-
-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firmware update procedure requires to completely wipe SD card #16
Comments
I began to analyze the original firmware update process on the CCU2:
#!/bin/sh
STARTPWD=$(pwd)
ROOT_FS=rootfs.ubi
KERNEL_IMAGE=uImage
ROOT_MTDCHAR=/dev/mtd7
KERNEL_MTDCHAR=/dev/mtd5
if [ -f $STARTPWD/$KERNEL_IMAGE ]; then
echo "Erasing kernel partition ..."
flash_erase $KERNEL_MTDCHAR 0 0
echo "Writing kernel to NAND ..."
nandwrite -p $KERNEL_MTDCHAR $KERNEL_IMAGE
fi
if [ -f $STARTPWD/$ROOT_FS ]; then
echo "Writing rootfs to NAND ..."
ubidetach -p $ROOT_MTDCHAR
ubiformat $ROOT_MTDCHAR -f $ROOT_FS
fi Changes needed for RaspberryMatic:
Proof of concept: This patch for cp_maintenance.cgi corrects the tar command and starts update_script right before system reboot: --- WebUI/www/config/cp_maintenance.cgi.orig 2017-03-08 23:04:47.141292627 +0100
+++ WebUI/www/config/cp_maintenance.cgi 2017-03-09 23:43:02.329296667 +0100
@@ -753,7 +753,7 @@
set file_valid 0
catch {
#set file_valid [expr [string first "update_script" [exec tar tzf [lindex $firmware_file 0]]] >= 0 ]
- exec tar zxvf [lindex $firmware_file 0] update_script EULA.en EULA.de EULA.tr -C /var/
+ exec tar zxvf [lindex $firmware_file 0] -C /var update_script EULA.en EULA.de EULA.tr
}
set file_valid [file exists "/var/update_script"]
@@ -864,6 +864,7 @@
catch { exec killall hss_lcd }
catch { exec lcdtool {Saving Data... } }
rega system.Save()
+ catch { exec /bin/sh /var/update_script 2>&1 >/var/log/upgrade.log }
catch { exec lcdtool {Reboot... } }
if {[isOldCCU]} { The update_script uses dd to overwrite the boot and root filesystems on the sdcard (which are mounted while overwriting but since they are mounted readonly this seems to work reliable). Here is a bash script which creates an update archive from a RaspberryMatic release archive (RaspberryMatic-X.XX.XX.YYYYMMDD.zip). make_firmware_update_archive.sh The script relies on losetup, kpartx, mount and dd and has to be executed as root: The resulting archive then can be used to update the system in combination with the patched cp_maintenance.cgi via the WebUI. |
@j-a-n First of all, thanks for this very nice summary (actually, I tried to improve the layout of your comment using GitHub markup functionality - :) and the nice proposal to actually implement this In fact, I was of course also already thinking about how we could potentially support a direct update via the standard "Firmware Update" mechanism like in a standard CCU2 system. However, reading through your proposal I still feel that while this could actually work there might also be some pitfalls and though that we should discuss first:
As said, I really appreciate your work/analysis of the possibility and I really hope we can find a nice solution together how firmware updates could be performed in future in RaspberryMatic. As such I would like to raise the following proposals:
So what do you think? |
Thanks for formatting my post ;) In my opinion an update has to be as simple as possible to ensure that users actually are upgrading their systems to recent versions which possibly fix security problems. What is the main reason to put /tmp in RAM? I don't think that
|
Well, the reason why /tmp is in RAM is not only because this automatically wipes all content away but also because this speeds up operation for all applications putting data into /tmp or /var. And this is actually something very common. Furthermore, if you put /tmp and /var back onto the SD card this would put additional load on the SD card and will thus reduce its life time considerably. Thus, simply putting back /tmp and /var on the sd card to also solve #23 isn't really a viable solution IMHO. Of course In addition, I still feel that using Thus, I am still not sure if your proposed |
Whatever method is used to update the filesystem on the partition, the problem with the partition size will persist. One more possibility to update the filesystem on the running system could be rsync. Another approach could be: |
For now I build an addon which implements a simple up/-downgrade mechanism using rsync. |
@j-a-n First of all thank you for your contribution to the RaspberryMatic project. I really appreciate any help in getting RaspberryMatic more and more widely used and on an equal technical level like a CCU2. However, I still have very deep doubts that your add-on approach is the right way to go. There are some very fundamental doubts I already raised in this thread (e.g. overwriting /root while it is still mounted, etc.). Furthermore, your approach requires different RaspberryMatic images which you alter yourself and which you seem to distribute yourself as well. This will IMHO just confuse end users and might lead to problems where I will e.g. receive bug reports where users are using your images where in this case I will have to reject any bug report because I hope you understand that I cannot support these kind of adapted images. Furthermore, you will have to update your adapted images to every new RaspberryMatic version I will release in future and thus this might not only introduce additional delay for end users but might also result in technical problems. Thus, I feel that while your rsync-driven approach in providing updates looks like a nice technical approach (apart from the initial problem that overwrites on a root file system while being mounted isn't really something I would suggest), I really deeply feel continuing your work as an Addon isn't really something I would advice. A firmware update ist such a fundamental task that it shouldn't be part of an Addon package. Thus, I would have preferred that we instead would have continued our discussions here and that you might have come up with a bunch of pull requests so that we could integrate it directly into RaspberryMatic (first in terms of an additional branch and then after having sorted out technical things we could have merged it to master). Furthermore, you have never commented on my initial comments that I currently still feel that having to wipe the whole SD disk isn't something utterly complicated. There are some fundamental differences between a CCU2 hardware and RaspberryPi driven system (e.g. being able to exchange microSD card with root fs) that raises the question if the current update path (backup->SD card wipe->restore) is really soo bad!?! But don't get me wrong, if we can find a nice, smooth solution to provide a similar level of updating raspberryMatic directly via its web interface I am all for it. I just feel that 1. overwriting the root fs while it is currently mounted isn't a wise approach and 2. stuffing all this into a third-party add-on shouldn't be continued. So please consider preparing pull requests for the RaspberryMatic project instead. |
@jens-maus First of all thanks for all your work, I am using RaspberryMatic for several weeks now and it is working really stable and fast. It is really a big improvement in comparison with the CCU2. The current update path is not really complicated but I prefer not having to touch the RasPi and just press a button in the webinterface to upgrade the system. This process could also be automated completely. There is not really a need for different RaspberryMatic images, we just need bigger partitions/filesystems. The addon downloads the original RaspberryMatic images. Rsync is able to replace in-use binaries. In my opinion the rsync approach is working really nice so far. |
@j-a-n I will certainly try it soon and see how it works and test how stable the rsync approach really is. However, I really still feel instead of distributing this solution solely as an add-on we should continue and provide a solution which is directly integrated in RaspberryMatic instead. And increasing the root and boot partition to larger fixed sizes shouldn't be a problem directly in RaspberryMatic. So what do you think about transforming your rsync add-on approach over into something more integrated directly in RaspberryMatic? I would really appreciate it if you could provide pull requests instead of continuing your add-on approach. |
If you think the rsync approach is worth it, I also think it would be great to integrate it into RaspberryMatic. |
I would say, go ahead and prepare a pull request for integration of your rsync approach and then we can evaluate how well it actually works as soon as it is integrated. |
I suggest to use GIT. This allows to update RaspberryMatic from the Github repository without the need of running additional servers (e.g. rsyncd). |
Version 1.0 from j-a-n's addon uses two partitions. this solution is a very good way in my opinion. it would be great if you could integrate this in the core system. |
Well, I told @j-a-n already that instead of working on an add-on doing such an integral job he should work/concentrate on working on a pull request to potentially integrate his changes in a future version of RaspberryMatic. |
@jens-maus I would need your support to start the integration. partition 1: size=100M, label="bootfs" |
@j-a-n I would love to help you or even explain you how to work with build root. Looking at you project I think it should be quite easy for you to get started with build root once you are starting to work with it. Regarding integration I think we first need to talk over some things:
|
|
…e a rootfs2 with equal size like rootfs1 and also userfs completely on demand upon the first boot of a fresh install. This should help to integrate the still missing webui-based firmware update functionality in one of the next releases. This refs #16.
Please note that I have created a new "webui-upgrade-feature" branch and started integrating your proposed functionality in using two swappable rootfs partitions. Now, upon its very first boot raspberryMatic should create a rootfs2 and userfs partition on the fly so that we don't have to supply it via the downloadable *.img file. Next will be to reenable the webui firmware upgrade components and then we would have to integrate your proposed loop mount and rsync mechanisms to actually perform the web-based upgrade. So please checkout this new branch and test it as I will add new functionality to it. And of course, feel free to submit pull requests against it. As soon as this branch stabilized we can then consider merging it to master to have this feature integrated in one of the next RaspberryMatic versions. |
…erryMatic *.zip file and checking the consistency of the zip file even using sha256. This refs #16.
Currently, upon a new RaspberryMatic release all users still have to completely wipe their SD card, update it with the next image and then restore a backup. This is quite cumbersome and error prone. For proper updates in future we should support normal "firmware updates" like this is currently possible for the old CCU2 hardware. For this, we have to lookup how this is currently done and how we can automatically generate similar "firmware update" archives users can then directly upload via the WebUI.
The text was updated successfully, but these errors were encountered: