Resneptacle/openwrt-cghmn-mt300n
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

base-files: add support for creating a provisioning partition on sysupgrade

Browse Source 
This partition can be used to store sensitive config items (e.g. keys/certificates)
across factory resets.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2025-03-13 13:33:54 +01:00
parent 1be7036f69
commit 5f0f8d23a1
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
package/base-files/files/lib/upgrade/nand.sh
View File

@ -217,6 +217,16 @@ nand_upgrade_prepare_ubi() {
[ "$root_ubivol" ] && ubirmvol /dev/$root_ubidev -N "$CI_ROOTPART" || : [ "$root_ubivol" ] && ubirmvol /dev/$root_ubidev -N "$CI_ROOTPART" || :
[ "$data_ubivol" ] && ubirmvol /dev/$root_ubidev -N rootfs_data || : [ "$data_ubivol" ] && ubirmvol /dev/$root_ubidev -N rootfs_data || :
# create provisioning vol
if [ "${UPGRADE_OPT_ADD_PROVISIONING:-0}" -gt 0 ]; then
[ -n "$(nand_find_volume $root_ubidev provisioning)" ] || {
if ! ubimkvol /dev/$root_ubidev -N provisioning -s 131072; then
echo "cannot create provisioning volume"
return 1
fi
}
fi
# create kernel vol # create kernel vol
if [ -n "$kernel_length" ]; then if [ -n "$kernel_length" ]; then
if ! ubimkvol /dev/$kern_ubidev -N "$CI_KERNPART" -s $kernel_length; then if ! ubimkvol /dev/$kern_ubidev -N "$CI_KERNPART" -s $kernel_length; then

7
package/base-files/files/sbin/sysupgrade
View File

@ -11,6 +11,7 @@ INSTALLED_PACKAGES=${ETCBACKUP_DIR}/installed_packages.txt
COMMAND=/lib/upgrade/do_stage2 COMMAND=/lib/upgrade/do_stage2
# File-local globals # File-local globals
ADD_PROVISIONING=0
SAVE_OVERLAY=0 SAVE_OVERLAY=0
SAVE_OVERLAY_PATH= SAVE_OVERLAY_PATH=
SAVE_PARTITIONS=1 SAVE_PARTITIONS=1
@ -45,6 +46,7 @@ while [ -n "$1" ]; do
-c) SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/etc;; -c) SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/etc;;
-o) SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/;; -o) SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/;;
-p) SAVE_PARTITIONS=0;; -p) SAVE_PARTITIONS=0;;
-P) ADD_PROVISIONING=1;;
-k) SAVE_INSTALLED_PKGS=1;; -k) SAVE_INSTALLED_PKGS=1;;
-u) SKIP_UNCHANGED=1;; -u) SKIP_UNCHANGED=1;;
-b|--create-backup) CONF_BACKUP="$2" NEED_IMAGE=1; shift;; -b|--create-backup) CONF_BACKUP="$2" NEED_IMAGE=1; shift;;
@ -68,7 +70,7 @@ done
print_help() { print_help() {
cat <<EOF cat <<EOF
Usage: $0 [<upgrade-option>...] <image file or URL> Usage: $0 [<upgrade-option>...] <image file or URL>
$0 [-q] [-i] [-c] [-u] [-o] [-k] <backup-command> <file> $0 [-q] [-i] [-c] [-u] [-o] [-k] [-P] <backup-command> <file>
upgrade-option: upgrade-option:
-f <config> restore configuration from .tar.gz (file or url) -f <config> restore configuration from .tar.gz (file or url)
@ -82,6 +84,8 @@ upgrade-option:
-k include in backup a list of current installed packages at -k include in backup a list of current installed packages at
$INSTALLED_PACKAGES $INSTALLED_PACKAGES
-s stay on current partition (for dual firmware devices) -s stay on current partition (for dual firmware devices)
-P create provisioning partition to keep sensitive data across
factory resets.
-T | --test -T | --test
Verify image and config .tar.gz but do not actually flash. Verify image and config .tar.gz but do not actually flash.
-F | --force -F | --force
@ -427,6 +431,7 @@ else
json_add_string command "$COMMAND" json_add_string command "$COMMAND"
json_add_object options json_add_object options
json_add_int save_partitions "$SAVE_PARTITIONS" json_add_int save_partitions "$SAVE_PARTITIONS"
json_add_int add_provisioning "$ADD_PROVISIONING"
[ $USE_CURR_PART -eq 1 ] && json_add_boolean use_curr_part 1 [ $USE_CURR_PART -eq 1 ] && json_add_boolean use_curr_part 1
json_close_object json_close_object