mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-10-30 01:52:51 +00:00
4c689da610
This patch addresses reviewer feedback: - Replaces dd with direct tar extraction from the mtdblock device, avoiding unnecessary intermediate steps. - Removes the manual copy/restore flow for /certificates mount by switching to an OverlayFS-based solution when a read-only squashfs or ubifs is detected. Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>
192 lines
4.5 KiB
Bash
Executable File
192 lines
4.5 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
check_certificates() {
|
|
[ -f /certificates/cert.pem -a -f /certificates/key.pem ] && exit 0
|
|
}
|
|
|
|
check_certificates
|
|
|
|
tar_part_lookup() {
|
|
part="$(fw_printenv -n cert_part)"
|
|
if [ "$part" -eq 0 ]; then
|
|
echo "$2"
|
|
part=1
|
|
else
|
|
echo "$1"
|
|
part=0
|
|
fi
|
|
fw_setenv cert_part $part
|
|
}
|
|
|
|
. /lib/functions.sh
|
|
mkdir -p /certificates /etc/ucentral/
|
|
case "$(board_name)" in
|
|
cig,wf660a)
|
|
mmc_dev=$(echo $(find_mmc_part "0:ETHPHYFW") | sed 's/^.\{5\}//')
|
|
[ -n "$mmc_dev" ] && mount -t ext4 /dev/$mmc_dev /certificates
|
|
;;
|
|
cig,wf672)
|
|
mmc_dev=$(echo $(find_mmc_part "cert") | sed 's/^.\{5\}//')
|
|
[ -n "$mmc_dev" ] && mount -t ext4 /dev/$mmc_dev /certificates
|
|
;;
|
|
sonicfi,rap7*)
|
|
if [ "$(board_name)" = "sonicfi,rap7110c-341x" ]; then
|
|
mmc_dev=$(echo $(find_mmc_part "certificates") | sed 's/^.\{5\}//')
|
|
[ -n "$mmc_dev" ] && mount -t ext4 /dev/$mmc_dev /certificates
|
|
else
|
|
mtd=$(find_mtd_index certificates)
|
|
[ -n "$mtd" ] && mount -t ext4 /dev/mtdblock$mtd /certificates
|
|
fi
|
|
if [ ! -f /certificates/cert.pem ] || [ ! -f /certificates/key.pem ]; then
|
|
part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
|
|
if [ -n "part" ]; then
|
|
mmc_dev=$(echo $(find_mmc_part "$part") | sed 's/^.\{5\}//')
|
|
[ -n "$mmc_dev" ] && tar xf /dev/$mmc_dev -C /certificates
|
|
fi
|
|
fi
|
|
;;
|
|
udaya,a5-id2)
|
|
mtd=$(find_mtd_index certificates)
|
|
if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
|
|
mount -t squashfs /dev/mtdblock$mtd /mnt
|
|
cp /mnt/* /certificates
|
|
umount /mnt
|
|
fi
|
|
part=$(tar_part_lookup "insta1" "insta2")
|
|
if [ -n "insta" ]; then
|
|
mtd=$(find_mtd_index $part)
|
|
[ -n "$mtd" ] && tar xf /dev/mtdblock$mtd -C /certificates
|
|
fi
|
|
;;
|
|
sonicfi,rap6*)
|
|
bootconfig=$(bootconfig_lookup)
|
|
|
|
if [ -n "$bootconfig" ]; then
|
|
mtd_dev=$(find_mtd_index $bootconfig)
|
|
block_size=$(cat /sys/class/mtd/mtd$mtd_dev/size)
|
|
mkdir -p /certificates
|
|
if tar tf /dev/mtdblock$mtd_dev > /dev/null 2>&1; then
|
|
tar xf /dev/mtdblock$mtd_dev -C /certificates
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f /certificates/cert.pem ] || [ ! -f /certificates/key.pem ]; then
|
|
mtd=$(find_mtd_index certificates)
|
|
|
|
if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
|
|
mount -t squashfs /dev/mtdblock$mtd /certificates
|
|
else
|
|
[ -n "$mtd" -a -f /sys/class/mtd/mtd$mtd/oobsize ] && ubiattach -p /dev/mtd$mtd
|
|
if [ -n "$(ubinfo -a | grep certificates)" ]; then
|
|
[ -e /dev/ubi0 ] && mount -t ubifs ubi0:certificates /certificates
|
|
[ -e /dev/ubi1 ] && mount -t ubifs ubi1:certificates /certificates
|
|
fi
|
|
fi
|
|
|
|
overlay_name="certs_overlay"
|
|
|
|
if mount | grep "/certificates" | grep -qE "squashfs|ubifs" && \
|
|
! mount | grep "/certificates" | grep -q "$overlay_name"; then
|
|
mkdir -p /tmp/certs_upper /tmp/certs_work /tmp/certs_merged
|
|
mount -t overlay "$overlay_name" \
|
|
-o lowerdir=/certificates,upperdir=/tmp/certs_upper,workdir=/tmp/certs_work \
|
|
/tmp/certs_merged
|
|
mount --bind /tmp/certs_merged /certificates
|
|
fi
|
|
fi
|
|
;;
|
|
*)
|
|
mtd=$(find_mtd_index certificates)
|
|
|
|
if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
|
|
mount -t squashfs /dev/mtdblock$mtd /certificates
|
|
else
|
|
[ -n "$mtd" -a -f /sys/class/mtd/mtd$mtd/oobsize ] && ubiattach -p /dev/mtd$mtd
|
|
if [ -n "$(ubinfo -a | grep certificates)" ]; then
|
|
[ -e /dev/ubi0 ] && mount -t ubifs ubi0:certificates /certificates
|
|
[ -e /dev/ubi1 ] && mount -t ubifs ubi1:certificates /certificates
|
|
fi
|
|
fi
|
|
esac
|
|
|
|
check_certificates
|
|
|
|
# if we get here no valid certificates were found
|
|
|
|
PART_NAME=
|
|
|
|
case "$(board_name)" in
|
|
actiontec,web7200)
|
|
if grep -q bootselect=0 /proc/cmdline; then
|
|
PART_NAME=firmware2
|
|
else
|
|
PART_NAME=firmware1
|
|
fi
|
|
;;
|
|
edgecore,ecw5211|\
|
|
edgecore,eap101|\
|
|
edgecore,eap102|\
|
|
edgecore,eap104|\
|
|
edgecore,eap105|\
|
|
edgecore,eap111|\
|
|
edgecore,eap112|\
|
|
edgecore,oap101|\
|
|
edgecore,oap101e|\
|
|
edgecore,oap101-6e|\
|
|
edgecore,oap101e-6e|\
|
|
edgecore,oap103)
|
|
if grep -q rootfs1 /proc/cmdline; then
|
|
PART_NAME=rootfs2
|
|
else
|
|
PART_NAME=rootfs1
|
|
fi
|
|
;;
|
|
hfcl,ion4xi|\
|
|
hfcl,ion4xi_w|\
|
|
hfcl,ion4x_w|\
|
|
hfcl,ion4xi_HMR|\
|
|
hfcl,ion4x|\
|
|
hfcl,ion4x_2|\
|
|
hfcl,ion4xi_wp|\
|
|
hfcl,ion4xe)
|
|
if grep -q rootfs_1 /proc/cmdline; then
|
|
PART_NAME=rootfs
|
|
else
|
|
PART_NAME=rootfs_1
|
|
fi
|
|
;;
|
|
cig,wf186w|\
|
|
cig,wf189|\
|
|
cig,wf189w|\
|
|
cig,wf189h|\
|
|
cig,wf186h|\
|
|
cig,wf196|\
|
|
cig,wf188n|\
|
|
emplus,wap380c|\
|
|
emplus,wap385c|\
|
|
emplus,wap386v2|\
|
|
emplus,wap581|\
|
|
yuncore,ax840|\
|
|
yuncore,fap655)
|
|
PART_NAME=rootfs_1
|
|
;;
|
|
senao,iap2300m|\
|
|
senao,iap4300m|\
|
|
emplus,wap588m|\
|
|
senao,jeap6500)
|
|
PART_NAME=ubi
|
|
;;
|
|
*)
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
MTD=$(find_mtd_index $PART_NAME)
|
|
|
|
[ -z "$MTD" ] && return 1
|
|
|
|
ubiattach -m $MTD -d 3
|
|
[ -e /dev/ubi3 ] && mount -t ubifs ubi3:certificates /certificates
|
|
|
|
check_certificates
|