { > "tests": { > "fwtool_signature": true, > "fwtool_device_match": true > }, > "valid": true, > "forceable": true > } > > Implementation is based on *internal* check_image bash script that: > 1) Uses existing validation functions > 2) Provides helpers for setting extra validation info > > This allows e.g. platform_check_image() to call notify_check_broken() > when needed & prevent user from bricking a device. > > Right now the new JSON info is used by /sbin/sysupgrade only. It's > already a nice gain as it stops users from installing broken images. > > Further plans for this feature are: > 1) Expose firmware validation using some new ubus method > 2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus > method so: > a) It's possible to safely sysupgrade using ubus only > b) /sbin/sysupgrade can be more like just a CLI
I decided to: 1) Use more accurate "validate_firmware_image" executable 2) Don't modify /sbin/sysupgrade to use "forceable". That was extending /sbin/sysupgrade which we should rather avoid in order to focus on more generic ubus method. _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel