1#!/bin/bash 2 3# 4# Copyright (C) 2015 The Android Open Source Project 5# 6# Licensed under the Apache License, Version 2.0 (the "License"); 7# you may not use this file except in compliance with the License. 8# You may obtain a copy of the License at 9# 10# http://www.apache.org/licenses/LICENSE-2.0 11# 12# Unless required by applicable law or agreed to in writing, software 13# distributed under the License is distributed on an "AS IS" BASIS, 14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15# See the License for the specific language governing permissions and 16# limitations under the License. 17# 18 19# Script to generate a Brillo update for use by the update engine. 20# 21# usage: brillo_update_payload COMMAND [ARGS] 22# The following commands are supported: 23# generate generate an unsigned payload 24# hash generate a payload or metadata hash 25# sign generate a signed payload 26# properties generate a properties file from a payload 27# verify verify a payload by recreating a target image. 28# check verify a payload using paycheck (static testing) 29# 30# Generate command arguments: 31# --payload generated unsigned payload output file 32# --source_image if defined, generate a delta payload from the specified 33# image to the target_image 34# --target_image the target image that should be sent to clients 35# --metadata_size_file if defined, generate a file containing the size of the 36# payload metadata in bytes to the specified file 37# 38# Hash command arguments: 39# --unsigned_payload the input unsigned payload to generate the hash from 40# --signature_size signature sizes in bytes in the following format: 41# "size1:size2[:...]" 42# --payload_hash_file if defined, generate a payload hash and output to the 43# specified file 44# --metadata_hash_file if defined, generate a metadata hash and output to the 45# specified file 46# 47# Sign command arguments: 48# --unsigned_payload the input unsigned payload to insert the signatures 49# --payload the output signed payload 50# --signature_size signature sizes in bytes in the following format: 51# "size1:size2[:...]" 52# --payload_signature_file the payload signature files in the following 53# format: 54# "payload_signature1:payload_signature2[:...]" 55# --metadata_signature_file the metadata signature files in the following 56# format: 57# "metadata_signature1:metadata_signature2[:...]" 58# --metadata_size_file if defined, generate a file containing the size of 59# the signed payload metadata in bytes to the 60# specified file 61# Note that the number of signature sizes and payload signatures have to match. 62# 63# Properties command arguments: 64# --payload the input signed or unsigned payload 65# --properties_file the output path where to write the properties, or 66# '-' for stdout. 67# Verify command arguments: 68# --payload payload input file 69# --source_image verify payload to the specified source image. 70# --target_image the target image to verify upon. 71# 72# Check command arguments: 73# Symmetrical with the verify command. 74 75 76# Exit codes: 77EX_UNSUPPORTED_DELTA=100 78 79warn() { 80 echo "brillo_update_payload: warning: $*" >&2 81} 82 83die() { 84 echo "brillo_update_payload: error: $*" >&2 85 exit 1 86} 87 88# Loads shflags. We first look at the default install location; then look for 89# crosutils (chroot); finally check our own directory. 90load_shflags() { 91 local my_dir="$(dirname "$(readlink -f "$0")")" 92 local path 93 for path in /usr/share/misc "${my_dir}"/lib/shflags; do 94 if [[ -r "${path}/shflags" ]]; then 95 . "${path}/shflags" || die "Could not load ${path}/shflags." 96 return 97 fi 98 done 99 die "Could not find shflags." 100} 101 102load_shflags 103 104HELP_GENERATE="generate: Generate an unsigned update payload." 105HELP_HASH="hash: Generate the hashes of the unsigned payload and metadata used \ 106for signing." 107HELP_SIGN="sign: Insert the signatures into the unsigned payload." 108HELP_PROPERTIES="properties: Extract payload properties to a file." 109HELP_VERIFY="verify: Verify a (signed) update payload using delta_generator." 110HELP_CHECK="check: Check a (signed) update payload using paycheck (static \ 111testing)." 112 113usage() { 114 echo "Supported commands:" 115 echo 116 echo "${HELP_GENERATE}" 117 echo "${HELP_HASH}" 118 echo "${HELP_SIGN}" 119 echo "${HELP_PROPERTIES}" 120 echo "${HELP_VERIFY}" 121 echo "${HELP_CHECK}" 122 echo 123 echo "Use: \"$0 <command> --help\" for more options." 124} 125 126# Check that a command is specified. 127if [[ $# -lt 1 ]]; then 128 echo "Please specify a command [generate|hash|sign|properties|verify|check]" 129 exit 1 130fi 131 132# Parse command. 133COMMAND="${1:-}" 134shift 135 136case "${COMMAND}" in 137 generate) 138 FLAGS_HELP="${HELP_GENERATE}" 139 ;; 140 141 hash) 142 FLAGS_HELP="${HELP_HASH}" 143 ;; 144 145 sign) 146 FLAGS_HELP="${HELP_SIGN}" 147 ;; 148 149 properties) 150 FLAGS_HELP="${HELP_PROPERTIES}" 151 ;; 152 153 verify) 154 FLAGS_HELP="${HELP_VERIFY}" 155 ;; 156 157 check) 158 FLAGS_HELP="${HELP_CHECK}" 159 ;; 160 161 *) 162 echo "Unrecognized command: \"${COMMAND}\"" >&2 163 usage >&2 164 exit 1 165 ;; 166esac 167 168# Flags 169FLAGS_HELP="Usage: $0 ${COMMAND} [flags] 170${FLAGS_HELP}" 171 172if [[ "${COMMAND}" == "generate" ]]; then 173 DEFINE_string payload "" \ 174 "Path to output the generated unsigned payload file." 175 DEFINE_string target_image "" \ 176 "Path to the target image that should be sent to clients." 177 DEFINE_string source_image "" \ 178 "Optional: Path to a source image. If specified, this makes a delta update." 179 DEFINE_string metadata_size_file "" \ 180 "Optional: Path to output metadata size." 181 DEFINE_string max_timestamp "" \ 182 "Optional: The maximum unix timestamp of the OS allowed to apply this \ 183payload, should be set to a number higher than the build timestamp of the \ 184system running on the device, 0 if not specified." 185fi 186if [[ "${COMMAND}" == "hash" || "${COMMAND}" == "sign" ]]; then 187 DEFINE_string unsigned_payload "" "Path to the input unsigned payload." 188 DEFINE_string signature_size "" \ 189 "Signature sizes in bytes in the following format: size1:size2[:...]" 190fi 191if [[ "${COMMAND}" == "hash" ]]; then 192 DEFINE_string metadata_hash_file "" \ 193 "Optional: Path to output metadata hash file." 194 DEFINE_string payload_hash_file "" \ 195 "Optional: Path to output payload hash file." 196fi 197if [[ "${COMMAND}" == "sign" ]]; then 198 DEFINE_string payload "" \ 199 "Path to output the generated unsigned payload file." 200 DEFINE_string metadata_signature_file "" \ 201 "The metatada signatures in the following format: \ 202metadata_signature1:metadata_signature2[:...]" 203 DEFINE_string payload_signature_file "" \ 204 "The payload signatures in the following format: \ 205payload_signature1:payload_signature2[:...]" 206 DEFINE_string metadata_size_file "" \ 207 "Optional: Path to output metadata size." 208fi 209if [[ "${COMMAND}" == "properties" ]]; then 210 DEFINE_string payload "" \ 211 "Path to the input signed or unsigned payload file." 212 DEFINE_string properties_file "-" \ 213 "Path to output the extracted property files. If '-' is passed stdout will \ 214be used." 215fi 216if [[ "${COMMAND}" == "verify" || "${COMMAND}" == "check" ]]; then 217 DEFINE_string payload "" \ 218 "Path to the input payload file." 219 DEFINE_string target_image "" \ 220 "Path to the target image to verify upon." 221 DEFINE_string source_image "" \ 222 "Optional: Path to a source image. If specified, the delta update is \ 223applied to this." 224fi 225 226DEFINE_string work_dir "${TMPDIR:-/tmp}" "Where to dump temporary files." 227 228# Parse command line flag arguments 229FLAGS "$@" || exit 1 230eval set -- "${FLAGS_ARGV}" 231set -e 232 233# Override the TMPDIR with the passed work_dir flags, which anyway defaults to 234# ${TMPDIR}. 235TMPDIR="${FLAGS_work_dir}" 236export TMPDIR 237 238# Associative arrays from partition name to file in the source and target 239# images. The size of the updated area must be the size of the file. 240declare -A SRC_PARTITIONS 241declare -A DST_PARTITIONS 242 243# Associative arrays for the .map files associated with each src/dst partition 244# file in SRC_PARTITIONS and DST_PARTITIONS. 245declare -A SRC_PARTITIONS_MAP 246declare -A DST_PARTITIONS_MAP 247 248# List of partition names in order. 249declare -a PARTITIONS_ORDER 250 251# A list of PIDs of the extract_image workers. 252EXTRACT_IMAGE_PIDS=() 253 254# A list of temporary files to remove during cleanup. 255CLEANUP_FILES=() 256 257# Global options to force the version of the payload. 258FORCE_MAJOR_VERSION="" 259FORCE_MINOR_VERSION="" 260 261# Path to the postinstall config file in target image if exists. 262POSTINSTALL_CONFIG_FILE="" 263 264# Path to the dynamic partition info file in target image if exists. 265DYNAMIC_PARTITION_INFO_FILE="" 266 267# read_option_int <file.txt> <option_key> [default_value] 268# 269# Reads the unsigned integer value associated with |option_key| in a key=value 270# file |file.txt|. Prints the read value if found and valid, otherwise prints 271# the |default_value|. 272read_option_uint() { 273 local file_txt="$1" 274 local option_key="$2" 275 local default_value="${3:-}" 276 local value 277 if value=$(look "${option_key}=" "${file_txt}" | tail -n 1); then 278 if value=$(echo "${value}" | cut -f 2- -d "=" | grep -E "^[0-9]+$"); then 279 echo "${value}" 280 return 281 fi 282 fi 283 echo "${default_value}" 284} 285 286# truncate_file <file_path> <file_size> 287# 288# Truncate the given |file_path| to |file_size| using python. 289# The truncate binary might not be available. 290truncate_file() { 291 local file_path="$1" 292 local file_size="$2" 293 python -c "open(\"${file_path}\", 'a').truncate(${file_size})" 294} 295 296# Create a temporary file in the work_dir with an optional pattern name. 297# Prints the name of the newly created file. 298create_tempfile() { 299 local pattern="${1:-tempfile.XXXXXX}" 300 mktemp --tmpdir="${FLAGS_work_dir}" "${pattern}" 301} 302 303cleanup() { 304 local err="" 305 rm -f "${CLEANUP_FILES[@]}" || err=1 306 307 # If we are cleaning up after an error, or if we got an error during 308 # cleanup (even if we eventually succeeded) return a non-zero exit 309 # code. This triggers additional logging in most environments that call 310 # this script. 311 if [[ -n "${err}" ]]; then 312 die "Cleanup encountered an error." 313 fi 314} 315 316cleanup_on_error() { 317 trap - INT TERM ERR EXIT 318 cleanup 319 die "Cleanup success after an error." 320} 321 322cleanup_on_exit() { 323 trap - INT TERM ERR EXIT 324 cleanup 325} 326 327trap cleanup_on_error INT TERM ERR 328trap cleanup_on_exit EXIT 329 330 331# extract_image <image> <partitions_array> [partitions_order] 332# 333# Detect the format of the |image| file and extract its updatable partitions 334# into new temporary files. Add the list of partition names and its files to the 335# associative array passed in |partitions_array|. If |partitions_order| is 336# passed, set it to list of partition names in order. 337extract_image() { 338 local image="$1" 339 340 # Brillo images are zip files. We detect the 4-byte magic header of the zip 341 # file. 342 local magic=$(xxd -p -l4 "${image}") 343 if [[ "${magic}" == "504b0304" ]]; then 344 echo "Detected .zip file, extracting Brillo image." 345 extract_image_brillo "$@" 346 return 347 fi 348 349 # Chrome OS images are GPT partitioned disks. We should have the cgpt binary 350 # bundled here and we will use it to extract the partitions, so the GPT 351 # headers must be valid. 352 if cgpt show -q -n "${image}" >/dev/null; then 353 echo "Detected GPT image, extracting Chrome OS image." 354 extract_image_cros "$@" 355 return 356 fi 357 358 die "Couldn't detect the image format of ${image}" 359} 360 361# extract_image_cros <image.bin> <partitions_array> [partitions_order] 362# 363# Extract Chromium OS recovery images into new temporary files. 364extract_image_cros() { 365 local image="$1" 366 local partitions_array="$2" 367 local partitions_order="${3:-}" 368 369 local kernel root 370 kernel=$(create_tempfile "kernel.bin.XXXXXX") 371 CLEANUP_FILES+=("${kernel}") 372 root=$(create_tempfile "root.bin.XXXXXX") 373 CLEANUP_FILES+=("${root}") 374 375 cros_generate_update_payload --extract \ 376 --image "${image}" \ 377 --kern_path "${kernel}" --root_path "${root}" 378 379 # Chrome OS now uses major_version 2 payloads for all boards. 380 # See crbug.com/794404 for more information. 381 FORCE_MAJOR_VERSION="2" 382 383 eval ${partitions_array}[kernel]=\""${kernel}"\" 384 eval ${partitions_array}[root]=\""${root}"\" 385 386 if [[ -n "${partitions_order}" ]]; then 387 eval "${partitions_order}=( \"root\" \"kernel\" )" 388 fi 389 390 local part varname 391 for part in kernel root; do 392 varname="${partitions_array}[${part}]" 393 printf "md5sum of %s: " "${varname}" 394 md5sum "${!varname}" 395 done 396} 397 398# extract_partition_brillo <target_files.zip> <partitions_array> <partition> 399# <part_file> <part_map_file> 400# 401# Extract the <partition> from target_files zip file into <part_file> and its 402# map file into <part_map_file>. 403extract_partition_brillo() { 404 local image="$1" 405 local partitions_array="$2" 406 local part="$3" 407 local part_file="$4" 408 local part_map_file="$5" 409 410 # For each partition, we in turn look for its image file under IMAGES/ and 411 # RADIO/ in the given target_files zip file. 412 local path path_in_zip 413 for path in IMAGES RADIO; do 414 if unzip -l "${image}" "${path}/${part}.img" >/dev/null; then 415 path_in_zip="${path}" 416 break 417 fi 418 done 419 [[ -n "${path_in_zip}" ]] || die "Failed to find ${part}.img" 420 unzip -p "${image}" "${path_in_zip}/${part}.img" >"${part_file}" 421 422 # If the partition is stored as an Android sparse image file, we need to 423 # convert them to a raw image for the update. 424 local magic=$(xxd -p -l4 "${part_file}") 425 if [[ "${magic}" == "3aff26ed" ]]; then 426 local temp_sparse=$(create_tempfile "${part}.sparse.XXXXXX") 427 echo "Converting Android sparse image ${part}.img to RAW." 428 mv "${part_file}" "${temp_sparse}" 429 simg2img "${temp_sparse}" "${part_file}" 430 rm -f "${temp_sparse}" 431 fi 432 433 # Extract the .map file (if one is available). 434 unzip -p "${image}" "${path_in_zip}/${part}.map" >"${part_map_file}" \ 435 2>/dev/null || true 436 437 # delta_generator only supports images multiple of 4 KiB. For target images 438 # we pad the data with zeros if needed, but for source images we truncate 439 # down the data since the last block of the old image could be padded on 440 # disk with unknown data. 441 local filesize=$(stat -c%s "${part_file}") 442 if [[ $(( filesize % 4096 )) -ne 0 ]]; then 443 if [[ "${partitions_array}" == "SRC_PARTITIONS" ]]; then 444 echo "Rounding DOWN partition ${part}.img to a multiple of 4 KiB." 445 : $(( filesize = filesize & -4096 )) 446 else 447 echo "Rounding UP partition ${part}.img to a multiple of 4 KiB." 448 : $(( filesize = (filesize + 4095) & -4096 )) 449 fi 450 truncate_file "${part_file}" "${filesize}" 451 fi 452 453 echo "Extracted ${partitions_array}[${part}]: ${filesize} bytes" 454} 455 456# extract_image_brillo <target_files.zip> <partitions_array> [partitions_order] 457# 458# Extract the A/B updated partitions from a Brillo target_files zip file into 459# new temporary files. 460extract_image_brillo() { 461 local image="$1" 462 local partitions_array="$2" 463 local partitions_order="${3:-}" 464 465 local partitions=( "boot" "system" ) 466 local ab_partitions_list 467 ab_partitions_list=$(create_tempfile "ab_partitions_list.XXXXXX") 468 CLEANUP_FILES+=("${ab_partitions_list}") 469 if unzip -p "${image}" "META/ab_partitions.txt" >"${ab_partitions_list}"; then 470 if grep -v -E '^[a-zA-Z0-9_-]*$' "${ab_partitions_list}" >&2; then 471 die "Invalid partition names found in the partition list." 472 fi 473 # Get partition list without duplicates. 474 partitions=($(awk '!seen[$0]++' "${ab_partitions_list}")) 475 if [[ ${#partitions[@]} -eq 0 ]]; then 476 die "The list of partitions is empty. Can't generate a payload." 477 fi 478 else 479 warn "No ab_partitions.txt found. Using default." 480 fi 481 echo "List of A/B partitions for ${partitions_array}: ${partitions[@]}" 482 483 if [[ -n "${partitions_order}" ]]; then 484 eval "${partitions_order}=(${partitions[@]})" 485 fi 486 487 # All Brillo updaters support major version 2. 488 FORCE_MAJOR_VERSION="2" 489 490 if [[ "${partitions_array}" == "SRC_PARTITIONS" ]]; then 491 # Source image 492 local ue_config=$(create_tempfile "ue_config.XXXXXX") 493 CLEANUP_FILES+=("${ue_config}") 494 if ! unzip -p "${image}" "META/update_engine_config.txt" \ 495 >"${ue_config}"; then 496 warn "No update_engine_config.txt found. Assuming pre-release image, \ 497using payload minor version 2" 498 fi 499 # For delta payloads, we use the major and minor version supported by the 500 # old updater. 501 FORCE_MINOR_VERSION=$(read_option_uint "${ue_config}" \ 502 "PAYLOAD_MINOR_VERSION" 2) 503 FORCE_MAJOR_VERSION=$(read_option_uint "${ue_config}" \ 504 "PAYLOAD_MAJOR_VERSION" 2) 505 506 # Brillo support for deltas started with minor version 3. 507 if [[ "${FORCE_MINOR_VERSION}" -le 2 ]]; then 508 warn "No delta support from minor version ${FORCE_MINOR_VERSION}. \ 509Disabling deltas for this source version." 510 exit ${EX_UNSUPPORTED_DELTA} 511 fi 512 else 513 # Target image 514 local postinstall_config=$(create_tempfile "postinstall_config.XXXXXX") 515 CLEANUP_FILES+=("${postinstall_config}") 516 if unzip -p "${image}" "META/postinstall_config.txt" \ 517 >"${postinstall_config}"; then 518 POSTINSTALL_CONFIG_FILE="${postinstall_config}" 519 fi 520 local dynamic_partitions_info=$(create_tempfile "dynamic_partitions_info.XXXXXX") 521 CLEANUP_FILES+=("${dynamic_partitions_info}") 522 if unzip -p "${image}" "META/dynamic_partitions_info.txt" \ 523 >"${dynamic_partitions_info}"; then 524 DYNAMIC_PARTITION_INFO_FILE="${dynamic_partitions_info}" 525 fi 526 fi 527 528 local part 529 for part in "${partitions[@]}"; do 530 local part_file=$(create_tempfile "${part}.img.XXXXXX") 531 local part_map_file=$(create_tempfile "${part}.map.XXXXXX") 532 CLEANUP_FILES+=("${part_file}" "${part_map_file}") 533 # Extract partitions in background. 534 extract_partition_brillo "${image}" "${partitions_array}" "${part}" \ 535 "${part_file}" "${part_map_file}" & 536 EXTRACT_IMAGE_PIDS+=("$!") 537 eval "${partitions_array}[\"${part}\"]=\"${part_file}\"" 538 eval "${partitions_array}_MAP[\"${part}\"]=\"${part_map_file}\"" 539 done 540} 541 542# cleanup_partition_array <partitions_array> 543# 544# Remove all empty files in <partitions_array>. 545cleanup_partition_array() { 546 local partitions_array="$1" 547 # Have to use eval to iterate over associative array keys with variable array 548 # names, we should change it to use nameref once bash 4.3 is available 549 # everywhere. 550 for part in $(eval "echo \${!${partitions_array}[@]}"); do 551 local path="${partitions_array}[$part]" 552 if [[ ! -s "${!path}" ]]; then 553 eval "unset ${partitions_array}[${part}]" 554 fi 555 done 556} 557 558extract_payload_images() { 559 local payload_type=$1 560 echo "Extracting images for ${payload_type} update." 561 562 if [[ "${payload_type}" == "delta" ]]; then 563 extract_image "${FLAGS_source_image}" SRC_PARTITIONS 564 fi 565 extract_image "${FLAGS_target_image}" DST_PARTITIONS PARTITIONS_ORDER 566 # Wait for all subprocesses to finish. Not using `wait` since it doesn't die 567 # on non-zero subprocess exit code. Not using `wait ${EXTRACT_IMAGE_PIDS[@]}` 568 # as it gives the status of the last process it has waited for. 569 for pid in ${EXTRACT_IMAGE_PIDS[@]}; do 570 wait ${pid} 571 done 572 cleanup_partition_array SRC_PARTITIONS 573 cleanup_partition_array SRC_PARTITIONS_MAP 574 cleanup_partition_array DST_PARTITIONS 575 cleanup_partition_array DST_PARTITIONS_MAP 576} 577 578get_payload_type() { 579 if [[ -z "${FLAGS_source_image}" ]]; then 580 echo "full" 581 else 582 echo "delta" 583 fi 584} 585 586validate_generate() { 587 [[ -n "${FLAGS_payload}" ]] || 588 die "You must specify an output filename with --payload FILENAME" 589 590 [[ -n "${FLAGS_target_image}" ]] || 591 die "You must specify a target image with --target_image FILENAME" 592} 593 594cmd_generate() { 595 local payload_type=$(get_payload_type) 596 extract_payload_images ${payload_type} 597 598 echo "Generating ${payload_type} update." 599 # Common payload args: 600 GENERATOR_ARGS=( --out_file="${FLAGS_payload}" ) 601 602 local part old_partitions="" new_partitions="" partition_names="" 603 local old_mapfiles="" new_mapfiles="" 604 for part in "${PARTITIONS_ORDER[@]}"; do 605 if [[ -n "${partition_names}" ]]; then 606 partition_names+=":" 607 new_partitions+=":" 608 old_partitions+=":" 609 new_mapfiles+=":" 610 old_mapfiles+=":" 611 fi 612 partition_names+="${part}" 613 new_partitions+="${DST_PARTITIONS[${part}]}" 614 old_partitions+="${SRC_PARTITIONS[${part}]:-}" 615 new_mapfiles+="${DST_PARTITIONS_MAP[${part}]:-}" 616 old_mapfiles+="${SRC_PARTITIONS_MAP[${part}]:-}" 617 done 618 619 # Target image args: 620 GENERATOR_ARGS+=( 621 --partition_names="${partition_names}" 622 --new_partitions="${new_partitions}" 623 --new_mapfiles="${new_mapfiles}" 624 ) 625 626 if [[ "${payload_type}" == "delta" ]]; then 627 # Source image args: 628 GENERATOR_ARGS+=( 629 --old_partitions="${old_partitions}" 630 --old_mapfiles="${old_mapfiles}" 631 ) 632 if [[ -n "${FORCE_MINOR_VERSION}" ]]; then 633 GENERATOR_ARGS+=( --minor_version="${FORCE_MINOR_VERSION}" ) 634 fi 635 fi 636 637 if [[ -n "${FORCE_MAJOR_VERSION}" ]]; then 638 GENERATOR_ARGS+=( --major_version="${FORCE_MAJOR_VERSION}" ) 639 fi 640 641 if [[ -n "${FLAGS_metadata_size_file}" ]]; then 642 GENERATOR_ARGS+=( --out_metadata_size_file="${FLAGS_metadata_size_file}" ) 643 fi 644 645 if [[ -n "${FLAGS_max_timestamp}" ]]; then 646 GENERATOR_ARGS+=( --max_timestamp="${FLAGS_max_timestamp}" ) 647 fi 648 649 if [[ -n "${POSTINSTALL_CONFIG_FILE}" ]]; then 650 GENERATOR_ARGS+=( 651 --new_postinstall_config_file="${POSTINSTALL_CONFIG_FILE}" 652 ) 653 fi 654 655 if [[ -n "{DYNAMIC_PARTITION_INFO_FILE}" ]]; then 656 GENERATOR_ARGS+=( 657 --dynamic_partition_info_file="${DYNAMIC_PARTITION_INFO_FILE}" 658 ) 659 fi 660 661 echo "Running delta_generator with args: ${GENERATOR_ARGS[@]}" 662 "${GENERATOR}" "${GENERATOR_ARGS[@]}" 663 664 echo "Done generating ${payload_type} update." 665} 666 667validate_hash() { 668 [[ -n "${FLAGS_signature_size}" ]] || 669 die "You must specify signature size with --signature_size SIZES" 670 671 [[ -n "${FLAGS_unsigned_payload}" ]] || 672 die "You must specify the input unsigned payload with \ 673--unsigned_payload FILENAME" 674 675 [[ -n "${FLAGS_payload_hash_file}" ]] || 676 die "You must specify --payload_hash_file FILENAME" 677 678 [[ -n "${FLAGS_metadata_hash_file}" ]] || 679 die "You must specify --metadata_hash_file FILENAME" 680} 681 682cmd_hash() { 683 "${GENERATOR}" \ 684 --in_file="${FLAGS_unsigned_payload}" \ 685 --signature_size="${FLAGS_signature_size}" \ 686 --out_hash_file="${FLAGS_payload_hash_file}" \ 687 --out_metadata_hash_file="${FLAGS_metadata_hash_file}" 688 689 echo "Done generating hash." 690} 691 692validate_sign() { 693 [[ -n "${FLAGS_signature_size}" ]] || 694 die "You must specify signature size with --signature_size SIZES" 695 696 [[ -n "${FLAGS_unsigned_payload}" ]] || 697 die "You must specify the input unsigned payload with \ 698--unsigned_payload FILENAME" 699 700 [[ -n "${FLAGS_payload}" ]] || 701 die "You must specify the output signed payload with --payload FILENAME" 702 703 [[ -n "${FLAGS_payload_signature_file}" ]] || 704 die "You must specify the payload signature file with \ 705--payload_signature_file SIGNATURES" 706 707 [[ -n "${FLAGS_metadata_signature_file}" ]] || 708 die "You must specify the metadata signature file with \ 709--metadata_signature_file SIGNATURES" 710} 711 712cmd_sign() { 713 GENERATOR_ARGS=( 714 --in_file="${FLAGS_unsigned_payload}" 715 --signature_size="${FLAGS_signature_size}" 716 --payload_signature_file="${FLAGS_payload_signature_file}" 717 --metadata_signature_file="${FLAGS_metadata_signature_file}" 718 --out_file="${FLAGS_payload}" 719 ) 720 721 if [[ -n "${FLAGS_metadata_size_file}" ]]; then 722 GENERATOR_ARGS+=( --out_metadata_size_file="${FLAGS_metadata_size_file}" ) 723 fi 724 725 "${GENERATOR}" "${GENERATOR_ARGS[@]}" 726 echo "Done signing payload." 727} 728 729validate_properties() { 730 [[ -n "${FLAGS_payload}" ]] || 731 die "You must specify the payload file with --payload FILENAME" 732 733 [[ -n "${FLAGS_properties_file}" ]] || 734 die "You must specify a non empty --properties_file FILENAME" 735} 736 737cmd_properties() { 738 "${GENERATOR}" \ 739 --in_file="${FLAGS_payload}" \ 740 --properties_file="${FLAGS_properties_file}" 741} 742 743validate_verify_and_check() { 744 [[ -n "${FLAGS_payload}" ]] || 745 die "Error: you must specify an input filename with --payload FILENAME" 746 747 [[ -n "${FLAGS_target_image}" ]] || 748 die "Error: you must specify a target image with --target_image FILENAME" 749} 750 751cmd_verify() { 752 local payload_type=$(get_payload_type) 753 extract_payload_images ${payload_type} 754 755 declare -A TMP_PARTITIONS 756 for part in "${PARTITIONS_ORDER[@]}"; do 757 local tmp_part=$(create_tempfile "tmp_part.bin.XXXXXX") 758 echo "Creating temporary target partition ${tmp_part} for ${part}" 759 CLEANUP_FILES+=("${tmp_part}") 760 TMP_PARTITIONS[${part}]=${tmp_part} 761 local FILESIZE=$(stat -c%s "${DST_PARTITIONS[${part}]}") 762 echo "Truncating ${TMP_PARTITIONS[${part}]} to ${FILESIZE}" 763 truncate_file "${TMP_PARTITIONS[${part}]}" "${FILESIZE}" 764 done 765 766 echo "Verifying ${payload_type} update." 767 # Common payload args: 768 GENERATOR_ARGS=( --in_file="${FLAGS_payload}" ) 769 770 local part old_partitions="" new_partitions="" partition_names="" 771 for part in "${PARTITIONS_ORDER[@]}"; do 772 if [[ -n "${partition_names}" ]]; then 773 partition_names+=":" 774 new_partitions+=":" 775 old_partitions+=":" 776 fi 777 partition_names+="${part}" 778 new_partitions+="${TMP_PARTITIONS[${part}]}" 779 old_partitions+="${SRC_PARTITIONS[${part}]:-}" 780 done 781 782 # Target image args: 783 GENERATOR_ARGS+=( 784 --partition_names="${partition_names}" 785 --new_partitions="${new_partitions}" 786 ) 787 788 if [[ "${payload_type}" == "delta" ]]; then 789 # Source image args: 790 GENERATOR_ARGS+=( 791 --old_partitions="${old_partitions}" 792 ) 793 fi 794 795 if [[ -n "${FORCE_MAJOR_VERSION}" ]]; then 796 GENERATOR_ARGS+=( --major_version="${FORCE_MAJOR_VERSION}" ) 797 fi 798 799 echo "Running delta_generator to verify ${payload_type} payload with args: \ 800${GENERATOR_ARGS[@]}" 801 "${GENERATOR}" "${GENERATOR_ARGS[@]}" || true 802 803 echo "Done applying ${payload_type} update." 804 echo "Checking the newly generated partitions against the target partitions" 805 local need_pause=false 806 for part in "${PARTITIONS_ORDER[@]}"; do 807 local not_str="" 808 if ! cmp "${TMP_PARTITIONS[${part}]}" "${DST_PARTITIONS[${part}]}"; then 809 not_str="in" 810 need_pause=true 811 fi 812 echo "The new partition (${part}) is ${not_str}valid." 813 done 814 # All images will be cleaned up when script exits, pause here to give a chance 815 # to inspect the images. 816 if [[ "$need_pause" == true ]]; then 817 read -n1 -r -s -p "Paused to investigate invalid partitions, \ 818press any key to exit." 819 fi 820} 821 822cmd_check() { 823 local payload_type=$(get_payload_type) 824 extract_payload_images ${payload_type} 825 826 local part dst_partitions="" src_partitions="" 827 for part in "${PARTITIONS_ORDER[@]}"; do 828 if [[ -n "${dst_partitions}" ]]; then 829 dst_partitions+=" " 830 src_partitions+=" " 831 fi 832 dst_partitions+="${DST_PARTITIONS[${part}]}" 833 src_partitions+="${SRC_PARTITIONS[${part}]:-}" 834 done 835 836 # Common payload args: 837 PAYCHECK_ARGS=( "${FLAGS_payload}" --type ${payload_type} \ 838 --part_names ${PARTITIONS_ORDER[@]} \ 839 --dst_part_paths ${dst_partitions} ) 840 841 if [[ ! -z "${SRC_PARTITIONS[@]}" ]]; then 842 PAYCHECK_ARGS+=( --src_part_paths ${src_partitions} ) 843 fi 844 845 echo "Checking ${payload_type} update." 846 check_update_payload ${PAYCHECK_ARGS[@]} --check 847} 848 849# Sanity check that the real generator exists: 850GENERATOR="$(which delta_generator || true)" 851[[ -x "${GENERATOR}" ]] || die "can't find delta_generator" 852 853case "$COMMAND" in 854 generate) validate_generate 855 cmd_generate 856 ;; 857 hash) validate_hash 858 cmd_hash 859 ;; 860 sign) validate_sign 861 cmd_sign 862 ;; 863 properties) validate_properties 864 cmd_properties 865 ;; 866 verify) validate_verify_and_check 867 cmd_verify 868 ;; 869 check) validate_verify_and_check 870 cmd_check 871 ;; 872esac 873