Open grische opened 1 month ago
# uci show autoupdater.next
autoupdater.next=branch
autoupdater.next.mirror='http://firmware.ffmuc.net/next/sysupgrade' 'http://5.1.66.255/next/sysupgrade' 'http://185.150.99.255/next/sysupgrade' 'http://[2001:678:e68:f000::]/next/sysupgrade' 'http://[2001:678:ed0:f000::]/next/sysupgrade'
autoupdater.next.good_signatures='1'
autoupdater.next.name='next'
autoupdater.next.pubkey='6dcfc670a4150e16962c1852066669d9b337f168d0f6a863ed930968c2f047eb' 'dc44c9810a0470b2de63990128dbae392a836f4385d23e57eb72880ea8fbcf16' '5700c7a266d80aa1c6c33f29835a7b200bdd500e88ee86c0a63e24a0023364f6' '216a34d34a15688e127d8d90e6c57587aa8c682b0648322f68338487657fd5ff' '2a74ed02120a7d48bb2dc9be988b3480ed99844054b3d7f3e5d3df27d19d814b' '56c4201f6ce2994678b0142e19099dd28d6ed17775d35ca9a7f12d9235890ffc' '3cc6dc6d0d7499d4d17cacad5f16336634e0b26700807f29cc241eaabbde481f' 'e7a50df4bc8875113eaf75dff5204e8753a9189baeed40c6db0509398a428820' '50bafd8216cab2ee1c11c215b528dd7c6396f3edfdab689c70ca04a9f284b931' 'cc7e3a6a4788d4246075923b298634f14a4fd179020ef6369fb74d601f55cc84' '18fecc717a237ea5702fb97fa4689f9307d0267e3ee8f09377dbed99397b77b9'
@darkdragon-001 did that change with the new next update? What happens if you execute autoupdater -f
Nope, everything still the same.
# autoupdater -f
Retrieving manifest from http://firmware.ffmuc.net/next/sysupgrade/next.manifest ...
autoupdater: warning: manifest http://firmware.ffmuc.net/next/sysupgrade/next.manifest only carried 0 valid signatures, 1 are required
Retrieving manifest from http://185.150.99.255/next/sysupgrade/next.manifest ...
autoupdater: warning: manifest http://185.150.99.255/next/sysupgrade/next.manifest only carried 0 valid signatures, 1 are required
Retrieving manifest from http://[2001:678:e68:f000::]/next/sysupgrade/next.manifest ...
autoupdater: warning: manifest http://[2001:678:e68:f000::]/next/sysupgrade/next.manifest only carried 0 valid signatures, 1 are required
Retrieving manifest from http://[2001:678:ed0:f000::]/next/sysupgrade/next.manifest ...
autoupdater: warning: manifest http://[2001:678:ed0:f000::]/next/sysupgrade/next.manifest only carried 0 valid signatures, 1 are required
Retrieving manifest from http://5.1.66.255/next/sysupgrade/next.manifest ...
autoupdater: warning: manifest http://5.1.66.255/next/sysupgrade/next.manifest only carried 0 valid signatures, 1 are required
autoupdater: error: no usable mirror found
What does lua -e 'print(require("platform_info").get_image_name())'
print on the device?
(should be unrelated to signature verification, but I currently have no idea what might be going wrong for a single device)
@neocturne isn't this just going to be this? https://github.com/freifunkMUC/site-ffm/blob/e1c1b7491a629c34ecd433a9da3626d3ab483fc8/patches/targets-kirkwood.patch#L18 @T0biii edited the initial comment with some more info a few hours ago.
@neocturne isn't this just going to be this?
It should be that if the device entry in the target file is correct, but if I'm looking at the right Device Tree, the device name might actually be set incorrectly and not match the image name.
What does
lua -e 'print(require("platform_info").get_image_name())'
print on the device?(should be unrelated to signature verification, but I currently have no idea what might be going wrong for a single device)
# lua -e 'print(require("platform_info").get_image_name())'
linksys-e4200-v2-viper
Indeed, this has the additional -viper
suffix.
Okay, regardless of the naming error, something very weird is going on.
As far as I can tell, there is nothing wrong with the autoupdater in the v2024.4.2-next firmware for the Linksys E4200 v2. To verify, I extracted the rootfs from the sysupgrade image, unpacked that in an armsr-armv7 Gluon system running in qemu, and used chroot to run the autoupdater binary + libraries from the extracted rootfs.
Depending on the model name I set in /tmp/sysinfo/model
, this either resulted in the expected error (device not found due to the incorrect name) or an attempt to run the autoupdate. The signature was always verified correctly.
@darkdragon-001 you can find an updated build for the device with the fixed name around 14:00 CEST here: https://github.com/freifunkMUC/site-ffm/actions/runs/9660907085?pr=446
There's one more thing I'd like to check: Please provide the full /etc/config/autoupdater
of the affected device.
There's one more thing I'd like to check: Please provide the full
/etc/config/autoupdater
of the affected device.
Okay, still no idea what is going on...
This seems very farfetched but could it be that the signature verification instructions don't work on that chip correctly for some reason? How difficult would it be to verify such claim? Basically creating an executable taking a file, signature and public key as arguments and printing the result of the check?
I guess the first step would be to add some debug logging to the autoupdater (printing the downloaded manifest, SHA256 hash, individual verification inputs and results, maybe some other things I'm forgetting) to narrow down the cause. Once we've done that it might make sense to write a test program for the specific thing that goes wrong.
@neocturne I can add a bunch of print statements all over the place. Do you mean in the upstream package or as a (temporary) patch in the firmware?
I have pushed a Gluon branch that includes a debug patch for the autoupdater: https://github.com/neocturne/gluon/tree/autoupdater-debug
Run autoupdater
with the additional argument -d
to dump the whole downloaded manifest, as well as a few values I'm interested in.
As the patch is rather small, it might also make sense to include it in the upstream autoupdater in the future.
@darkdragon-001 you will find a new firmware with the above patch by 16:30 CEST: https://github.com/freifunkMUC/site-ffm/actions/runs/9808595276
@neocturne I added this on top of Gluon v2023.2.3 and it seemed to apply cleanly: https://github.com/freifunkMUC/site-ffm/commit/67821f73febd4ceee6e630b9b8be501fc5be7317
The Autoupdater on a Linksys E4200 v2 is unable to validate (valid) signatures of the firmware manifest.
gluon: gluon-v2023.2.2+ ffmuc: v2024.4.2-next Patch: https://github.com/freifunkMUC/site-ffm/blob/next/patches/targets-kirkwood.patch
https://map.ffmuc.net/#!/de/map/586d8ff5af6f