rootfs: check md5sum of firmware before update

Check md5sums of files in the wrs-firmware.tar with stored in file checksums.md5. When checksum does not match abort the update. Signed-off-by: Adam Wujek <adam.wujek@cern.ch>

rootfs: check md5sum of firmware before update
Check md5sums of files in the wrs-firmware.tar with stored in file checksums.md5. When checksum does not match abort the update. Signed-off-by: Adam Wujek <adam.wujek@cern.ch>
cfab080a · Adam Wujek · dd245fae · cfab080a · cfab080a · cfab080a
Commit cfab080a authored Jun 13, 2016 by Adam Wujek 💬
Showing with 77 additions and 4 deletions

wrs_build_wraprootfs build/scripts/wrs_build_wraprootfs +10 -0

wrs-user-manual.in doc/wrs-user-manual.in +17 -4

wrs-boot-procedure userspace/rootfs_override/etc/init.d/wrs-boot-procedure +50 -0

No files found.
--- a/build/scripts/wrs_build_wraprootfs
+++ b/build/scripts/wrs_build_wraprootfs
@@ -102,7 +102,17 @@ fakeroot bash $WRS_SH_OPTIONS $TMPSCRIPT
 #  - wrs-usr.tar.gz
 # Actually, the pack is already built by "wrs_build_wraprootfs", so check
 packlist="at91bootstrap.bin barebox.bin zImage wrs-initramfs.gz wrs-usr.tar.gz"
+checksum_file="checksums.md5"

+wrs_echo "--- Calculating checksums";
+rm -f "$WRS_OUTPUT_DIR/images/$checksum_file"
+for file in $packlist; do
+      (cd "$WRS_OUTPUT_DIR/images" && md5sum "$file" >> "$checksum_file")
+done
+
+# Put $checksum_file first into the archive. In case the archive is damaged,
+# the beginning of the archive has the biggest chance to be untuched
+packlist="$checksum_file $packlist"
 # Check if the current git repo correspond to a tag
 version=$(cd $WRS_BASE_DIR; git describe --always --dirty)
 # If prefix 'wr-switch-sw-' is not set in tagname, we force it to

--- a/doc/wrs-user-manual.in
+++ b/doc/wrs-user-manual.in
@@ -141,18 +141,31 @@ V1 and V2 were development items, never shipped.
 @chapter Upgrading WRS Software

 The @sc{wrs} is shipped with a current version of its software image,
-which is sometiems called @i{firmware}.
+which is sometimes called @i{firmware}.
 If your devices are running a previous version of the software you may
 want to upgrade, or you may want to replace the firmware images after
 rebuilding your own, as explained in the @i{Developer's Manual}.

-If you run version 4.1 or later, you can ignore this chapter, that
+If you run version 4.1 or later please copy @t{wrs-firmware.tar} file into
+the @t{/update} partition via @t{scp} or web-interface and restart your switch.
+
+When the running version during the update is at least 4.3, then update script
+performs the check of md5sums of all files inside @t{wrs-firmware.tar}.
+In case at least one checksum is wrong then update is aborted.
+The @t{wrs-firmware.tar} containing corrupted file is renamed to
+@t{wrs-firmware.tar.checksum_error}. This file is automatically removed during
+the next successful update.
+
+When checksums in the @t{wrs-firmware.tar} are not available
+(for example during downgrading) appropriate warning message is printed.
+
+If this method works for you, you can ignore this chapter, which
 explains a transition between the initial way we passed MAC addresses
 and the safer approach we introduced in v4.1

 @c ==========================================================================
-@node hwinfo
-@section hwinfo
+@node hwinfo for pre-v4.1
+@section hwinfo for pre-v4.1

 Version 4.1 (October 2014) and later ones use a new way to pass
 hardware information to all levels of software, such information

--- a/userspace/rootfs_override/etc/init.d/wrs-boot-procedure
+++ b/userspace/rootfs_override/etc/init.d/wrs-boot-procedure
@@ -5,6 +5,8 @@
 # Warning: this file (and only this one) is executed in initramfs
 # *before* /etc is copied from flash, so you can't edit this on
 # flash, as it won't work. This can only be modified at build time.
+# Don't run/access anything from /usr, because it is not mounted until
+# the end of this file.

 echo "$0: Running"

@@ -126,6 +128,54 @@ reboot=false
 #whether to change date of last update
 change_update_date=false

+checksum_error=false
+
+# commands below are links to the busybox from /usr, which is not mounted yet
+# at this moment
+md5sum_bin="/bin/busybox md5sum"
+cut_bin="/bin/busybox cut"
+
+# check checksums, but only if we have $WRS_FW archive
+if [ -f /update/$WRS_FW  ]; then
+    tar -xOf /update/$WRS_FW checksums.md5 &>/dev/null
+    if [ $? != 0 ]; then
+	echo -e "\nWarning: File with checksums for the new firmware not found\n" | $TEE /dev/ttyGS0
+    else
+	echo "Verifying checksums of the new firmware" | $TEE /dev/ttyGS0
+	for file in `tar -tf /update/$WRS_FW`; do
+	    if [ x"$file" = x"checksums.md5" ]; then
+		continue;
+	    fi
+	    echo -n "Checking $file ... " | $TEE /dev/ttyGS0
+	    sum=`tar -xOf /update/$WRS_FW $file | $md5sum_bin  | $cut_bin -f 1 -d " "`
+	    expected_sum=`tar -xOf /update/$WRS_FW checksums.md5 | grep "$file" | $cut_bin -f 1 -d " "`
+	    if [ x"$expected_sum" = x"" ]; then
+		echo "Error no checksum found for file $file" | $TEE /dev/ttyGS0
+		checksum_error=true
+	    else
+		echo "$expected_sum" | grep "$sum" > /dev/null
+		if [ $? != 0 ]; then
+		    echo "Checksum error! Expected $expected_sum, calculated $sum" | $TEE /dev/ttyGS0
+		    checksum_error=true
+		else
+		    echo "OK" | $TEE /dev/ttyGS0
+		fi
+	    fi
+	done
+	if [ $checksum_error = true ]; then
+	    echo -e "\nChecksum error! skip firmware update!\n" | $TEE /dev/ttyGS0
+	    mv /update/"$WRS_FW" /update/"$WRS_FW".checksum_error
+	else
+	    if [ -f /update/"$WRS_FW".checksum_error ]; then
+		echo "Remove file /update/"$WRS_FW".checksum_error" | $TEE /dev/ttyGS0
+		rm -f /update/"$WRS_FW".checksum_error
+	    fi
+	fi
+    fi
+
+fi
+
+
 # First: update usr: we may have the whole thing, or just wrs-usr.tar.gz
 if [ -f /update/$WRS_FW -o -f /update/$WRS_USR ]; then
    # FIXME: save configuration somewhere, and recover it later