brillo_update_payload revision 135197526b9c0f5a9acac57a05129339f311bbca
1#!/bin/bash 2 3# Copyright 2015 The Chromium OS Authors. All rights reserved. 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# Script to generate a Brillo update for use by the update engine. 8# 9# usage: brillo_update_payload COMMAND [ARGS] 10# The following commands are supported: 11# generate generate an unsigned payload 12# hash generate a payload or metadata hash 13# sign generate a signed payload 14# properties generate a properties file from a payload 15# 16# Generate command arguments: 17# --payload generated unsigned payload output file 18# --source_image if defined, generate a delta payload from the specified 19# image to the target_image 20# --target_image the target image that should be sent to clients 21# --metadata_size_file if defined, generate a file containing the size of the payload 22# metadata in bytes to the specified file 23# 24# Hash command arguments: 25# --unsigned_payload the input unsigned payload to generate the hash from 26# --signature_size signature sizes in bytes in the following format: 27# "size1:size2[:...]" 28# --payload_hash_file if defined, generate a payload hash and output to the 29# specified file 30# --metadata_hash_file if defined, generate a metadata hash and output to the 31# specified file 32# 33# Sign command arguments: 34# --unsigned_payload the input unsigned payload to insert the signatures 35# --payload the output signed payload 36# --signature_size signature sizes in bytes in the following format: 37# "size1:size2[:...]" 38# --payload_signature_file the payload signature files in the following 39# format: 40# "payload_signature1:payload_signature2[:...]" 41# --metadata_signature_file the metadata signature files in the following 42# format: 43# "metadata_signature1:metadata_signature2[:...]" 44# --metadata_size_file if defined, generate a file containing the size of 45# the signed payload metadata in bytes to the 46# specified file 47# Note that the number of signature sizes and payload signatures have to match. 48# 49# Properties command arguments: 50# --payload the input signed or unsigned payload 51# --properties_file the output path where to write the properties, or 52# '-' for stdout. 53 54 55# Exit codes: 56EX_UNSUPPORTED_DELTA=100 57 58warn() { 59 echo "brillo_update_payload: warning: $*" >&2 60} 61 62die() { 63 echo "brillo_update_payload: error: $*" >&2 64 exit 1 65} 66 67# Loads shflags. We first look at the default install location; then look for 68# crosutils (chroot); finally check our own directory (au-generator zipfile). 69load_shflags() { 70 local my_dir="$(dirname "$(readlink -f "$0")")" 71 local path 72 for path in /usr/share/misc {/usr/lib/crosutils,"${my_dir}"}/lib/shflags; do 73 if [[ -r "${path}/shflags" ]]; then 74 . "${path}/shflags" || die "Could not load ${path}/shflags." 75 return 76 fi 77 done 78 die "Could not find shflags." 79} 80 81load_shflags 82 83HELP_GENERATE="generate: Generate an unsigned update payload." 84HELP_HASH="hash: Generate the hashes of the unsigned payload and metadata used \ 85for signing." 86HELP_SIGN="sign: Insert the signatures into the unsigned payload." 87HELP_PROPERTIES="properties: Extract payload properties to a file." 88 89usage() { 90 echo "Supported commands:" 91 echo 92 echo "${HELP_GENERATE}" 93 echo "${HELP_HASH}" 94 echo "${HELP_SIGN}" 95 echo "${HELP_PROPERTIES}" 96 echo 97 echo "Use: \"$0 <command> --help\" for more options." 98} 99 100# Check that a command is specified. 101if [[ $# -lt 1 ]]; then 102 echo "Please specify a command [generate|hash|sign|properties]" 103 exit 1 104fi 105 106# Parse command. 107COMMAND="${1:-}" 108shift 109 110case "${COMMAND}" in 111 generate) 112 FLAGS_HELP="${HELP_GENERATE}" 113 ;; 114 115 hash) 116 FLAGS_HELP="${HELP_HASH}" 117 ;; 118 119 sign) 120 FLAGS_HELP="${HELP_SIGN}" 121 ;; 122 123 properties) 124 FLAGS_HELP="${HELP_PROPERTIES}" 125 ;; 126 *) 127 echo "Unrecognized command: \"${COMMAND}\"" >&2 128 usage >&2 129 exit 1 130 ;; 131esac 132 133# Flags 134FLAGS_HELP="Usage: $0 ${COMMAND} [flags] 135${FLAGS_HELP}" 136 137if [[ "${COMMAND}" == "generate" ]]; then 138 DEFINE_string payload "" \ 139 "Path to output the generated unsigned payload file." 140 DEFINE_string target_image "" \ 141 "Path to the target image that should be sent to clients." 142 DEFINE_string source_image "" \ 143 "Optional: Path to a source image. If specified, this makes a delta update." 144 DEFINE_string metadata_size_file "" \ 145 "Optional: Path to output metadata size." 146fi 147if [[ "${COMMAND}" == "hash" || "${COMMAND}" == "sign" ]]; then 148 DEFINE_string unsigned_payload "" "Path to the input unsigned payload." 149 DEFINE_string signature_size "" \ 150 "Signature sizes in bytes in the following format: size1:size2[:...]" 151fi 152if [[ "${COMMAND}" == "hash" ]]; then 153 DEFINE_string metadata_hash_file "" \ 154 "Optional: Path to output metadata hash file." 155 DEFINE_string payload_hash_file "" \ 156 "Optional: Path to output payload hash file." 157fi 158if [[ "${COMMAND}" == "sign" ]]; then 159 DEFINE_string payload "" \ 160 "Path to output the generated unsigned payload file." 161 DEFINE_string metadata_signature_file "" \ 162 "The metatada signatures in the following format: \ 163metadata_signature1:metadata_signature2[:...]" 164 DEFINE_string payload_signature_file "" \ 165 "The payload signatures in the following format: \ 166payload_signature1:payload_signature2[:...]" 167 DEFINE_string metadata_size_file "" \ 168 "Optional: Path to output metadata size." 169fi 170if [[ "${COMMAND}" == "properties" ]]; then 171 DEFINE_string payload "" \ 172 "Path to the input signed or unsigned payload file." 173 DEFINE_string properties_file "-" \ 174 "Path to output the extracted property files. If '-' is passed stdout will \ 175be used." 176fi 177 178DEFINE_string work_dir "/tmp" "Where to dump temporary files." 179 180# Parse command line flag arguments 181FLAGS "$@" || exit 1 182eval set -- "${FLAGS_ARGV}" 183set -e 184 185# Associative arrays from partition name to file in the source and target 186# images. The size of the updated area must be the size of the file. 187declare -A SRC_PARTITIONS 188declare -A DST_PARTITIONS 189 190# List of partition names in order. 191declare -a PARTITIONS_ORDER 192 193# A list of temporary files to remove during cleanup. 194CLEANUP_FILES=() 195 196# Global options to force the version of the payload. 197FORCE_MAJOR_VERSION="" 198FORCE_MINOR_VERSION="" 199 200# Path to the postinstall config file in target image if exists. 201POSTINSTALL_CONFIG_FILE="" 202 203# The fingerprint of zlib in the source image. 204ZLIB_FINGERPRINT="" 205 206# read_option_int <file.txt> <option_key> [default_value] 207# 208# Reads the unsigned integer value associated with |option_key| in a key=value 209# file |file.txt|. Prints the read value if found and valid, otherwise prints 210# the |default_value|. 211read_option_uint() { 212 local file_txt="$1" 213 local option_key="$2" 214 local default_value="${3:-}" 215 local value 216 if value=$(look "${option_key}=" "${file_txt}" | tail -n 1); then 217 if value=$(echo "${value}" | cut -f 2- -d "=" | grep -E "^[0-9]+$"); then 218 echo "${value}" 219 return 220 fi 221 fi 222 echo "${default_value}" 223} 224 225# truncate_file <file_path> <file_size> 226# 227# Truncate the given |file_path| to |file_size| using perl. 228# The truncate binary might not be available. 229truncate_file() { 230 local file_path="$1" 231 local file_size="$2" 232 perl -e "open(FILE, \"+<\", \$ARGV[0]); \ 233 truncate(FILE, ${file_size}); \ 234 close(FILE);" "${file_path}" 235} 236 237# Create a temporary file in the work_dir with an optional pattern name. 238# Prints the name of the newly created file. 239create_tempfile() { 240 local pattern="${1:-tempfile.XXXXXX}" 241 mktemp --tmpdir="${FLAGS_work_dir}" "${pattern}" 242} 243 244cleanup() { 245 local err="" 246 rm -f "${CLEANUP_FILES[@]}" || err=1 247 248 # If we are cleaning up after an error, or if we got an error during 249 # cleanup (even if we eventually succeeded) return a non-zero exit 250 # code. This triggers additional logging in most environments that call 251 # this script. 252 if [[ -n "${err}" ]]; then 253 die "Cleanup encountered an error." 254 fi 255} 256 257cleanup_on_error() { 258 trap - INT TERM ERR EXIT 259 cleanup 260 die "Cleanup success after an error." 261} 262 263cleanup_on_exit() { 264 trap - INT TERM ERR EXIT 265 cleanup 266} 267 268trap cleanup_on_error INT TERM ERR 269trap cleanup_on_exit EXIT 270 271 272# extract_image <image> <partitions_array> [partitions_order] 273# 274# Detect the format of the |image| file and extract its updatable partitions 275# into new temporary files. Add the list of partition names and its files to the 276# associative array passed in |partitions_array|. If |partitions_order| is 277# passed, set it to list of partition names in order. 278extract_image() { 279 local image="$1" 280 281 # Brillo images are zip files. We detect the 4-byte magic header of the zip 282 # file. 283 local magic=$(head --bytes=4 "${image}" | hexdump -e '1/1 "%.2x"') 284 if [[ "${magic}" == "504b0304" ]]; then 285 echo "Detected .zip file, extracting Brillo image." 286 extract_image_brillo "$@" 287 return 288 fi 289 290 # Chrome OS images are GPT partitioned disks. We should have the cgpt binary 291 # bundled here and we will use it to extract the partitions, so the GPT 292 # headers must be valid. 293 if cgpt show -q -n "${image}" >/dev/null; then 294 echo "Detected GPT image, extracting Chrome OS image." 295 extract_image_cros "$@" 296 return 297 fi 298 299 die "Couldn't detect the image format of ${image}" 300} 301 302# extract_image_cros <image.bin> <partitions_array> [partitions_order] 303# 304# Extract Chromium OS recovery images into new temporary files. 305extract_image_cros() { 306 local image="$1" 307 local partitions_array="$2" 308 local partitions_order="${3:-}" 309 310 local kernel root 311 kernel=$(create_tempfile "kernel.bin.XXXXXX") 312 CLEANUP_FILES+=("${kernel}") 313 root=$(create_tempfile "root.bin.XXXXXX") 314 CLEANUP_FILES+=("${root}") 315 316 cros_generate_update_payload --extract \ 317 --image "${image}" \ 318 --kern_path "${kernel}" --root_path "${root}" \ 319 --work_dir "${FLAGS_work_dir}" --outside_chroot 320 321 # Chrome OS uses major_version 1 payloads for all versions, even if the 322 # updater supports a newer major version. 323 FORCE_MAJOR_VERSION="1" 324 325 if [[ "${partitions_array}" == "SRC_PARTITIONS" ]]; then 326 # Copy from zlib_fingerprint in source image to stdout. 327 ZLIB_FINGERPRINT=$(e2cp "${root}":/etc/zlib_fingerprint -) 328 fi 329 330 # When generating legacy Chrome OS images, we need to use "boot" and "system" 331 # for the partition names to be compatible with updating Brillo devices with 332 # Chrome OS images. 333 eval ${partitions_array}[boot]=\""${kernel}"\" 334 eval ${partitions_array}[system]=\""${root}"\" 335 336 if [[ -n "${partitions_order}" ]]; then 337 eval "${partitions_order}=( \"system\" \"boot\" )" 338 fi 339 340 local part varname 341 for part in boot system; do 342 varname="${partitions_array}[${part}]" 343 printf "md5sum of %s: " "${varname}" 344 md5sum "${!varname}" 345 done 346} 347 348# extract_image_brillo <target_files.zip> <partitions_array> [partitions_order] 349# 350# Extract the A/B updated partitions from a Brillo target_files zip file into 351# new temporary files. 352extract_image_brillo() { 353 local image="$1" 354 local partitions_array="$2" 355 local partitions_order="${3:-}" 356 357 local partitions=( "boot" "system" ) 358 local ab_partitions_list 359 ab_partitions_list=$(create_tempfile "ab_partitions_list.XXXXXX") 360 CLEANUP_FILES+=("${ab_partitions_list}") 361 if unzip -p "${image}" "META/ab_partitions.txt" >"${ab_partitions_list}"; then 362 if grep -v -E '^[a-zA-Z0-9_-]*$' "${ab_partitions_list}" >&2; then 363 die "Invalid partition names found in the partition list." 364 fi 365 partitions=($(cat "${ab_partitions_list}")) 366 if [[ ${#partitions[@]} -eq 0 ]]; then 367 die "The list of partitions is empty. Can't generate a payload." 368 fi 369 else 370 warn "No ab_partitions.txt found. Using default." 371 fi 372 echo "List of A/B partitions: ${partitions[@]}" 373 374 if [[ -n "${partitions_order}" ]]; then 375 eval "${partitions_order}=(${partitions[@]})" 376 fi 377 378 # All Brillo updaters support major version 2. 379 FORCE_MAJOR_VERSION="2" 380 381 if [[ "${partitions_array}" == "SRC_PARTITIONS" ]]; then 382 # Source image 383 local ue_config=$(create_tempfile "ue_config.XXXXXX") 384 CLEANUP_FILES+=("${ue_config}") 385 if ! unzip -p "${image}" "META/update_engine_config.txt" \ 386 >"${ue_config}"; then 387 warn "No update_engine_config.txt found. Assuming pre-release image, \ 388using payload minor version 2" 389 fi 390 # For delta payloads, we use the major and minor version supported by the 391 # old updater. 392 FORCE_MINOR_VERSION=$(read_option_uint "${ue_config}" \ 393 "PAYLOAD_MINOR_VERSION" 2) 394 FORCE_MAJOR_VERSION=$(read_option_uint "${ue_config}" \ 395 "PAYLOAD_MAJOR_VERSION" 2) 396 397 # Brillo support for deltas started with minor version 3. 398 if [[ "${FORCE_MINOR_VERSION}" -le 2 ]]; then 399 warn "No delta support from minor version ${FORCE_MINOR_VERSION}. \ 400Disabling deltas for this source version." 401 exit ${EX_UNSUPPORTED_DELTA} 402 fi 403 404 if [[ "${FORCE_MINOR_VERSION}" -ge 4 ]]; then 405 ZLIB_FINGERPRINT=$(unzip -p "${image}" "META/zlib_fingerprint.txt") 406 fi 407 else 408 # Target image 409 local postinstall_config=$(create_tempfile "postinstall_config.XXXXXX") 410 CLEANUP_FILES+=("${postinstall_config}") 411 if unzip -p "${image}" "META/postinstall_config.txt" \ 412 >"${postinstall_config}"; then 413 POSTINSTALL_CONFIG_FILE="${postinstall_config}" 414 fi 415 fi 416 417 local part part_file temp_raw filesize 418 for part in "${partitions[@]}"; do 419 part_file=$(create_tempfile "${part}.img.XXXXXX") 420 CLEANUP_FILES+=("${part_file}") 421 unzip -p "${image}" "IMAGES/${part}.img" >"${part_file}" 422 423 # If the partition is stored as an Android sparse image file, we need to 424 # convert them to a raw image for the update. 425 local magic=$(head --bytes=4 "${part_file}" | hexdump -e '1/1 "%.2x"') 426 if [[ "${magic}" == "3aff26ed" ]]; then 427 temp_raw=$(create_tempfile "${part}.raw.XXXXXX") 428 CLEANUP_FILES+=("${temp_raw}") 429 echo "Converting Android sparse image ${part}.img to RAW." 430 simg2img "${part_file}" "${temp_raw}" 431 # At this point, we can drop the contents of the old part_file file, but 432 # we can't delete the file because it will be deleted in cleanup. 433 true >"${part_file}" 434 part_file="${temp_raw}" 435 fi 436 437 # delta_generator only supports images multiple of 4 KiB. For target images 438 # we pad the data with zeros if needed, but for source images we truncate 439 # down the data since the last block of the old image could be padded on 440 # disk with unknown data. 441 filesize=$(stat -c%s "${part_file}") 442 if [[ $(( filesize % 4096 )) -ne 0 ]]; then 443 if [[ "${partitions_array}" == "SRC_PARTITIONS" ]]; then 444 echo "Rounding DOWN partition ${part}.img to a multiple of 4 KiB." 445 : $(( filesize = filesize & -4096 )) 446 else 447 echo "Rounding UP partition ${part}.img to a multiple of 4 KiB." 448 : $(( filesize = (filesize + 4095) & -4096 )) 449 fi 450 truncate_file "${part_file}" "${filesize}" 451 fi 452 453 eval "${partitions_array}[\"${part}\"]=\"${part_file}\"" 454 echo "Extracted ${partitions_array}[${part}]: ${filesize} bytes" 455 done 456} 457 458validate_generate() { 459 [[ -n "${FLAGS_payload}" ]] || 460 die "You must specify an output filename with --payload FILENAME" 461 462 [[ -n "${FLAGS_target_image}" ]] || 463 die "You must specify a target image with --target_image FILENAME" 464} 465 466cmd_generate() { 467 local payload_type="delta" 468 if [[ -z "${FLAGS_source_image}" ]]; then 469 payload_type="full" 470 fi 471 472 echo "Extracting images for ${payload_type} update." 473 474 extract_image "${FLAGS_target_image}" DST_PARTITIONS PARTITIONS_ORDER 475 if [[ "${payload_type}" == "delta" ]]; then 476 extract_image "${FLAGS_source_image}" SRC_PARTITIONS 477 fi 478 479 echo "Generating ${payload_type} update." 480 # Common payload args: 481 GENERATOR_ARGS=( -out_file="${FLAGS_payload}" ) 482 483 local part old_partitions="" new_partitions="" partition_names="" 484 for part in "${PARTITIONS_ORDER[@]}"; do 485 if [[ -n "${partition_names}" ]]; then 486 partition_names+=":" 487 new_partitions+=":" 488 old_partitions+=":" 489 fi 490 partition_names+="${part}" 491 new_partitions+="${DST_PARTITIONS[${part}]}" 492 old_partitions+="${SRC_PARTITIONS[${part}]:-}" 493 done 494 495 # Target image args: 496 GENERATOR_ARGS+=( 497 -partition_names="${partition_names}" 498 -new_partitions="${new_partitions}" 499 ) 500 501 if [[ "${payload_type}" == "delta" ]]; then 502 # Source image args: 503 GENERATOR_ARGS+=( 504 -old_partitions="${old_partitions}" 505 ) 506 if [[ -n "${FORCE_MINOR_VERSION}" ]]; then 507 GENERATOR_ARGS+=( --minor_version="${FORCE_MINOR_VERSION}" ) 508 fi 509 if [[ -n "${ZLIB_FINGERPRINT}" ]]; then 510 GENERATOR_ARGS+=( --zlib_fingerprint="${ZLIB_FINGERPRINT}" ) 511 fi 512 fi 513 514 if [[ -n "${FORCE_MAJOR_VERSION}" ]]; then 515 GENERATOR_ARGS+=( --major_version="${FORCE_MAJOR_VERSION}" ) 516 fi 517 518 if [[ -n "${FLAGS_metadata_size_file}" ]]; then 519 GENERATOR_ARGS+=( --out_metadata_size_file="${FLAGS_metadata_size_file}" ) 520 fi 521 522 if [[ -n "${POSTINSTALL_CONFIG_FILE}" ]]; then 523 GENERATOR_ARGS+=( 524 --new_postinstall_config_file="${POSTINSTALL_CONFIG_FILE}" 525 ) 526 fi 527 528 echo "Running delta_generator with args: ${GENERATOR_ARGS[@]}" 529 "${GENERATOR}" "${GENERATOR_ARGS[@]}" 530 531 echo "Done generating ${payload_type} update." 532} 533 534validate_hash() { 535 [[ -n "${FLAGS_signature_size}" ]] || 536 die "You must specify signature size with --signature_size SIZES" 537 538 [[ -n "${FLAGS_unsigned_payload}" ]] || 539 die "You must specify the input unsigned payload with \ 540--unsigned_payload FILENAME" 541 542 [[ -n "${FLAGS_payload_hash_file}" ]] || 543 die "You must specify --payload_hash_file FILENAME" 544 545 [[ -n "${FLAGS_metadata_hash_file}" ]] || 546 die "You must specify --metadata_hash_file FILENAME" 547} 548 549cmd_hash() { 550 "${GENERATOR}" \ 551 -in_file="${FLAGS_unsigned_payload}" \ 552 -signature_size="${FLAGS_signature_size}" \ 553 -out_hash_file="${FLAGS_payload_hash_file}" \ 554 -out_metadata_hash_file="${FLAGS_metadata_hash_file}" 555 556 echo "Done generating hash." 557} 558 559validate_sign() { 560 [[ -n "${FLAGS_signature_size}" ]] || 561 die "You must specify signature size with --signature_size SIZES" 562 563 [[ -n "${FLAGS_unsigned_payload}" ]] || 564 die "You must specify the input unsigned payload with \ 565--unsigned_payload FILENAME" 566 567 [[ -n "${FLAGS_payload}" ]] || 568 die "You must specify the output signed payload with --payload FILENAME" 569 570 [[ -n "${FLAGS_payload_signature_file}" ]] || 571 die "You must specify the payload signature file with \ 572--payload_signature_file SIGNATURES" 573 574 [[ -n "${FLAGS_metadata_signature_file}" ]] || 575 die "You must specify the metadata signature file with \ 576--metadata_signature_file SIGNATURES" 577} 578 579cmd_sign() { 580 GENERATOR_ARGS=( 581 -in_file="${FLAGS_unsigned_payload}" 582 -signature_size="${FLAGS_signature_size}" 583 -signature_file="${FLAGS_payload_signature_file}" 584 -metadata_signature_file="${FLAGS_metadata_signature_file}" 585 -out_file="${FLAGS_payload}" 586 ) 587 588 if [[ -n "${FLAGS_metadata_size_file}" ]]; then 589 GENERATOR_ARGS+=( --out_metadata_size_file="${FLAGS_metadata_size_file}" ) 590 fi 591 592 "${GENERATOR}" "${GENERATOR_ARGS[@]}" 593 echo "Done signing payload." 594} 595 596validate_properties() { 597 [[ -n "${FLAGS_payload}" ]] || 598 die "You must specify the payload file with --payload FILENAME" 599 600 [[ -n "${FLAGS_properties_file}" ]] || 601 die "You must specify a non empty --properties_file FILENAME" 602} 603 604cmd_properties() { 605 "${GENERATOR}" \ 606 -in_file="${FLAGS_payload}" \ 607 -properties_file="${FLAGS_properties_file}" 608} 609 610# Sanity check that the real generator exists: 611GENERATOR="$(which delta_generator || true)" 612[[ -x "${GENERATOR}" ]] || die "can't find delta_generator" 613 614case "$COMMAND" in 615 generate) validate_generate 616 cmd_generate 617 ;; 618 hash) validate_hash 619 cmd_hash 620 ;; 621 sign) validate_sign 622 cmd_sign 623 ;; 624 properties) validate_properties 625 cmd_properties 626 ;; 627esac 628