From patchwork Thu May 19 18:21:02 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sven Eckelmann <sven.eckelmann@open-mesh.com>
X-Patchwork-Id: 624190
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (caladan.dune.hu [78.24.191.180])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3r9fh45GlCz9sdg
	for <incoming@patchwork.ozlabs.org>;
	Fri, 20 May 2016 04:28:04 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=open-mesh-com.20150623.gappssmtp.com
	header.i=@open-mesh-com.20150623.gappssmtp.com
	header.b=mR59DQvi; dkim-atps=neutral
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 9598EB92071;
	Thu, 19 May 2016 20:22:49 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,T_DKIM_INVALID
	autolearn=unavailable autolearn_force=no version=3.4.1
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP;
	Thu, 19 May 2016 20:22:49 +0200 (CEST)
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id AF9CAB91FDE
	for <openwrt-devel@lists.openwrt.org>;
	Thu, 19 May 2016 20:22:03 +0200 (CEST)
X-policyd-weight: using cached result; rate:hard: -7
Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com
	[74.125.82.48]) by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Thu, 19 May 2016 20:22:03 +0200 (CEST)
Received: by mail-wm0-f48.google.com with SMTP id n129so48257956wmn.1
	for <openwrt-devel@lists.openwrt.org>;
	Thu, 19 May 2016 11:22:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=open-mesh-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=07Kaf7JARvy5DJqX/No3sn4OVxHlPYuXjl7dM2Si2IE=;
	b=mR59DQvi4JxO+d+e67E5Bgo1TLqs+EEAy2ENYAiRW1GNH1XfjUGu8XDluClufxlfi3
	059UBiJe3y4NSOBSw+R8KZaZUnhLqpuOLH8rNcvd39xXbLAYUgjGrgDJwmDMBxGPwOZB
	h+5gme5DPK+5bHFoi3sOeGC5QnrcDqTVPyG6dLZE8n8LyYEpF/0vVAGmvFY+5bzCGyaw
	vvK8S7XcKDC/PVKwaT5YMRT7aJvh0q8AoCPzsvgXovwy35uSKAqh79epi8B1V4fb1WRA
	UQzrM7IrEPQSHno4wyyZNx5xYhhPVjrMZBtcg+qXlxJYr5g5RcC4yY7ky+gxnd/1qBdT
	wiAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=07Kaf7JARvy5DJqX/No3sn4OVxHlPYuXjl7dM2Si2IE=;
	b=OvZ/MX0CPiLzXZJ/GnZpMNZBbfeYOyQzHI4QX2bQqX63SjkRXxF1NVQiLex6MebJGQ
	Up/OCccJVTEGK6D6uXwCMEvXOyoWZyYeIWIPuJ1FqBIC2AXAhR5Q4Oj1Gfglc17KHhcM
	ucEiP4/bLxVus2FRGYizy1fgX/hVAo+/jrx8uj63I/uy0OoLjouBbtESsGDr96dRi6wO
	zSGLKXOrtZ24H87lsV+tnJcRey7m0dwSd/h3Xx2SPpF3OkRnR/TdpUr7sicwCpzTTbQ9
	Ai4wrPQCzTivfbFiFAqUI6WsF3wege/AYb75yZkgTe669JuaNRy5dZiq+o1V4gMJxF90
	8+4w==
X-Gm-Message-State: 
 AOPr4FX48vJRojFNoJpFRNvEYL4qjsxYyosz5G3Hcf7kq4ge/Gf0qYaj86puh4bcJHjXZMRh
X-Received: by 10.28.194.69 with SMTP id s66mr38659292wmf.87.1463682123252;
	Thu, 19 May 2016 11:22:03 -0700 (PDT)
Received: from sven-desktop.home.narfation.org
	(p579E6DC9.dip0.t-ipconnect.de. [87.158.109.201])
	by smtp.gmail.com with ESMTPSA id
	cz3sm15686742wjb.14.2016.05.19.11.22.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 19 May 2016 11:22:02 -0700 (PDT)
From: Sven Eckelmann <sven.eckelmann@open-mesh.com>
To: openwrt-devel@lists.openwrt.org
Date: Thu, 19 May 2016 20:21:02 +0200
Message-Id: <1463682077-19339-19-git-send-email-sven.eckelmann@open-mesh.com>
X-Mailer: git-send-email 2.8.1
In-Reply-To: <1463682077-19339-1-git-send-email-sven.eckelmann@open-mesh.com>
References: <1463682077-19339-1-git-send-email-sven.eckelmann@open-mesh.com>
Subject: [OpenWrt-Devel] [PATCH CC 19/34] scripts/om-fwupgradecfg-gen.sh:
	Generate sha256sum for uboot verification
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Sven Eckelmann <sven.eckelmann@open-mesh.com>
MIME-Version: 1.0
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

Future Open Mesh u-boot versions are changing the check of the image files
(vmlinux, rootfs) from md5 to sha256. Having both in them should be enough
to ensure backward and forward compatibility.

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>

Backport of r49140
---
 scripts/om-fwupgradecfg-gen.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/om-fwupgradecfg-gen.sh b/scripts/om-fwupgradecfg-gen.sh
index fab1582..e208e6d 100644
--- a/scripts/om-fwupgradecfg-gen.sh
+++ b/scripts/om-fwupgradecfg-gen.sh
@@ -42,6 +42,7 @@ CHECK_BS=65536
 
 KERNEL_SIZE=$(stat -c%s "$KERNEL_PATH")
 KERNEL_MD5=$(md5=$(md5sum $KERNEL_PATH); echo ${md5%% *})
+KERNEL_SHA256=$(openssl dgst -sha256 $KERNEL_PATH | awk '{print $2}')
 KERNEL_PART_SIZE=$(size=$(($KERNEL_SIZE / $FLASH_BS)); [ $(($size * $FLASH_BS)) -lt $KERNEL_SIZE ] && size=$(($size + 1)); echo $(($size * $FLASH_BS / 1024)))
 
 ROOTFS_FLASH_ADDR=$(addr=$(($KERNEL_FLASH_ADDR + ($KERNEL_PART_SIZE * 1024))); printf "0x%x" $addr)
@@ -49,6 +50,7 @@ ROOTFS_SIZE=$(stat -c%s "$ROOTFS_PATH")
 ROOTFS_CHECK_BLOCKS=$((($ROOTFS_SIZE / $CHECK_BS) - $MD5_SKIP_BLOCKS))
 ROOTFS_MD5=$(md5=$(dd if=$ROOTFS_PATH bs=$CHECK_BS count=$ROOTFS_CHECK_BLOCKS 2>&- | md5sum); echo ${md5%% *})
 ROOTFS_MD5_FULL=$(md5=$(md5sum $ROOTFS_PATH); echo ${md5%% *})
+ROOTFS_SHA256_FULL=$(openssl dgst -sha256 $ROOTFS_PATH | awk '{print $2}')
 ROOTFS_CHECK_SIZE=$(printf '0x%x' $(($ROOTFS_CHECK_BLOCKS * $CHECK_BS)))
 ROOTFS_PART_SIZE=$(($MAX_PART_SIZE - $KERNEL_PART_SIZE))
 
@@ -57,6 +59,7 @@ cat << EOF > $CFG_OUT
 filename=kernel
 md5sum=$KERNEL_MD5
 filemd5sum=$KERNEL_MD5
+filesha256sum=$KERNEL_SHA256
 flashaddr=$KERNEL_FLASH_ADDR
 checksize=0x0
 cmd_success=setenv bootseq 1,2; setenv kernel_size_1 $KERNEL_PART_SIZE; saveenv
@@ -66,6 +69,7 @@ cmd_fail=reset
 filename=rootfs
 md5sum=$ROOTFS_MD5
 filemd5sum=$ROOTFS_MD5_FULL
+filesha256sum=$ROOTFS_SHA256_FULL
 flashaddr=$ROOTFS_FLASH_ADDR
 checksize=$ROOTFS_CHECK_SIZE
 cmd_success=setenv bootseq 1,2; setenv kernel_size_1 $KERNEL_PART_SIZE; setenv rootfs_size_1 $ROOTFS_PART_SIZE; saveenv