From 71e7ec145b1a7fb55b7d272c0fc29d5ed81f3bb4 Mon Sep 17 00:00:00 2001 From: "Milton D. Miller II" Date: Wed, 2 Mar 2016 18:28:54 -0600 Subject: init: Add a hook to download files Add a hook to download a read-only file system image file from a URL using TFTP, HTTP, or FTP. The URL is retrieved from a u-boot environment variable unless the file is already in the initramfs image. Only execute this command if the previously established options file has a keyword trigger. Do not even consider the option if a build option flag is not set to y, and allow each protocol to be disabled by simiar build options. This allows one to specify at u-boot commands that would download a read-only file system into memory for execution this boot instead of needing to create a custom initramfs to netboot or specifying debug-init-sh, entering the password, and doing the download from the shell. Note: Access to set u-boot environment variables implys the ability to replace the kernel and initramfs session. Access to the variables and the serial console likely gives full root access to the system at this time. The existing shutdown and update scripts have paths that expose a root shell to the serial port without a prior password challenge. Signed-off-by: Milton Miller --- .../obmc-phosphor-initfs/files/obmc-init.sh | 107 +++++++++++++++++++++ 1 file changed, 107 insertions(+) (limited to 'meta-phosphor/common/recipes-phosphor') diff --git a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh index 814ee07d1..4f24246eb 100644 --- a/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh +++ b/meta-phosphor/common/recipes-phosphor/obmc-phosphor-initfs/files/obmc-init.sh @@ -57,6 +57,58 @@ get_fw_env_var() { strings /run/fw_env | sed -ne "s/^$1=//p" } +setup_resolv() { + runresolv=/run/systemd/resolve/resolv.conf + etcresolv=/etc/resolv.conf + + if test ! -e $etcresolv -a ! -L $etcresolv + then + mkdir -p ${runresolv%/*} + ln -s $runresolv $etcresolv + fi + if test ! -f $runresolv + then + cat /proc/net/pnp > $runresolv + fi + + return 0 +} + +try_tftp() { + # split into tftp:// host:port/ path/on/remote + # then spilt off / and then :port from the end of host:port/ + # and : from the beginning of port + + rest="${1#tftp://}" + path=${rest#*/} + host=${rest%$path} + host="${host%/}" + port="${host#${host%:*}}" + host="${host%$port}" + port="${port#:}" + + setup_resolv + + if test -z "$host" -o -z "$path" + then + debug_takeover "Invalid tftp download url '$url'." + elif echo "Downloading '$url' from $host ..." && + ! tftp -g -r "$path" -l /run/image-rofs "$host" ${port+"$port"} + then + debug_takeover "Download of '$url' failed." + fi +} + +try_wget() { + setup_resolv + + echo "Downloading '$1' ..." + if ! wget -O /run/image-rofs "$1" + then + debug_takeover "Download of '$url' failed." + fi +} + debug_takeover() { echo "$@" test -n "$@" && echo Enter password to try to manually fix. @@ -101,6 +153,10 @@ rwdev=/dev/mtdblock${rwfs#mtd} # Set to y for yes, anything else for no. force_rwfst_jffs2=y flash_images_before_init=n +consider_download_files=y +consider_download_tftp=y +consider_download_http=y +consider_download_ftp=y rofst=squashfs rwfst=$(probe_fs_type $rwdev) @@ -115,6 +171,7 @@ fsckbase=/sbin/fsck. fsck=$fsckbase$rwfst fsckopts=-a optfile=/run/initramfs/init-options +urlfile=/run/initramfs/init-download-url update=/run/initramfs/update if test -e /${optfile##*/} @@ -136,6 +193,56 @@ then debug_takeover "Debug initial shell requested by command line." fi +if test "x$consider_download_files" = xy && + grep -w openbmc-init-download-files $optfile +then + if test -f ${urlfile##*/} + then + cp ${urlfile##*/} $urlfile + fi + if test ! -f $urlfile + then + get_fw_env_var openbmcinitdownloadurl > $urlfile + fi + url="$(cat $urlfile)" + rest="${url#*://}" + proto="${url%$rest}" + + if test -z "$url" + then + echo "Download url empty. Ignoring download request." + elif test -z "$proto" + then + echo "Download failed." + elif test "$proto" = tftp:// + then + if test "x$consider_download_tftp" = xy + then + try_tftp "$url" + else + echo "Download failed." + fi + elif test "$proto" = http:// + then + if test "x$consider_download_http" = xy + then + try_wget "$url" + else + echo "Download failed." + fi + elif test "$proto" = ftp:// + then + if test "x$consider_download_ftp" = xy + then + try_wget "$url" + else + echo "Download failed." + fi + else + echo "Download failed." + fi +fi + # If there are images in root move them to /run/initramfs/ or /run/ now. imagebasename=${image##*/} if test -n "${imagebasename}" && ls /${imagebasename}* > /dev/null 2>&1 -- cgit v1.2.1