| #!/usr/bin/python2 |
| # |
| # Copyright (C) 2013 The Android Open Source Project |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| """Command-line tool for checking and applying Chrome OS update payloads.""" |
| |
| from __future__ import print_function |
| |
| # pylint: disable=import-error |
| import argparse |
| import filecmp |
| import os |
| import sys |
| import tempfile |
| |
| from update_payload import common |
| from update_payload import error |
| |
| lib_dir = os.path.join(os.path.dirname(__file__), 'lib') |
| if os.path.exists(lib_dir) and os.path.isdir(lib_dir): |
| sys.path.insert(1, lib_dir) |
| import update_payload |
| |
| |
| _TYPE_FULL = 'full' |
| _TYPE_DELTA = 'delta' |
| |
| |
| def ParseArguments(argv): |
| """Parse and validate command-line arguments. |
| |
| Args: |
| argv: command-line arguments to parse (excluding the program name) |
| |
| Returns: |
| Returns the arguments returned by the argument parser. |
| """ |
| parser = argparse.ArgumentParser( |
| description=('Applies a Chrome OS update PAYLOAD to src_kern and ' |
| 'src_root emitting dst_kern and dst_root, respectively. ' |
| 'src_kern and src_root are only needed for delta payloads. ' |
| 'When no partitions are provided, verifies the payload ' |
| 'integrity.'), |
| epilog=('Note: a payload may verify correctly but fail to apply, and ' |
| 'vice versa; this is by design and can be thought of as static ' |
| 'vs dynamic correctness. A payload that both verifies and ' |
| 'applies correctly should be safe for use by the Chrome OS ' |
| 'Update Engine. Use --check to verify a payload prior to ' |
| 'applying it.'), |
| formatter_class=argparse.RawDescriptionHelpFormatter |
| ) |
| |
| check_args = parser.add_argument_group('Checking payload integrity') |
| check_args.add_argument('-c', '--check', action='store_true', default=False, |
| help=('force payload integrity check (e.g. before ' |
| 'applying)')) |
| check_args.add_argument('-D', '--describe', action='store_true', |
| default=False, |
| help='Print a friendly description of the payload.') |
| check_args.add_argument('-r', '--report', metavar='FILE', |
| help="dump payload report (`-' for stdout)") |
| check_args.add_argument('-t', '--type', dest='assert_type', |
| help='assert the payload type', |
| choices=[_TYPE_FULL, _TYPE_DELTA]) |
| check_args.add_argument('-z', '--block-size', metavar='NUM', default=0, |
| type=int, |
| help='assert a non-default (4096) payload block size') |
| check_args.add_argument('-u', '--allow-unhashed', action='store_true', |
| default=False, help='allow unhashed operations') |
| check_args.add_argument('-d', '--disabled_tests', default=(), metavar='', |
| help=('space separated list of tests to disable. ' |
| 'allowed options include: ' + |
| ', '.join(update_payload.CHECKS_TO_DISABLE)), |
| choices=update_payload.CHECKS_TO_DISABLE) |
| check_args.add_argument('-k', '--key', metavar='FILE', |
| help=('override standard key used for signature ' |
| 'validation')) |
| check_args.add_argument('-m', '--meta-sig', metavar='FILE', |
| help='verify metadata against its signature') |
| check_args.add_argument('-s', '--metadata-size', metavar='NUM', default=0, |
| help='the metadata size to verify with the one in' |
| ' payload') |
| # TODO(tbrindus): deprecated in favour of --part_sizes |
| check_args.add_argument('-p', '--root-part-size', metavar='NUM', |
| default=0, type=int, |
| help='override rootfs partition size auto-inference') |
| check_args.add_argument('-P', '--kern-part-size', metavar='NUM', |
| default=0, type=int, |
| help='override kernel partition size auto-inference') |
| check_args.add_argument('--part_sizes', metavar='NUM', nargs='+', type=int, |
| help='override partition size auto-inference') |
| |
| apply_args = parser.add_argument_group('Applying payload') |
| # TODO(ahassani): Extent extract-bsdiff to puffdiff too. |
| apply_args.add_argument('-x', '--extract-bsdiff', action='store_true', |
| default=False, |
| help=('use temp input/output files with BSDIFF ' |
| 'operations (not in-place)')) |
| apply_args.add_argument('--bspatch-path', metavar='FILE', |
| help='use the specified bspatch binary') |
| apply_args.add_argument('--puffpatch-path', metavar='FILE', |
| help='use the specified puffpatch binary') |
| # TODO(tbrindus): deprecated in favour of --dst_part_paths |
| apply_args.add_argument('--dst_kern', metavar='FILE', |
| help='destination kernel partition file') |
| apply_args.add_argument('--dst_root', metavar='FILE', |
| help='destination root partition file') |
| # TODO(tbrindus): deprecated in favour of --src_part_paths |
| apply_args.add_argument('--src_kern', metavar='FILE', |
| help='source kernel partition file') |
| apply_args.add_argument('--src_root', metavar='FILE', |
| help='source root partition file') |
| # TODO(tbrindus): deprecated in favour of --out_dst_part_paths |
| apply_args.add_argument('--out_dst_kern', metavar='FILE', |
| help='created destination kernel partition file') |
| apply_args.add_argument('--out_dst_root', metavar='FILE', |
| help='created destination root partition file') |
| |
| apply_args.add_argument('--src_part_paths', metavar='FILE', nargs='+', |
| help='source partitition files') |
| apply_args.add_argument('--dst_part_paths', metavar='FILE', nargs='+', |
| help='destination partition files') |
| apply_args.add_argument('--out_dst_part_paths', metavar='FILE', nargs='+', |
| help='created destination partition files') |
| |
| parser.add_argument('payload', metavar='PAYLOAD', help='the payload file') |
| parser.add_argument('--part_names', metavar='NAME', nargs='+', |
| help='names of partitions') |
| |
| # Parse command-line arguments. |
| args = parser.parse_args(argv) |
| |
| # TODO(tbrindus): temporary workaround to keep old-style flags from breaking |
| # without having to handle both types in our code. Remove after flag usage is |
| # removed from calling scripts. |
| args.part_names = args.part_names or [common.KERNEL, common.ROOTFS] |
| args.part_sizes = args.part_sizes or [args.kern_part_size, |
| args.root_part_size] |
| args.src_part_paths = args.src_part_paths or [args.src_kern, args.src_root] |
| args.dst_part_paths = args.dst_part_paths or [args.dst_kern, args.dst_root] |
| args.out_dst_part_paths = args.out_dst_part_paths or [args.out_dst_kern, |
| args.out_dst_root] |
| |
| # Make sure we don't have new dependencies on old flags by deleting them from |
| # the namespace here. |
| for old in ['kern_part_size', 'root_part_size', 'src_kern', 'src_root', |
| 'dst_kern', 'dst_root', 'out_dst_kern', 'out_dst_root']: |
| delattr(args, old) |
| |
| # There are several options that imply --check. |
| args.check = (args.check or args.report or args.assert_type or |
| args.block_size or args.allow_unhashed or |
| args.disabled_tests or args.meta_sig or args.key or |
| any(args.part_sizes) or args.metadata_size) |
| |
| for arg in ['part_sizes', 'src_part_paths', 'dst_part_paths', |
| 'out_dst_part_paths']: |
| if len(args.part_names) != len(getattr(args, arg, [])): |
| parser.error('partitions in --%s do not match --part_names' % arg) |
| |
| if all(args.dst_part_paths) or all(args.out_dst_part_paths): |
| if all(args.src_part_paths): |
| if args.assert_type == _TYPE_FULL: |
| parser.error('%s payload does not accept source partition arguments' |
| % _TYPE_FULL) |
| else: |
| args.assert_type = _TYPE_DELTA |
| else: |
| if args.assert_type == _TYPE_DELTA: |
| parser.error('%s payload requires source partitions arguments' |
| % _TYPE_DELTA) |
| else: |
| args.assert_type = _TYPE_FULL |
| else: |
| # Not applying payload. |
| if args.extract_bsdiff: |
| parser.error('--extract-bsdiff can only be used when applying payloads') |
| if args.bspatch_path: |
| parser.error('--bspatch-path can only be used when applying payloads') |
| if args.puffpatch_path: |
| parser.error('--puffpatch-path can only be used when applying payloads') |
| |
| # By default, look for a metadata-signature file with a name based on the name |
| # of the payload we are checking. We only do it if check was triggered. |
| if args.check and not args.meta_sig: |
| default_meta_sig = args.payload + '.metadata-signature' |
| if os.path.isfile(default_meta_sig): |
| args.meta_sig = default_meta_sig |
| print('Using default metadata signature', args.meta_sig, file=sys.stderr) |
| |
| return args |
| |
| |
| def main(argv): |
| # Parse and validate arguments. |
| args = ParseArguments(argv[1:]) |
| |
| with open(args.payload) as payload_file: |
| payload = update_payload.Payload(payload_file) |
| try: |
| # Initialize payload. |
| payload.Init() |
| |
| if args.describe: |
| payload.Describe() |
| |
| # Perform payload integrity checks. |
| if args.check: |
| report_file = None |
| do_close_report_file = False |
| metadata_sig_file = None |
| try: |
| if args.report: |
| if args.report == '-': |
| report_file = sys.stdout |
| else: |
| report_file = open(args.report, 'w') |
| do_close_report_file = True |
| |
| part_sizes = dict(zip(args.part_names, args.part_sizes)) |
| metadata_sig_file = args.meta_sig and open(args.meta_sig) |
| payload.Check( |
| pubkey_file_name=args.key, |
| metadata_sig_file=metadata_sig_file, |
| metadata_size=int(args.metadata_size), |
| report_out_file=report_file, |
| assert_type=args.assert_type, |
| block_size=int(args.block_size), |
| part_sizes=part_sizes, |
| allow_unhashed=args.allow_unhashed, |
| disabled_tests=args.disabled_tests) |
| finally: |
| if metadata_sig_file: |
| metadata_sig_file.close() |
| if do_close_report_file: |
| report_file.close() |
| |
| # Apply payload. |
| if all(args.dst_part_paths) or all(args.out_dst_part_paths): |
| dargs = {'bsdiff_in_place': not args.extract_bsdiff} |
| if args.bspatch_path: |
| dargs['bspatch_path'] = args.bspatch_path |
| if args.puffpatch_path: |
| dargs['puffpatch_path'] = args.puffpatch_path |
| if args.assert_type == _TYPE_DELTA: |
| dargs['old_parts'] = dict(zip(args.part_names, args.src_part_paths)) |
| |
| out_dst_parts = {} |
| file_handles = [] |
| if all(args.out_dst_part_paths): |
| for name, path in zip(args.part_names, args.out_dst_part_paths): |
| handle = open(path, 'w+') |
| file_handles.append(handle) |
| out_dst_parts[name] = handle.name |
| else: |
| for name in args.part_names: |
| handle = tempfile.NamedTemporaryFile() |
| file_handles.append(handle) |
| out_dst_parts[name] = handle.name |
| |
| payload.Apply(out_dst_parts, **dargs) |
| |
| # If destination kernel and rootfs partitions are not given, then this |
| # just becomes an apply operation with no check. |
| if all(args.dst_part_paths): |
| # Prior to comparing, add the unused space past the filesystem |
| # boundary in the new target partitions to become the same size as |
| # the given partitions. This will truncate to larger size. |
| for part_name, out_dst_part, dst_part in zip(args.part_names, |
| file_handles, |
| args.dst_part_paths): |
| out_dst_part.truncate(os.path.getsize(dst_part)) |
| |
| # Compare resulting partitions with the ones from the target image. |
| if not filecmp.cmp(out_dst_part.name, dst_part): |
| raise error.PayloadError( |
| 'Resulting %s partition corrupted.' % part_name) |
| |
| # Close the output files. If args.out_dst_* was not given, then these |
| # files are created as temp files and will be deleted upon close(). |
| for handle in file_handles: |
| handle.close() |
| except error.PayloadError, e: |
| sys.stderr.write('Error: %s\n' % e) |
| return 1 |
| |
| return 0 |
| |
| |
| if __name__ == '__main__': |
| sys.exit(main(sys.argv)) |