brillo_update_payload revision bf1266fec223275ff19ef9624651946be9b9112a
1#!/bin/bash 2 3# Copyright 2015 The Chromium OS Authors. All rights reserved. 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# Script to generate a Brillo update for use by the update engine. 8# 9# usage: brillo_update_payload COMMAND [ARGS] 10# The following commands are supported: 11# generate generate an unsigned payload 12# hash generate a payload or metadata hash 13# sign generate a signed payload 14# 15# Generate command arguments: 16# --payload generated unsigned payload output file 17# --source_image if defined, generate a delta payload from the specified 18# image to the target_image 19# --target_image the target image that should be sent to clients 20# --metadata_size_file if defined, generate a file containing the size of the payload 21# metadata in bytes to the specified file 22# 23# Hash command arguments: 24# --unsigned_payload the input unsigned payload to generate the hash from 25# --signature_size signature sizes in bytes in the following format: 26# "size1:size2[:...]" 27# --payload_hash_file if defined, generate a payload hash and output to the 28# specified file 29# --metadata_hash_file if defined, generate a metadata hash and output to the 30# specified file 31# 32# Sign command arguments: 33# --unsigned_payload the input unsigned payload to insert the signatures 34# --payload the output signed payload 35# --signature_size signature sizes in bytes in the following format: 36# "size1:size2[:...]" 37# --payload_signature_file the payload signature files in the following 38# format: 39# "payload_signature1:payload_signature2[:...]" 40# --metadata_signature_file the metadata signature files in the following 41# format: 42# "metadata_signature1:metadata_signature2[:...]" 43# --metadata_size_file if defined, generate a file containing the size of 44# the signed payload metadata in bytes to the 45# specified file 46# Note that the number of signature sizes and payload signatures have to match. 47 48die() { 49 echo "brillo_update_payload: error: $*" >&2 50 exit 1 51} 52 53# Loads shflags. We first look at the default install location; then look for 54# crosutils (chroot); finally check our own directory (au-generator zipfile). 55load_shflags() { 56 local my_dir="$(dirname "$(readlink -f "$0")")" 57 local path 58 for path in /usr/share/misc {/usr/lib/crosutils,"${my_dir}"}/lib/shflags; do 59 if [[ -r "${path}/shflags" ]]; then 60 . "${path}/shflags" || die "Could not load ${path}/shflags." 61 return 62 fi 63 done 64 die "Could not find shflags." 65} 66 67load_shflags 68 69HELP_GENERATE="generate: Generate an unsigned update payload." 70HELP_HASH="hash: Generate the hashes of the unsigned payload and metadata used \ 71for signing." 72HELP_SIGN="sign: Insert the signatures into the unsigned payload." 73 74usage() { 75 echo "Supported commands:" 76 echo 77 echo "${HELP_GENERATE}" 78 echo "${HELP_HASH}" 79 echo "${HELP_SIGN}" 80 echo 81 echo "Use: \"$0 <command> --help\" for more options." 82} 83 84# Check that a command is specified. 85if [[ $# -lt 1 ]]; then 86 echo "Please specify a command [generate|hash|sign]" 87 exit 1 88fi 89 90# Parse command. 91COMMAND="${1:-}" 92shift 93 94case "${COMMAND}" in 95 generate) 96 FLAGS_HELP="${HELP_GENERATE}" 97 ;; 98 99 hash) 100 FLAGS_HELP="${HELP_HASH}" 101 ;; 102 103 sign) 104 FLAGS_HELP="${HELP_SIGN}" 105 ;; 106 *) 107 echo "Unrecognized command: \"${COMMAND}\"" >&2 108 usage >&2 109 exit 1 110 ;; 111esac 112 113# Flags 114FLAGS_HELP="Usage: $0 ${COMMAND} [flags] 115${FLAGS_HELP}" 116 117if [[ "${COMMAND}" == "generate" ]]; then 118 DEFINE_string payload "" \ 119 "Path to output the generated unsigned payload file." 120 DEFINE_string target_image "" \ 121 "Path to the target image that should be sent to clients." 122 DEFINE_string source_image "" \ 123 "Optional: Path to a source image. If specified, this makes a delta update." 124 DEFINE_string metadata_size_file "" \ 125 "Optional: Path to output metadata size." 126fi 127if [[ "${COMMAND}" == "hash" || "${COMMAND}" == "sign" ]]; then 128 DEFINE_string unsigned_payload "" "Path to the input unsigned payload." 129 DEFINE_string signature_size "" \ 130 "Signature sizes in bytes in the following format: size1:size2[:...]" 131fi 132if [[ "${COMMAND}" == "hash" ]]; then 133 DEFINE_string metadata_hash_file "" \ 134 "Optional: Path to output metadata hash file." 135 DEFINE_string payload_hash_file "" \ 136 "Optional: Path to output payload hash file." 137fi 138if [[ "${COMMAND}" == "sign" ]]; then 139 DEFINE_string payload "" \ 140 "Path to output the generated unsigned payload file." 141 DEFINE_string metadata_signature_file "" \ 142 "The metatada signatures in the following format: \ 143metadata_signature1:metadata_signature2[:...]" 144 DEFINE_string payload_signature_file "" \ 145 "The payload signatures in the following format: \ 146payload_signature1:payload_signature2[:...]" 147 DEFINE_string metadata_size_file "" \ 148 "Optional: Path to output metadata size." 149fi 150DEFINE_string work_dir "/tmp" "Where to dump temporary files." 151 152# Parse command line flag arguments 153FLAGS "$@" || exit 1 154eval set -- "${FLAGS_ARGV}" 155set -e 156 157# Associative arrays from partition name to file in the source and target 158# images. The size of the updated area must be the size of the file. 159declare -A SRC_PARTITIONS 160declare -A DST_PARTITIONS 161 162# A list of temporary files to remove during cleanup. 163CLEANUP_FILES=() 164 165# Global options to force the version of the payload. 166FORCE_MAJOR_VERSION="" 167FORCE_MINOR_VERSION="" 168 169# read_option_int <file.txt> <option_key> [default_value] 170# 171# Reads the unsigned integer value associated with |option_key| in a key=value 172# file |file.txt|. Prints the read value if found and valid, otherwise prints 173# the |default_value|. 174read_option_uint() { 175 local file_txt="$1" 176 local option_key="$2" 177 local default_value="${3:-}" 178 local value 179 if value=$(look "${option_key}=" "${file_txt}" | tail -n 1); then 180 if value=$(echo "${value}" | cut -f 2- -d "=" | grep -E "^[0-9]+$"); then 181 echo "${value}" 182 return 183 fi 184 fi 185 echo "${default_value}" 186} 187 188# Create a temporary file in the work_dir with an optional pattern name. 189# Prints the name of the newly created file. 190create_tempfile() { 191 local pattern="${1:-tempfile.XXXXXX}" 192 mktemp --tmpdir="${FLAGS_work_dir}" "${pattern}" 193} 194 195cleanup() { 196 local err="" 197 rm -f "${CLEANUP_FILES[@]}" || err=1 198 199 # If we are cleaning up after an error, or if we got an error during 200 # cleanup (even if we eventually succeeded) return a non-zero exit 201 # code. This triggers additional logging in most environments that call 202 # this script. 203 if [[ -n "${err}" ]]; then 204 die "Cleanup encountered an error." 205 fi 206} 207 208cleanup_on_error() { 209 trap - INT TERM ERR EXIT 210 cleanup 211 die "Cleanup success after an error." 212} 213 214cleanup_on_exit() { 215 trap - INT TERM ERR EXIT 216 cleanup 217} 218 219trap cleanup_on_error INT TERM ERR 220trap cleanup_on_exit EXIT 221 222 223# extract_image <image> <partitions_array> 224# 225# Detect the format of the |image| file and extract its updatable partitions 226# into new temporary files. Add the list of partition names and its files to the 227# associative array passed in |partitions_array|. 228extract_image() { 229 local image="$1" 230 231 # Brillo images are zip files. We detect the 4-byte magic header of the zip 232 # file. 233 local magic=$(head --bytes=4 "${image}" | hexdump -e '1/1 "%.2x"') 234 if [[ "${magic}" == "504b0304" ]]; then 235 echo "Detected .zip file, extracting Brillo image." 236 extract_image_brillo "$@" 237 return 238 fi 239 240 # Chrome OS images are GPT partitioned disks. We should have the cgpt binary 241 # bundled here and we will use it to extract the partitions, so the GPT 242 # headers must be valid. 243 if cgpt show -q -n "${image}" >/dev/null; then 244 echo "Detected GPT image, extracting Chrome OS image." 245 extract_image_cros "$@" 246 return 247 fi 248 249 die "Couldn't detect the image format of ${image}" 250} 251 252# extract_image_cros <image.bin> <partitions_array> 253# 254# Extract Chromium OS recovery images into new temporary files. 255extract_image_cros() { 256 local image="$1" 257 local partitions_array="$2" 258 259 local kernel root 260 kernel=$(create_tempfile "kernel.bin.XXXXXX") 261 CLEANUP_FILES+=("${kernel}") 262 root=$(create_tempfile "root.bin.XXXXXX") 263 CLEANUP_FILES+=("${root}") 264 265 cros_generate_update_payload --extract \ 266 --image "${image}" \ 267 --kern_path "${kernel}" --root_path "${root}" \ 268 --work_dir "${FLAGS_work_dir}" --outside_chroot 269 270 # When generating legacy Chrome OS images, we need to use "boot" and "system" 271 # for the partition names to be compatible with updating Brillo devices with 272 # Chrome OS images. 273 eval ${partitions_array}[boot]=\""${kernel}"\" 274 eval ${partitions_array}[system]=\""${root}"\" 275 276 local part varname 277 for part in boot system; do 278 varname="${partitions_array}[${part}]" 279 printf "md5sum of %s: " "${varname}" 280 md5sum "${!varname}" 281 done 282} 283 284# extract_image_brillo <target_files.zip> <partitions_array> 285# 286# Extract the A/B updated partitions from a Brillo target_files zip file into 287# new temporary files. 288extract_image_brillo() { 289 local image="$1" 290 local partitions_array="$2" 291 292 # TODO(deymo): Read the list of partitions from the metadata. We should 293 # sanitize the list of partition names to be in [a-zA-Z0-9-]+. 294 local partitions=( "boot" "system" ) 295 296 if [[ "${partitions_array}" == "SRC_PARTITIONS" ]]; then 297 ue_config=$(create_tempfile "ue_config.XXXXXX") 298 CLEANUP_FILES+=("${ue_config}") 299 if ! unzip -p "${image}" "META/update_engine_config.txt" \ 300 >"${ue_config}"; then 301 warn "No update_engine_config.txt found. Assuming pre-release image, \ 302using payload minor version 2" 303 fi 304 FORCE_MINOR_VERSION=$(read_option_uint "${ue_config}" \ 305 "PAYLOAD_MINOR_VERSION" 2) 306 fi 307 308 local part part_file temp_raw filesize 309 for part in "${partitions[@]}"; do 310 part_file=$(create_tempfile "${part}.img.XXXXXX") 311 CLEANUP_FILES+=("${part_file}") 312 unzip -p "${image}" "IMAGES/${part}.img" >"${part_file}" 313 314 # If the partition is stored as an Android sparse image file, we need to 315 # convert them to a raw image for the update. 316 local magic=$(head --bytes=4 "${part_file}" | hexdump -e '1/1 "%.2x"') 317 if [[ "${magic}" == "3aff26ed" ]]; then 318 temp_raw=$(create_tempfile "${part}.raw.XXXXXX") 319 CLEANUP_FILES+=("${temp_raw}") 320 echo "Converting Android sparse image ${part}.img to RAW." 321 simg2img "${part_file}" "${temp_raw}" 322 # At this point, we can drop the contents of the old part_file file, but 323 # we can't delete the file because it will be deleted in cleanup. 324 true >"${part_file}" 325 part_file="${temp_raw}" 326 fi 327 328 # delta_generator only supports images multiple of 4 KiB, so we pad with 329 # zeros if needed. 330 filesize=$(stat -c%s "${part_file}") 331 if [[ $(( filesize % 4096 )) -ne 0 ]]; then 332 echo "Rounding up partition ${part}.img to multiple of 4 KiB." 333 : $(( filesize = (filesize + 4095) & -4096 )) 334 truncate --size="${filesize}" "${part_file}" 335 fi 336 337 eval "${partitions_array}[\"${part}\"]=\"${part_file}\"" 338 echo "Extracted ${partitions_array}[${part}]: ${filesize} bytes" 339 done 340} 341 342validate_generate() { 343 [[ -n "${FLAGS_payload}" ]] || 344 die "Error: you must specify an output filename with --payload FILENAME" 345 346 [[ -n "${FLAGS_target_image}" ]] || 347 die "Error: you must specify a target image with --target_image FILENAME" 348} 349 350cmd_generate() { 351 local payload_type="delta" 352 if [[ -z "${FLAGS_source_image}" ]]; then 353 payload_type="full" 354 fi 355 356 echo "Extracting images for ${payload_type} update." 357 358 extract_image "${FLAGS_target_image}" DST_PARTITIONS 359 if [[ "${payload_type}" == "delta" ]]; then 360 extract_image "${FLAGS_source_image}" SRC_PARTITIONS 361 fi 362 363 echo "Generating ${payload_type} update." 364 GENERATOR_ARGS=( 365 # Common payload args: 366 -out_file="${FLAGS_payload}" 367 # Target image args: 368 # TODO(deymo): Pass the list of partitions to the generator. 369 -new_image="${DST_PARTITIONS[system]}" 370 -new_kernel="${DST_PARTITIONS[boot]}" 371 ) 372 373 if [[ "${payload_type}" == "delta" ]]; then 374 GENERATOR_ARGS+=( 375 # Source image args: 376 -old_image="${SRC_PARTITIONS[system]}" 377 -old_kernel="${SRC_PARTITIONS[boot]}" 378 ) 379 if [[ -n "${FORCE_MINOR_VERSION}" ]]; then 380 GENERATOR_ARGS+=( --minor_version="${FORCE_MINOR_VERSION}" ) 381 fi 382 fi 383 384 if [[ -n "${FORCE_MAJOR_VERSION}" ]]; then 385 GENERATOR_ARGS+=( --major_version="${FORCE_MAJOR_VERSION}" ) 386 fi 387 388 if [[ -n "${FLAGS_metadata_size_file}" ]]; then 389 GENERATOR_ARGS+=( --out_metadata_size_file="${FLAGS_metadata_size_file}" ) 390 fi 391 392 echo "Running delta_generator with args: ${GENERATOR_ARGS[@]}" 393 "${GENERATOR}" "${GENERATOR_ARGS[@]}" 394 395 echo "Done generating ${payload_type} update." 396} 397 398validate_hash() { 399 [[ -n "${FLAGS_signature_size}" ]] || 400 die "Error: you must specify signature size with --signature_size SIZES" 401 402 [[ -n "${FLAGS_unsigned_payload}" ]] || 403 die "Error: you must specify the input unsigned payload with \ 404--unsigned_payload FILENAME" 405 406 [[ -n "${FLAGS_payload_hash_file}" ]] || 407 die "Error: you must specify --payload_hash_file FILENAME" 408} 409 410cmd_hash() { 411 "${GENERATOR}" \ 412 -in_file="${FLAGS_unsigned_payload}" \ 413 -signature_size="${FLAGS_signature_size}" \ 414 -out_hash_file="${FLAGS_payload_hash_file}" \ 415 -out_metadata_hash_file="${FLAGS_metadata_hash_file}" 416 417 echo "Done generating hash." 418} 419 420validate_sign() { 421 [[ -n "${FLAGS_signature_size}" ]] || 422 die "Error: you must specify signature size with --signature_size SIZES" 423 424 [[ -n "${FLAGS_unsigned_payload}" ]] || 425 die "Error: you must specify the input unsigned payload with \ 426--unsigned_payload FILENAME" 427 428 [[ -n "${FLAGS_payload}" ]] || 429 die "Error: you must specify the output signed payload with \ 430--payload FILENAME" 431 432 [[ -n "${FLAGS_payload_signature_file}" ]] || 433 die "Error: you must specify the payload signature file with \ 434--payload_signature_file SIGNATURES" 435 436 [[ -n "${FLAGS_metadata_signature_file}" ]] || 437 die "Error: you must specify the metadata signature file with \ 438--metadata_signature_file SIGNATURES" 439} 440 441cmd_sign() { 442 GENERATOR_ARGS=( 443 -in_file="${FLAGS_unsigned_payload}" 444 -signature_size="${FLAGS_signature_size}" 445 -signature_file="${FLAGS_payload_signature_file}" 446 -metadata_signature_file="${FLAGS_metadata_signature_file}" 447 -out_file="${FLAGS_payload}" 448 ) 449 450 if [[ -n "${FLAGS_metadata_size_file}" ]]; then 451 GENERATOR_ARGS+=( --out_metadata_size_file="${FLAGS_metadata_size_file}" ) 452 fi 453 454 "${GENERATOR}" "${GENERATOR_ARGS[@]}" 455 echo "Done signing payload." 456} 457 458# TODO: Extract the input zip files once the format is finalized 459 460# Sanity check that the real generator exists: 461GENERATOR="$(which delta_generator)" 462[[ -x "${GENERATOR}" ]] || die "can't find delta_generator" 463 464case "$COMMAND" in 465 generate) validate_generate 466 cmd_generate 467 ;; 468 hash) validate_hash 469 cmd_hash 470 ;; 471 sign) validate_sign 472 cmd_sign 473 ;; 474esac 475