rpi-update is currently broken

[deminngi]

i cannot use "sudo rpi-update". rpi-udate file will be substituted by a varnish cache server html error page

Error 503 Backend.max_conn reached!

This is an infrastructure error, Please check for this error in rpi-update code notify maintainer and prevent rewrite of file.

Thx

[popcornmix]

github (which rpi-update uses) was down a little while ago - seems to be working for me now. Try again.

[deminngi]

@popcornmix Yes indeed it works now, but try to catch this error otherwise a user get an html error page that rewrites rpi-update :-(

[popcornmix]

We do check for an error returned from github: https://github.com/Hexxeh/rpi-update/blob/master/rpi-update#L50

But it appears they didn't return an error here. Do you still have the bad rpi-update file?

[deminngi]

no I do not have the file

It was a proper formatted HTML error page from varnish cache server stating Error 503 Backend.max_conn reached!

[popcornmix]

It looks like -f will cause a fail return code for HTTP errors >= 400. I've added this option which hopefully will avoid this issue in future. Need to wait for a github failure again to be sure...

[deminngi]

all rpi-update users will love it .... finally 👍

[kmscode]

I had problems as well... I don't have the the file either, but this is the output that I received:

sudo rpi-update
 *** Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS and Dom
 *** Performing self-update
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   448  100   448    0     0     29      0  0:00:15  0:00:15 --:--:--   115
 *** Relaunching after update
/usr/bin/rpi-update: line 2: syntax error near unexpected token `newline'
/usr/bin/rpi-update: line 2: `<?xml version="1.0" encoding="utf-8"?>'

Seems to be working now.

Since it seems that a few users were getting html files for whatever reason, maybe an additional check after a "successful" download - something like this:

file ${_tempFileName} | grep "shell script"
if [ $? -ne 0 ]; then
   echo " !!! Failed to download update for rpi-update!"
   echo " !!! Check something..."
   exit 1
fi

[kmscode]

Just saw the comment on "-f" - likely a cleaner solution, but won't fix other unknown scenarios where a file is "successfully" downloaded, but is not the proper file (or file type). However, I can't think of a fully plausable scenario with return codes less than 400... Unless a 302 some how mucks things up...

[popcornmix]

Lets see if there any issues with the current fix. In theory it will solve the problem.

[otherguy]

The "correct" fix would be to check for the file hash before actually replacing rpi-update.

Or alternatively to use the GitHub URL with the .patch extension instead of the raw.githubusercontent.com URL and then to apply the patch using patch.

To get the update patch:

$ curl https://github.com/Hexxeh/rpi-update/compare/24e781e...master.diff > 24e781e-master.diff

And to apply it (would create a new rpi-update file in the current directory:

$ patch --batch --normal --output ./rpi-update /usr/bin/rpi-update < 24e781e-master.diff

Of course this would mean that rpi-update would need to be aware of its current version commit hash which is difficult to pull off.

So the easier method is to create a hash file with every commit:

$ sha256sum /usr/bin/rpi-update > rpi-update.sha256

And in the script itself, pull both the latest rpi-update file and the corresponding rpi-update.sha256 and verify it:

$ sha256sum --check rpi-update.sha256

[Ruffio]

@giminni can this be closed?

[popcornmix]

Closing due to lack of activity. Please re-open if there is still an issue.