| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code in processImage() execute "tar xf" twice, the first time to
extract the MANIFEST, and the second time to extract the whole tarball.
On a tarball without compression, it's OK. But if the tarball is
compressed, it takes much longer time to de-compress the tarball for
twice.
This commit changes the behavior by:
1. Untar the whole tarball into a temp dir;
2. Parse the manifest as before;
3. If something is wrong, remove the temp dir as before;
4. If it's valid, rename the temp dir to the valid image dir.
It also fixes an issue that it uses const_cast in mkdtemp, which is
undefined behavior because the returned const char* shall be read-only,
writing this memory could cause undefined behavior.
Partially resovles openbmc/bmcweb#60
Tested: Verify the image upload works well, and it takes much less time
on a gzip compressed tarball.
Change-Id: I0af81acbd948e9c54d5d168c9f72e8ebbf8daebe
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
| |
Installs into bin instead of sbin per guidelines.
Signed-off-by: Patrick Venture <venture@google.com>
Change-Id: I77f4082b9d55da775b0af59328d504f9ac9cd163
|
|
|
|
|
|
|
|
| |
Use the defaults in the pkg check where the default error message is
sufficient to identify which package is missing.
Change-Id: I505ebc57cc86595df294d6e9cf7e57513ffc3aa5
Signed-off-by: Patrick Venture <venture@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The remove association function was supposed to be called on delete but
was never implemented so if the associations are queried but the version
has been deleted, that'd be false information, so call to remove the
associations on delete, also rename it to delete all associations,
because the delete function already determined if the requested version
is functional.
Tested: Verified the associations for the requested version are deleted
with a DeleteAll and Delete call.
Change-Id: Ia4fde01c9500b648660bc9a4c355d44a35af7cc5
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
The is_method_error() function is no longer needed, instead a
try-catch block should be used instead.
Reference:
https://lists.ozlabs.org/pipermail/openbmc/2018-October/013696.html,
Change-Id: I1919ea33fc18be2b8afd51fb1f85ddef15041e7c
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we get a different inotify handle for every file in the
synclist, and register all of them with sd_event. A single fd will
work and saves memory in libsystemd and the kernel, so do that instead.
This in turn allows the fileMap structure to be simplified down to a
basic map of watch descriptor / filename pairs.
Remove redundant calls to both close and inotify_rm_watch - let the
kernel do the work for us. From the inotify man page:
When all file descriptors referring to an inotify instance have been
closed (using close(2)), the underlying object and its resources are
freed for reuse by the kernel; all associated watches are auto‐
matically freed.
Change-Id: Ia63cb667cdf41c171276a0351d95347a54578f2f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the hostname is updated via systemd, it modifies the /etc/hostname
file in a way that triggers a IN_CLOSE_NOWRITE and IN_IGNORED signal.
* When IN_IGNORED is received, re-subscribe the file, since it means
that the inotify watch was removed.
* A subsequent IN_CLOSE_WRITE signal is received after the re-subscribe
which takes care of syncing the hostname file.
Tested: The hostname was synced when changed multiple times in a row
using the REST API.
Change-Id: I30abfcdc8b33f77adc6349d345cc957b07898018
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Version interface is a public interface, and errors are being
added to it:
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/13836/
This conflicts with the internal Version errors, so rename the
internal one to an Image namespace since that's not a public
interface and make more sense since the errors deal with failures
during image file extraction.
Tested:
Uploaded an invalid tar file (u-boot.bin) and the new Image::Error
was created:
"/xyz/openbmc_project/logging/entry/2": {
"AdditionalData": [
"PATH=/tmp/images/u-boot.bin",
"_PID=1348"
],
"Description": "An internal BMC error occurred",
"EventID": "None",
"Id": 2,
"Message": "xyz.openbmc_project.Software.Image.Error.UnTarFailure",
Change-Id: I6f6c84e2ea782c8ebc952bba4d5cee6be232f08f
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
| |
Change-Id: I18db16de1fa603e366a25f564610c63076108eb9
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an activation fails, the version is marked as Failed.
On a subsequent activation, the bmc updater core dumps due
to 2 issues during the freeSpace call:
1. The Failed activation doesn't have a Priority object, so
default its priority to a large value.
2. If the subsequent activation is to the same version id,
then freeSpace should not do an erase on it, because that
removes the activations object that it's trying to activate.
Tested: Verified that doing an activation after a version
was marked as Failed did not core dump the updater anymore.
Change-Id: Iba36497b53738e00283cfec55e8c666f943cd5d5
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
| |
Updated to correct IRC username and preferred email address.
Change-Id: I8dda2450bfc53e5a022ffdb35df3fed501dc30c2
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Update the .clang-format file and run clang-format-6.0.
This .clang-format matches the example one in
https://github.com/openbmc/docs/blob/master/cpp-style-and-conventions.md#clang-formatting
Change-Id: Ia1edfe21e4b1ff9591b411212c77a310ec4bed68
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Update the .clang-format file.
Now includes header sorting and updating PointerAlignment.
Change-Id: I5c7690d8d83cdebe26ff3a73b90a2a8c17dd8054
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.
Resolves openbmc/openbmc#3136
Tested: Verified the signature verification was successful.
Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
| |
Just some minor fixes.
Change-Id: I000c456e51c62220d7a5fed8100cfc6c13ef9551
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Enable support for field mode, which sets "fieldmode=true" in u-boot
env.
Tested: Verify field mode is enabled via REST API, and verify it is
still enabled after BMC reboot.
Change-Id: I9ff01a51260d1f08021e0ba7ade16fd48c8bb24e
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current logic in ItemUpdater::freeSpace() will try to find the
non-functional BMC ids and remove extra ones as long as the active BMC
images is greater than ACTIVE_BMC_MAX_ALLOWED.
For static layout systems with only one BMC flash chip, the above logic
will cause an issue that the "old" BMC id not deleted during code
update, because the "old" BMC id is the functional one.
This commit changes the above logic, that if ACTIVE_BMC_MAX_ALLOWED is
less than 2 (e.g. 1), delete the functional BMC id as well, because
there really is only one BMC after all.
Partly resolves openbmc/phosphor-bmc-code-mgmt#2
Tested: Verify that the "old" BMC id is deleted during code update, if
ACTIVE_BMC_MAX_ALLOWED is configured to 1, on Romulus.
Change-Id: I6f21b4269dd78d71f7e9181bb913c49b575321d1
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MEDIA_DIR was configured as "/media", it works on ubi-fs systems.
On static layout systems, "/media" is in rwfs, and thus is persistent
after BMC reboot or code update (if rwfs is not updated).
This makes the dirs/files in MEDIA_DIR persistent, and it causes an
issue that BMC uses the incorrect versionId of the image that is the
persistent one in MEDIA_DIR, while it should generate the versionID from
the functional BMC version.
Making MEDIA_DIR configurable, so static layout system could configure
it to a tmpfs, and the above issue is fixed.
Partly resolves openbmc/phosphor-bmc-code-mgmt#3
Tested: Verify that MEDIA_DIR could be configured via configure
argument.
Change-Id: I10d46ea00b79677bec16ac69d2a3375597665f0c
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per openbmc/openbmc#3364, adding -flto to CXX flags
in order to reduce overall library and binary sizes.
Ref: https://gcc.gnu.org/wiki/LinkTimeOptimization
Tested: Verified compiled and boots to Ready in QEMU.
Change-Id: Id68f3253bcf33661d17a62376249a3b2637cfc10
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement factory reset for static flash layout, that starts
obmc-flash-bmc-setenv to set factory-reset u-boot env and let
init to do the cleanup.
Tested: Invoke factory reset on /xyz/openbmc_project/software and verify
everything in rwfs is deleted, and after reboot, the BMC acts
like a fresh new one.
Change-Id: I20e361519af6c3c12703315070debabd8cf88060
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In certain cases, the mapper may return a not found error when polling
for BMC endpoints. While this is an error, it should not crash
phosphor-software-manager.
Tested By: Booted the system without a bmc interface present, and
verified that software manager doesn't crash
Change-Id: I1199d6f94deb6cf5a795f8770d9dac202697f401
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
For fixed flash layout code update, it was using the whole image-bmc.
For future features like image verification during boot, it needs to use
separated images and separated keys.
So change the image-bmc to separated images.
Change-Id: I6cc56f82c786125bb4386af5ea1d931afed7901d
Tested: Do code update on Romulus without issue.
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service that sets the priority value is unique to the ubi
layout because there is only one version at a time on the
static layout.
Move the calling of the service to the ubi implementation.
Tested:
- Witherspoon: Priorities are still set.
- Romulus: The BMC.Updater app does not core dump with the
latest sdbusplus changes due to calling a non-existent service.
Change-Id: Ica1c68f00d5cb43c51ee09c5a3851613edf941d5
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
Add item_updater_helper and implement it in ubi and static layouts.
Tested: Build this repo on both Romulus and Witherspoon OK;
Tested on Romulus and Witherspoon that code update works fine.
Change-Id: I706cfe63900f89bb41672dcc745b3483e06838c7
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bmcImages were in image_verify.hpp but it is used not only in image
verification, but elsewhere.
Move it into a more generic header file, images.hpp, so it makes more
clear that users of bmcImages include images.hpp instead of
image_verify.hpp
Tested: Verify the code pass the build.
Change-Id: If9adf315eee9047d9d08ab93ed7c0ff3c97f7a1e
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable signature verification on non ubifs build.
The code is the same for ubifs and non ubifs, so move related code into
separated functions.
Tested: Verify that the signature check happens during code update, and
successfully updated the code when the image is valid;
verify it fails to update in field mode when the image is
modified.
Change-Id: I81a536fb7ea05d804fa592c57bbed8f32f07a559
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add ubifs_layout as config argument, so a build could select if it
needs ubifs_layout feature or not.
Add code to update non-ubifs layout image by
1. Putting the bmc image in /run/initramfs;
2. Set its state as Active when it is ready to update
3. Let user to initiate the reboot request
Tested: Generate a tarball with Romulus bmc image and manifest,
update it with REST API (image upload, activation, and reboot)
Verify the code update works well in WebUI.
Change-Id: I5b122211fafb7cb9d96ee67317db139ed0b7d0a7
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle exceptions from the sdbusplus method call_noreply API.
The Activation constructor was subscribing to systemd signals, which
would cause an "Already Subscribed" error when creating multiple
Activation instances because the bus is common.
There is no reason to subscribe to systemd signals in the constructor,
since the signals are only triggered during the activation process.
Move the Subscribe call to the activation process which calls
Unsubscribe at the end.
There's a scenario where there could still be an "Already Subscribed"
error if the activation fails, so add error handling there.
Tested: Verified code update worked with this change, and the app
would not core dump with the latest sdbusplus changes.
Change-Id: I065baca2586fa64c138d847187303464123cc01a
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
| |
Add Lei as maintainer.
Change-Id: I8e700aa3de6d6716827b1af4568a9b6c71d2e6a1
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the code that monitors for ubi services into the ubi
subdirectory. Other filesystem layouts can just ignore
the service monitoring by setting the *VolumeCreated
variables to true.
Tested: Verified code update on Witherspoon still worked.
Change-Id: I135e66225d0e8d692d430efd864252b822b069db
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the code that creates the ubi volumes into a separate
write flash function to make it easier to implement
different flash write functions for other flash layouts.
To implement a different write flash function:
1. Modify the Makefile.am file to include the desired code
location. Ex:
if UBI
include ubi/Makefile.am.include
else
include <other>/Makefile.am.include
2. Implement the Activation::flashWrite in <other>/flash.cpp
Tested: Verified code update still worked.
Change-Id: Ide4d135695dad27e0dc1b5a776a276dfb2ca9aa6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
| |
Change-Id: I807b99cac29ba79b535015bdb9d1a40854596643
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a task forks, it must clean up after its dead children or the system
will have zombie tasks that will ultimately be reparented to init, but
only after the parent dies.
Cleanup can be done in a variety of ways: waitpid, ignoring SIGCHLD, or
forking twice and allowing the grandchild to be reparented to init and
calling waitpid on the child.
Change-Id: Ic48ea583b37e065da34aa4acfd74b6e1b1c2d04f
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
|
|
|
|
|
|
|
|
| |
The previous logic only called close if the file had been opened AND
there was a valid inotify watch handle. Even if there is not a watch
handle, the file should be closed.
Change-Id: I0bfb3a0fac88d5b648790c4e60755e01af6f5bd7
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
|
|
|
|
|
|
|
| |
The are no D-Bus interfaces provided by this service,
so there is no need for it to have a busname.
Change-Id: Iab4f243ec330a2d14e9c92d652f0bbeffc439f38
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Call rsync when the subscribed file or directory is modified or
deleted. Don't create error logs as syncing is used for backup
and does not affect the system's operation. Any errors will be
logged into the journal.
Closes openbmc/openbmc#2918
Change-Id: I2671f0afd2924c15ea883d4d037c641c6e9680b4
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a watch class to monitor the files and directories
specified in the synclist file.
Store the file descriptors and file names in a map to be
able to know the full path of the file that triggered the
event. The watch descriptor number does not change so it
can be a single variable.
Change-Id: I211225ddc012af85d9be39ae5d40b8258d73435d
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Create a new sync manager to handle file sync
operations, such as copying persistent files to the
alternate BMC chip for backup. Make the new sync
manager optional via a compile flag since this function
requires that the system has a second BMC chip.
Change-Id: I2fbf7903d0baaa162e0ce62e8548db2cf2782398
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
Add a function to call the "mirror u-boot" service when the BMC boots.
Since the BMC is booting, we know we had a good u-boot and u-boot
environment, so we can safely copy the current one to the alternate
chip.
Change-Id: Ib628ea4a5fc9ae8d80f1047bddf94eb3fa52cdba
Signed-off-by: Eddie James <eajames@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f9ae45d2f300349bd8d5c8947f16fceb107b602e.
The functional association goes away after activating a new image
(issue openbmc/openbmc#3038). The workaround is to keep the reverse
association names the same for the active and functional ones
until the issue is resolved.
Change-Id: I684c609c44215ce7247f857a6bd78b906902e11b
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.
Change-Id: I2ca3fd16d7cc84fdce63089b47fefb8f128894fd
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Had to add .dirstamp to get the YAML build dirs to
disappear.
Change-Id: Id636f13e89701ee9f94d89fd36e4f2c31f714f51
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 2225fda1dbe6e5fe87c009174d941369ab7e7b3a.
This change causes intermittent issues that haven't been solved.
Reverting for now.
Change-Id: Ie5c9b2700ad715741e4e90a6e7afcdd5c6b095f3
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit e24fd6f7deadddc2867b2c417590da0ff093e5e2.
The code that waits for the service file to complete causes
intermittent issues, so will be reverted.
Change-Id: I830f8a2e4914694889c3626bb67bd1fe422e984d
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 4c3edc911ba880f7643f15679018c436aa94e0aa
The code now blocks until the updateubootvars service completes
(https://gerrit.openbmc-project.xyz/#/c/9418/) so there is no
need to monitor this service anymore.
Tested: Verified that the activation still waits for the env vars
to be upated before completing the activation process:
Apr 06 16:58:07 witherspoon systemd[1]: Started Store read-only images 84fb16be to BMC storage.
Apr 06 16:58:07 witherspoon systemd[1]: Starting Set U-Boot environment variable...
Apr 06 16:58:08 witherspoon systemd[1]: Started Set U-Boot environment variable.
Apr 06 16:58:08 witherspoon systemd[1]: Starting Updates the u-boot variable to point BMC version to 84fb16be...
Apr 06 16:58:11 witherspoon systemd[1]: Started Updates the u-boot variable to point BMC version to 84fb16be.
Apr 06 16:58:11 witherspoon phosphor-image-updater[1919]: BMC activation has ended - BMC reboots are re-enabled.
Change-Id: I6b98c2136948ddd251c4070f697ce1eda66214d6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit, as the title might suggest, delays the return from the
function updateUbootEnvVars() until the called service file completes
running. The reason for this change is because the service file runs
asynchronously, so activation seemingly finishes before the priorities
are actually changed.
This is accomplished by adding a generic function waitForServiceFile()
which waits until the completion of a supplied one-shot service file or
until a timeout is reached.
Resolves openbmc/openbmc#2857
Change-Id: I7c0333f510f8239a0b66cc5a20159c91aa2dbdee
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
Signed-off-by: Saqib Khan <khansa@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Added support to stop the codeupdate only for the fieldmode
enabled systems, for signature validation failures.
Change-Id: Icaea4c7c80eca42a22794bbb67d93b8a95058ab8
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
|
|
|
|
|
|
| |
Resolves openbmc/openbmc#2838
Change-Id: I60b5ca418551d404d29646fd729311adbe81290c
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
|
|
|
|
|
|
|
| |
Reworded cleaning the repo. The old wording did not make sense.
Change-Id: Iade61217337077e7a979732482a7cf155bd16d08
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.
Tested: Built the repo
Change-Id: I4fb378699d436e0c41adf80978f7cdaec12c6404
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|