diff mbox series

[2/2] Allow to encrypt scripts

Message ID 1514906653-28174-2-git-send-email-sbabic@denx.de
State Changes Requested
Headers show
Series [1/2] Simply rename extract_script to extract_scripts | expand

Commit Message

Stefano Babic Jan. 2, 2018, 3:24 p.m. UTC 
Scripts cannot be up now encrypted, because SWUpdate tries to run it
without decrypting. It works for local install because the script
is extracted and copied before beeing executed, but not when the script
is simply extracted from stream.

Factorize script extraction and decrypt scripts before passing them to the
handler.

Signed-off-by: Stefano Babic <sbabic@denx.de>
---
 corelib/installer.c        | 56 +++++++++++++++++++++++++++++++++++++---------
 corelib/stream_interface.c |  2 +-
 2 files changed, 46 insertions(+), 12 deletions(-)

Comments

Jeroen Hofstee Jan. 2, 2018, 9:46 p.m. UTC | #1 
Hello Stefano,

On 01/02/2018 04:24 PM, Stefano Babic wrote:
> Scripts cannot be up now encrypted, because SWUpdate tries to run it
> without decrypting. It works for local install because the script
> is extracted and copied before beeing executed, but not when the script
> is simply extracted from stream.

Happy new year! You might want to re-read above commit message
perhaps though. Especially the first part "Scripts cannot be up now 
encrypted, ..."
beeing is a bit weird as well ;)

Anyway, no objection, not that important,

Regards,
Jeroen
Stefano Babic Jan. 3, 2018, 9:58 a.m. UTC | #2 
Hi Jeroen,

On 02/01/2018 22:46, Jeroen Hofstee wrote:
> Hello Stefano,
> 
> On 01/02/2018 04:24 PM, Stefano Babic wrote:
>> Scripts cannot be up now encrypted, because SWUpdate tries to run it
>> without decrypting. It works for local install because the script
>> is extracted and copied before beeing executed, but not when the script
>> is simply extracted from stream.
> 
> Happy new year!

Happy new year !

> You might want to re-read above commit message
> perhaps though. Especially the first part "Scripts cannot be up now
> encrypted, ..."
> beeing is a bit weird as well ;)

Right, it is very confused, it looks like I have not got enough coffee
before writing it - I send V2, thanks !

> 
> Anyway, no objection, not that important,
> 

Best regards,
Stefano
diff mbox series

Patch

diff --git a/corelib/installer.c b/corelib/installer.c
index 02461f7..fc3011e 100644
--- a/corelib/installer.c
+++ b/corelib/installer.c
@@ -145,11 +145,12 @@  int check_if_required(struct imglist *list, struct filehdr *pfdh,
  * Extract all scripts from a list from the image
  * and save them on the filesystem to be executed later
  */
-static int extract_scripts(int fd, struct imglist *head, const char *dest)
+static int extract_scripts(int fd, struct imglist *head, int fromfile)
 {
 	struct img_type *script;
 	int fdout;
 	int ret = 0;
+	const char* tmpdir_scripts = get_tmpdirscripts();
 
 	LIST_FOREACH(script, head, next) {
 		if (script->provided == 0) {
@@ -159,14 +160,44 @@  static int extract_scripts(int fd, struct imglist *head, const char *dest)
 		}
 
 		snprintf(script->extract_file, sizeof(script->extract_file), "%s%s",
-				dest, script->fname);
+			 tmpdir_scripts , script->fname);
 
 		fdout = openfileoutput(script->extract_file);
 		if (fdout < 0)
 			return fdout;
 
-		ret = extract_next_file(fd, fdout, script->offset, 0,
-					script->is_encrypted, script->sha256);
+		if (fromfile)
+			ret = extract_next_file(fd, fdout, script->offset, 0,
+						script->is_encrypted, script->sha256);
+		else {
+			int fdin;
+			char *tmpfile;
+			unsigned long offset = 0;
+			uint32_t checksum;
+
+			if (asprintf(&tmpfile, "%s%s", get_tmpdir(), script->fname) ==
+				ENOMEM_ASPRINTF) {
+				ERROR("Path too long: %s%s", get_tmpdir(), script->fname);
+				close(fdout);
+				return -ENOMEM;
+			}
+
+			fdin = open(tmpfile, O_RDONLY);
+			free(tmpfile);
+			if (fdin < 0) {
+				ERROR("Extracted script not found in %s: %s %d\n",
+					get_tmpdir(), script->extract_file, errno);
+				return -ENOENT;
+			}
+
+			ret = copyfile(fdin, &fdout, script->size, &offset, 0, 0,
+					script->compressed,
+					&checksum,
+					script->sha256,
+					script->is_encrypted,
+					NULL);
+			close(fdin);
+		}
 		close(fdout);
 
 		if (ret < 0)
@@ -258,13 +289,11 @@  int install_images(struct swupdate_cfg *sw, int fdsw, int fromfile)
 	const char* TMPDIR = get_tmpdir();
 
 	/* Extract all scripts, preinstall scripts must be run now */
-	if (fromfile) {
-		const char* tmpdir_scripts = get_tmpdirscripts();
-		ret = extract_scripts(fdsw, &sw->scripts, tmpdir_scripts);
-		if (ret) {
-			ERROR("extracting script to %s failed", tmpdir_scripts);
-			return ret;
-		}
+	const char* tmpdir_scripts = get_tmpdirscripts();
+	ret = extract_scripts(fdsw, &sw->scripts, fromfile);
+	if (ret) {
+		ERROR("extracting script to %s failed", tmpdir_scripts);
+		return ret;
 	}
 
 	/* Scripts must be run before installing images */
@@ -422,6 +451,11 @@  void cleanup_files(struct swupdate_cfg *software) {
 		if (img->fname[0]) {
 			if (snprintf(fn, sizeof(fn), "%s%s", get_tmpdirscripts(),
 				     img->fname) >= (int)sizeof(fn)) {
+				ERROR("Path too long: %s%s", get_tmpdirscripts(), img->fname);
+			}
+			remove_sw_file(fn);
+			if (snprintf(fn, sizeof(fn), "%s%s", get_tmpdir(),
+				     img->fname) >= (int)sizeof(fn)) {
 				ERROR("Path too long: %s%s", TMPDIR, img->fname);
 			}
 			remove_sw_file(fn);
diff --git a/corelib/stream_interface.c b/corelib/stream_interface.c
index f0e1f3b..a200d7e 100644
--- a/corelib/stream_interface.c
+++ b/corelib/stream_interface.c
@@ -197,7 +197,7 @@  static int extract_files(int fd, struct swupdate_cfg *software)
 				 */
 				skip = check_if_required(&software->scripts, &fdh,
 							NULL,
-							get_tmpdirscripts(),
+							get_tmpdir(),
 							&img);
 			}
 			TRACE("Found file:\n\tfilename %s\n\tsize %u %s",